Use proxy_options to call httpc

MarcialRosales · MarcialRosales · commit baa36afa35f2 · 2024-12-02T08:05:37.000+01:00
diff --git a/deps/oauth2_client/include/types.hrl b/deps/oauth2_client/include/types.hrl
@@ -21,7 +21,9 @@
 -type openid_configuration() :: #openid_configuration{}.
 
 -record(proxy_options, {
-    proxy :: uri_string:uri_string(),
+    https :: boolean(),
+    hostname :: uri_string:uri_string(),
+    port :: integer(),
     username :: option(string() | binary()),
     password :: option(string() | binary())
 }).
diff --git a/deps/oauth2_client/src/oauth2_client.erl b/deps/oauth2_client/src/oauth2_client.erl
@@ -13,7 +13,8 @@
         merge_openid_configuration/2,
         merge_oauth_provider/2,
         extract_ssl_options_as_list/1,
-        format_ssl_options/1, format_oauth_provider/1, format_oauth_provider_id/1
+        format_ssl_options/1, format_oauth_provider/1, format_oauth_provider_id/1,
+        extract_proxy_options_from_url/1
         ]).
 
 -include("oauth2_client.hrl").
@@ -29,8 +30,9 @@ get_access_token(OAuthProvider, Request) ->
     Type = ?CONTENT_URLENCODED,
     Body = build_access_token_request_body(Request),
     HTTPOptions = get_ssl_options_if_any(OAuthProvider) ++
-        get_timeout_of_default(Request#access_token_request.timeout),
-    Options = [],
+        get_timeout_of_default(Request#access_token_request.timeout) ++ 
+        get_proxy_auth_if_any(OAuthProvider#oauth_provider.proxy_options),
+    Options = get_proxy_if_any(OAuthProvider#oauth_provider.proxy_options),
     Response = httpc:request(post, {URL, Header, Type, Body}, HTTPOptions, Options),
     parse_access_token_response(Response).
 
@@ -43,8 +45,9 @@ refresh_access_token(OAuthProvider, Request) ->
     Type = ?CONTENT_URLENCODED,
     Body = build_refresh_token_request_body(Request),
     HTTPOptions = get_ssl_options_if_any(OAuthProvider) ++
-        get_timeout_of_default(Request#refresh_token_request.timeout),
-    Options = [],
+        get_timeout_of_default(Request#refresh_token_request.timeout) ++ 
+        get_proxy_auth_if_any(OAuthProvider#oauth_provider.proxy_options),
+    Options = get_proxy_if_any(OAuthProvider#oauth_provider.proxy_options),
     Response = httpc:request(post, {URL, Header, Type, Body}, HTTPOptions, Options),
     parse_access_token_response(Response).
 
@@ -96,11 +99,12 @@ drop_trailing_path_separator(Path) when is_list(Path) ->
 -spec get_openid_configuration(DiscoveryEndpoint :: uri_string:uri_string(),
     ssl:tls_option() | [], proxy_options() | undefined) -> 
         {ok, openid_configuration()} | {error, term()}.
-get_openid_configuration(DiscoverEndpoint, TLSOptions, _ProxyOptions) ->    
+get_openid_configuration(DiscoverEndpoint, TLSOptions, ProxyOptions) ->    
     rabbit_log:debug("get_openid_configuration from ~p (~p)", [DiscoverEndpoint,
         format_ssl_options(TLSOptions)]),
-    Options = [],
-    Response = httpc:request(get, {DiscoverEndpoint, []}, TLSOptions, Options),
+    Options = get_proxy_if_any(ProxyOptions),
+    Response = httpc:request(get, {DiscoverEndpoint, []},
+        TLSOptions ++ get_proxy_auth_if_any(ProxyOptions), Options),
     parse_openid_configuration_response(Response).
 
 -spec merge_openid_configuration(openid_configuration(), oauth_provider()) ->
@@ -401,13 +405,28 @@ lookup_root_oauth_provider() ->
         proxy_options = extract_proxy_options(Map)
     }.
 
