Merge pull request #139 from salesforcecli/phale/W-8857752

fix: add proxy support for got

Author: maggiben

.mocharc.json

@@ -3,5 +3,5 @@
   "watch-extensions": "ts",
   "recursive": true,
   "reporter": "spec",
-  "timeout": 10000
+  "timeout": 20000
 }

package.json

@@ -13,6 +13,7 @@
     "@salesforce/core": "^2.15.2",
     "@salesforce/kit": "^1.3.3",
     "@salesforce/ts-types": "^1.4.3",
+    "agent-base": "^6.0.2",
     "aws-sdk": "^2.782.0",
     "chalk": "^4.1.0",
     "cli-ux": "^5.5.1",
@@ -22,6 +23,8 @@
     "fast-glob": "^3.2.5",
     "glob": "^7.1.6",
     "got": "^11.8.0",
+    "proxy-agent": "^4.0.1",
+    "proxy-from-env": "^1.1.0",
     "shelljs": "^0.8.4",
     "standard-version": "^9.0.0",
     "tslib": "^2"
@@ -30,11 +33,11 @@
     "@oclif/dev-cli": "^1",
     "@oclif/plugin-command-snapshot": "^2.0.0",
     "@salesforce/cli-plugins-testkit": "^0.0.25",
-    "@salesforce/dev-config": "^2.1.0",
-    "@salesforce/dev-scripts": "0.9.1",
+    "@salesforce/dev-config": "^2.1.2",
+    "@salesforce/dev-scripts": "^0.9.11",
     "@salesforce/plugin-command-reference": "^1.3.0",
     "@salesforce/prettier-config": "^0.0.2",
-    "@salesforce/ts-sinon": "1.3.5",
+    "@salesforce/ts-sinon": "1.3.12",
     "@types/conventional-changelog-preset-loader": "^2.3.1",
     "@types/conventional-commits-parser": "^3.0.1",
     "@types/shelljs": "^0.8.8",
@@ -45,9 +48,9 @@
     "cz-conventional-changelog": "^3.2.0",
     "eslint": "^6.8.0",
     "eslint-config-prettier": "^6.11.0",
-    "eslint-config-salesforce": "^0.1.0",
-    "eslint-config-salesforce-license": "^0.1.0",
-    "eslint-config-salesforce-typescript": "^0.2.0",
+    "eslint-config-salesforce": "^0.1.6",
+    "eslint-config-salesforce-license": "^0.1.6",
+    "eslint-config-salesforce-typescript": "^0.2.7",
     "eslint-plugin-header": "^3.0.0",
     "eslint-plugin-import": "^2.20.2",
     "eslint-plugin-jsdoc": "^27.0.3",

src/codeSigning/packAndSign.ts

@@ -12,12 +12,18 @@ import { exec } from 'child_process';
 import { EOL } from 'os';
 import { basename, join as pathJoin } from 'path';
 import { sep as pathSep } from 'path';
+// import { URL } from 'url';
 import { Readable } from 'stream';
 import { copyFile, createReadStream } from 'fs';
-import * as https from 'https';
+import { Agent } from 'https';
+import got, { Agents, RequestError } from 'got';
 import { UX } from '@salesforce/command';
 import { fs, Logger } from '@salesforce/core';
 import { NamedError } from '@salesforce/kit';
+import * as ProxyAgent from 'proxy-agent';
+import { getProxyForUrl } from 'proxy-from-env';
+
+// import { AgentOptions } from 'agent-base';
 import {
   CodeSignInfo,
   CodeVerifierInfo,
@@ -166,35 +172,36 @@ export const api = {
    * @param publicKeyUrl - url for the public key
    */
   verify(tarGzStream: Readable, sigFilenameStream: Readable, publicKeyUrl: string): Promise<boolean> {
-    return new Promise<boolean>((resolve, reject) => {
+    return new Promise<boolean>((resolve) => {
       const verifyInfo = new CodeVerifierInfo();
       verifyInfo.dataToVerify = tarGzStream;
       verifyInfo.signatureStream = sigFilenameStream;
 
-      const req = https.get(publicKeyUrl, { agent: false });
-
-      req.on('response', (response) => {
-        if (response && response.statusCode === 200) {
-          verifyInfo.publicKeyStream = response;
-          return resolve(verify(verifyInfo));
-        } else {
-          const statusCode: number = response.statusCode;
-          return reject(
-            new NamedError(
-              'RetrievePublicKeyFailed',
-              `Couldn't retrieve public key at url: ${publicKeyUrl} error code: ${statusCode}`
-            )
-          );
-        }
-      });
-
-      req.on('error', (err: Error) => {
-        if (err && err['code'] === 'DEPTH_ZERO_SELF_SIGNED_CERT') {
-          reject(new SignSignedCertError());
-        } else {
-          reject(err);
-        }
-      });
+      return resolve(
+        (async (): Promise<boolean> => {
+          try {
+            const agent = api.getAgentForUri(publicKeyUrl);
+            const response = await got.get(publicKeyUrl, { agent });
+            if (response && response.statusCode === 200) {
+              verifyInfo.publicKeyStream = Readable.from([response.body]);
+              return await verify(verifyInfo);
+            } else {
+              const statusCode: number = response.statusCode;
+              throw new NamedError(
+                'RetrievePublicKeyFailed',
+                `Couldn't retrieve public key at url: ${publicKeyUrl} error code: ${statusCode}`
+              );
+            }
+          } catch (err) {
+            const error = err as RequestError;
+            if (error && error.code === 'DEPTH_ZERO_SELF_SIGNED_CERT') {
+              throw new SignSignedCertError();
+            } else {
+              throw err;
+            }
+          }
+        })()
+      );
     });
   },
 
