feat: add proxy support MONGOSH-1827 (#2123)

This PR mostly just adds tests on top of the work done in devtools-shared.

Author: addaleax

package-lock.json

@@ -40,7 +40,7 @@
     "mongodb-connection-string-url": "^3.0.1"
   },
   "devDependencies": {
-    "@mongodb-js/devtools-connect": "^3.2.2",
+    "@mongodb-js/devtools-connect": "^3.2.4",
     "@mongodb-js/eslint-config-mongosh": "^1.0.0",
     "@mongodb-js/prettier-config-devtools": "^1.0.1",
     "@mongodb-js/tsconfig-mongosh": "^1.0.0",

packages/arg-parser/package.json

@@ -17,5 +17,6 @@ ignores:
  - emphasize
  - ipv6-normalize
  - bindings
+ - system-ca
 ignore-patterns:
- - .eslintrc.js
+ - .eslintrc.js

packages/cli-repl/.depcheckrc

@@ -61,6 +61,7 @@
     }
   },
   "dependencies": {
+    "@mongodb-js/devtools-proxy-support": "^0.3.4",
     "@mongosh/arg-parser": "0.0.0-dev.0",
     "@mongosh/autocomplete": "0.0.0-dev.0",
     "@mongosh/editor": "0.0.0-dev.0",
@@ -87,7 +88,6 @@
     "mongodb-log-writer": "^1.4.2",
     "numeral": "^2.0.6",
     "pretty-repl": "^4.0.1",
-    "proxy-agent": "^6.4.0",
     "semver": "^7.5.4",
     "strip-ansi": "^6.0.0",
     "text-table": "^0.2.0",

packages/cli-repl/package.json

@@ -1174,24 +1174,10 @@ export class CliRepl implements MongoshIOProvider {
           )}\nWaiting...\n`
       );
     };
-    if (process.env.MONGOSH_EXPERIMENTAL_OIDC_PROXY_SUPPORT) {
-      const ProxyAgent = (await import('proxy-agent')).ProxyAgent;
-      const tlsCAFile =
-        driverOptions.tlsCAFile ??
-        new ConnectionString(driverUri)
-          .typedSearchParams<DevtoolsConnectOptions>()
-          .get('tlsCAFile');
-      const ca = tlsCAFile ? await fs.readFile(tlsCAFile) : undefined;
-      driverOptions.oidc.customHttpOptions = (_url, opts) => {
-        if (ca && !opts.ca) {
-          opts = { ...opts, ca };
-        }
-        return {
-          ...opts,
-          agent: new ProxyAgent({ ...opts }),
-        };
-      };
-    }
+    driverOptions.proxy ??= {
+      useEnvironmentVariableProxies: true,
+    };
+    driverOptions.applyProxyToOIDC ??= true;
 
     const [redirectURI, trustedEndpoints, browser] = await Promise.all([
       this.getConfig('oidcRedirectURI'),

packages/cli-repl/src/cli-repl.ts

@@ -31,6 +31,7 @@ import net from 'net';
 import v8 from 'v8';
 import { TimingCategories } from '@mongosh/types';
 import './webpack-self-inspection';
+import { systemCA } from '@mongodb-js/devtools-proxy-support';
 
 // TS does not yet have type definitions for v8.startupSnapshot
 if ((v8 as any)?.startupSnapshot?.isBuildingSnapshot?.()) {
@@ -41,6 +42,7 @@ if ((v8 as any)?.startupSnapshot?.isBuildingSnapshot?.()) {
   require('emphasize'); // Dependency of pretty-repl
   require('ipv6-normalize'); // Dependency of devtools-connect via os-dns-native
   require('bindings'); // Used by various native dependencies but not a native dep itself
+  require('system-ca'); // Dependency of devtools-proxy-support
 
   {
     const console = require('console');
@@ -195,6 +197,11 @@ async function main() {
       }
     }
 
+    markTime(TimingCategories.Main, 'scheduling system-ca loading');
+    // asynchronously populate the system CA cache in devtools-proxy-support
+    systemCA().catch(() => undefined);
+    markTime(TimingCategories.Main, 'scheduled system-ca loading');
+
     const connectionInfo = generateConnectionInfoFromCliArgs(options);
     connectionInfo.driverOptions = {
       ...connectionInfo.driverOptions,

packages/cli-repl/src/run.ts

@@ -39,6 +39,7 @@
     "@types/chai-as-promised": "^7.1.3",
     "@types/node": "^14.14.6",
     "@types/rimraf": "^3.0.0",
+    "bson": "^6.7.0",
     "chai-as-promised": "^7.1.1",
     "depcheck": "^1.4.3",
     "eslint": "^7.25.0",

packages/e2e-tests/package.json

@@ -11,6 +11,11 @@ import path from 'path';
 import { expect } from 'chai';
 import { createServer as createHTTPSServer } from 'https';
 import { getCertPath, useTmpdir } from './repl-helpers';
+import {
+  baseOidcServerConfig,
+  commonOidcServerArgs,
+  skipOIDCTestsDueToPlatformOrServerVersion,
+} from './oidc-helpers';
 
 /**
  * @securityTest OIDC Authentication End-to-End Tests
@@ -47,17 +52,10 @@ describe('OIDC auth e2e', function () {
   skipIfEnvServerVersion('< 7.0');
 
   before(async function () {
-    if (
-      process.platform !== 'linux' ||
-      !process.env.MONGOSH_SERVER_TEST_VERSION ||
-      !process.env.MONGOSH_SERVER_TEST_VERSION.includes('-enterprise') ||
-      +process.version.slice(1).split('.')[0] < 16
-    ) {
+    if (skipOIDCTestsDueToPlatformOrServerVersion()) {
       // OIDC is only supported on Linux in the 7.0+ enterprise server,
       // and we can't skip based on the dynamically detected server version because
       // the OIDC config is something that needs to be available at server startup time.
-      // Our mock OIDC provider does not work with Node.js 14, so we also need to skip
-      // tests there.
       return this.skip();
     }
 
@@ -87,19 +85,8 @@ describe('OIDC auth e2e', function () {
     ]);
     const serverOidcConfig = {
       issuer: oidcMockProvider.issuer,
-      clientId: 'testServer',
-      requestScopes: ['mongodbGroups'],
-      authorizationClaim: 'groups',
-      audience: 'resource-server-audience-value',
-      authNamePrefix: 'dev',
+      ...baseOidcServerConfig,
     };
-    const commonOidcServerArgs = [
-      '--setParameter',
-      'authenticationMechanisms=SCRAM-SHA-256,MONGODB-OIDC',
-      // enableTestCommands allows using http:// issuers such as http://localhost
-      '--setParameter',
-      'enableTestCommands=true',
-    ];
     testServer = new MongoRunnerSetup('e2e-oidc-test1', {
       args: [
         '--setParameter',