--spec extract_proxy_options(#{atom() => any()}|list()) -> proxy_options().
+-spec extract_proxy_options_from_url(list()|binary()) -> proxy_options().
+extract_proxy_options_from_url(URL) when is_binary(URL) ->
+    extract_proxy_options_from_url(binary_to_list(URL));
+extract_proxy_options_from_url(URL) when is_list(URL) ->
+    Parsed = uri_string:parse(URL),
+    #proxy_options{
+        https = 
+            case maps:get("scheme", Parsed, "http") of 
+                "http" -> false;
+                "https" -> true
+            end,
+        hostname = maps:get("host", Parsed, undefined),
+        port = maps:get("port", Parsed, undefined)
+    }.
+        
+-spec extract_proxy_options(#{atom() => any()}|list()) -> proxy_options() | undefined.
 extract_proxy_options(List) when is_list(List) ->
     case proplists:get_value(proxy, List, undefined) of 
         undefined -> undefined;
         URL -> 
-            #proxy_options{
-                proxy = URL,
+            Options = extract_proxy_options_from_url(URL),
+            Options#proxy_options{
                 username = proplists:get_value(proxy_username, List, undefined),
                 password = proplists:get_value(proxy_password, List, undefined)
             }
@@ -416,8 +435,8 @@ extract_proxy_options(Map) ->
     case maps:get(proxy, Map, undefined) of
         undefined -> undefined;
         URL -> 
-            #proxy_options{
-                proxy = URL,
+            Options = extract_proxy_options_from_url(URL),            
+            Options#proxy_options{
                 username = maps:get(proxy_username, Map, undefined),
                 password = maps:get(proxy_password, Map, undefined)
             }
@@ -559,6 +578,30 @@ get_timeout_of_default(Timeout) ->
         Timeout -> [{timeout, Timeout}]
     end.
 
+get_proxy_if_any(ProxyOptions) ->
+    case ProxyOptions of
+        undefined -> 
+            []; 
+        Proxy -> 
+            P = {Proxy#proxy_options.hostname, Proxy#proxy_options.port},
+            case Proxy#proxy_options.https of 
+                true -> [{https_proxy, P}];
+                false -> [{proxy, P}]
+            end
+    end.
+
+get_proxy_auth_if_any(ProxyOptions) ->
+    case ProxyOptions of
+        undefined -> 
+            []; 
+        Proxy -> 
+            case {Proxy#proxy_options.username, Proxy#proxy_options.password} of 
+                {undefined, _} -> [];
+                {_, undefined} -> [];
+                {_, _} = Auth -> [{proxy_auth, Auth}]
+            end
+    end.
+
 is_json(?CONTENT_JSON) -> true;
 is_json(_) -> false.
 
@@ -654,14 +697,16 @@ format_ssl_options(TlsOptions) ->
         proplists:get_value(cacertfile, TlsOptions),
         CaCertsCount])).
 
--spec format_proxy_options(proxy_options()) -> string().
+-spec format_proxy_options(proxy_options()|undefined) -> string().
 format_proxy_options(undefined) ->
     lists:flatten(io_lib:format("{no proxy}", []));
 
 format_proxy_options(ProxyOptions) ->
-    lists:flatten(io_lib:format("{proxy: ~p, username: ~p, " ++
+    lists:flatten(io_lib:format("{https: ~p, hostname: ~p, port: ~p, username: ~p, " ++
         "password: ~p }", [
-        ProxyOptions#proxy_options.proxy,
+        ProxyOptions#proxy_options.https,
+        ProxyOptions#proxy_options.hostname,
+        ProxyOptions#proxy_options.port,
         ProxyOptions#proxy_options.username,
         ProxyOptions#proxy_options.password])).
 
diff --git a/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_provider_SUITE.erl b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_provider_SUITE.erl
@@ -68,6 +68,9 @@ verify_provider() -> [
     ]}, 
     {oauth_provider_with_proxy, [], [
         get_oauth_provider_has_proxy
+    ]},
+    {oauth_provider_with_https_proxy, [], [
+        get_oauth_provider_has_https_proxy
     ]}
 ].
 
@@ -154,7 +157,7 @@ init_per_group(with_resource_server_id, Config) ->
 
 init_per_group(oauth_provider_with_proxy, Config) ->
     Proxy = [
-        {proxy, build_url_to_oauth_provider(<<"/">>)},
+        {proxy, "http://idp:8080"},
         {proxy_username, <<"user1">>},
         {proxy_password, <<"pwd1">>}
     ],
@@ -167,7 +170,30 @@ init_per_group(oauth_provider_with_proxy, Config) ->
             OAuthProvider = maps:get(Id, OAuthProviders, []),
             set_env(oauth_providers, maps:put(Id, Proxy ++ OAuthProvider, OAuthProviders))
     end,
-    Proxy ++ Config;
+    [{proxy_hostname, "idp"},
+     {proxy_port, 8080}, 
+     {proxy_username, <<"user1">>},
+     {proxy_password, <<"pwd1">>}] ++ Config;
+
+init_per_group(oauth_provider_with_https_proxy, Config) ->
+    Proxy = [
+        {proxy, "https://idp:8843"},
+        {proxy_username, <<"user1">>},
+        {proxy_password, <<"pwd1">>}
+    ],
+    case ?config(oauth_provider_id, Config) of 
+        root -> 
+            KeyConfig = get_env(key_config, []),
+            set_env(key_config, KeyConfig ++ Proxy);
+        Id -> 
+            OAuthProviders = get_env(oauth_providers, #{}),
+            OAuthProvider = maps:get(Id, OAuthProviders, []),
+            set_env(oauth_providers, maps:put(Id, Proxy ++ OAuthProvider, OAuthProviders))
+    end,
+    [{proxy_hostname, "idp"},
+     {proxy_port, 8843}, 
+     {proxy_username, <<"user1">>},
+     {proxy_password, <<"pwd1">>}] ++ Config;
 
 init_per_group(with_algorithms, Config) ->
     KeyConfig = get_env(key_config, []),
@@ -222,6 +248,8 @@ end_per_group(oauth_provider_with_proxy, Config) ->
             unset_oauth_provider_properties(Id, [proxy, proxy_username, proxy_password])
     end,
     Config;
+end_per_group(oauth_provider_with_https_proxy, Config) ->
+    end_per_group(oauth_provider_with_proxy, Config);
 
 end_per_group(with_root_static_signing_keys, Config) ->
     KeyConfig = call_get_env(Config, key_config, []),
@@ -448,9 +476,40 @@ get_oauth_provider_has_proxy(Config) ->
         ?config(oauth_provider_id, Config), [jwks_uri]),    
     ct:log("key_config: ~p",
         [ application:get_all_env(rabbitmq_auth_backend_oauth2)]),
+    ct:log("oauthprovider: ~p", [OAuthProvider]),
+    ?assertEqual(false, 
+        OAuthProvider#oauth_provider.proxy_options#proxy_options.https),
+
+    ct:log("Parsed : ~p", [uri_string:parse("http://idp:8080")]),
 
-    ?assertEqual(?config(proxy, Config), 
-        OAuthProvider#oauth_provider.proxy_options#proxy_options.proxy),
+    Options = oauth2_client:extract_proxy_options_from_url("http://idp:8080"),
+    ct:log("Options1: ~p", [Options]),
+    Options2 = oauth2_client:extract_proxy_options_from_url(<<"http://idp:8080">>),
+    ct:log("Options2: ~p", [Options2]),
+
+    ?assertEqual(?config(proxy_port, Config), 
+        OAuthProvider#oauth_provider.proxy_options#proxy_options.port),
+    ?assertEqual(?config(proxy_hostname, Config), 
+        OAuthProvider#oauth_provider.proxy_options#proxy_options.hostname),
+    ?assertEqual(?config(proxy_username, Config), 
+        OAuthProvider#oauth_provider.proxy_options#proxy_options.username),
+    ?assertEqual(?config(proxy_password, Config), 
+        OAuthProvider#oauth_provider.proxy_options#proxy_options.password).
+
+
+get_oauth_provider_has_https_proxy(Config) ->
+    {ok, OAuthProvider} = get_oauth_provider(
+        ?config(oauth_provider_id, Config), [jwks_uri]),    
+    ct:log("key_config: ~p",
+        [ application:get_all_env(rabbitmq_auth_backend_oauth2)]),
+    ct:log("oauthprovider: ~p", [OAuthProvider]),
+    ?assertEqual(true, 
+        OAuthProvider#oauth_provider.proxy_options#proxy_options.https),
+
+    ?assertEqual(?config(proxy_port, Config), 
+        OAuthProvider#oauth_provider.proxy_options#proxy_options.port),
+    ?assertEqual(?config(proxy_hostname, Config), 
+        OAuthProvider#oauth_provider.proxy_options#proxy_options.hostname),
     ?assertEqual(?config(proxy_username, Config), 
         OAuthProvider#oauth_provider.proxy_options#proxy_options.username),
     ?assertEqual(?config(proxy_password, Config), 