@@ -454,4 +461,11 @@ export const api = {
       }
     }
   },
+
+  getAgentForUri(url: string): false | Agents {
+    // eslint-disable-next-line @typescript-eslint/no-unsafe-call
+    const proxyUrl: string = getProxyForUrl(url) as string;
+    const agent = ProxyAgent(proxyUrl) as Agent;
+    return { https: agent, http: agent };
+  },
 };

src/commands/circleci/envvar/update.ts

@@ -13,6 +13,7 @@ import { isArray, isString, Dictionary, AnyJson, getArray } from '@salesforce/ts
 import { env } from '@salesforce/kit';
 import got, { Response } from 'got';
 import { green, red, bold, cyan, yellow } from 'chalk';
+import { api } from '../../../codeSigning/packAndSign';
 
 Messages.importMessagesDirectory(__dirname);
 const messages = Messages.loadMessages('@salesforce/plugin-release-management', 'circleci');
@@ -99,7 +100,9 @@ export default class CircelCIEnvvarUpdate extends SfdxCommand {
     let response: Response<string>;
 
     try {
-      response = await got.get<string>(`${URL_BASE}/${slug}/envvar`, { headers: this.headers });
+      const url = `${URL_BASE}/${slug}/envvar`;
+      const agent = api.getAgentForUri(url);
+      response = await got.get<string>(url, { headers: this.headers, agent });
     } catch (err) {
       const error = err as SfdxError;
       return `${error.message}. Skipping...`;
@@ -148,8 +151,11 @@ export default class CircelCIEnvvarUpdate extends SfdxCommand {
     if (!this.flags.dryrun) {
       try {
         // First remove the old envvar
-        await got.delete(`${envvarUrl}/${name}`, { headers: this.headers });
+        const url = `${envvarUrl}/${name}`;
+        let agent = api.getAgentForUri(url);
+        await got.delete(url, { headers: this.headers, agent });
 
+        agent = api.getAgentForUri(`${envvarUrl}`);
         await got.post(`${envvarUrl}`, {
           headers: this.headers,
           json: { name, value },

src/repositories.ts

@@ -6,6 +6,7 @@
  */
 
 import got from 'got';
+import { api } from './codeSigning/packAndSign';
 
 const KNOWN_REPOSITORIES_URL = 'https://raw.githubusercontent.com/salesforcecli/status/main/repositories.json';
 const PACKAGE_REGISTRY_BASE_URL = 'https://www.npmjs.com/package';
@@ -33,7 +34,8 @@ export type RepositoryInfo = {
  * Get a list of known tooling repositories that include Salesforce CLI plugins, libraries, and orbs.
  */
 export const retrieveKnownRepositories = async (): Promise<RepositoryInfo[]> => {
-  const response = await got.get(KNOWN_REPOSITORIES_URL);
+  const agent = api.getAgentForUri(KNOWN_REPOSITORIES_URL);
+  const response = await got.get(KNOWN_REPOSITORIES_URL, { agent });
   const repositories = JSON.parse(response.body) as SourceRepositoryDefinition[];
 
   return repositories.map((repository) => {

test/codeSigning/packAndSign.test.ts

@@ -10,47 +10,35 @@
 /* eslint-disable camelcase */
 
 import child_process = require('child_process');
-import * as events from 'events';
 import { EOL } from 'os';
 import { join } from 'path';
 import { Readable } from 'stream';
 import * as fs from 'fs';
-import * as https from 'https';
 import { core, UX } from '@salesforce/command';
 import { fs as fscore } from '@salesforce/core';
 import { expect } from 'chai';
 import { testSetup } from '@salesforce/core/lib/testSetup';
 import { stubMethod } from '@salesforce/ts-sinon';
+import got from 'got';
 import { SigningResponse } from '../../src/codeSigning/packAndSign';
 import { CERTIFICATE, PRIVATE_KEY, TEST_DATA } from './testCert';
 
 const $$ = testSetup();
 
 const _getCertResponse = (path: string, e?: Error, statusCode?: number) => {
-  const response = new Readable({
-    read() {
-      this.push(CERTIFICATE);
-      this.push(null);
-    },
-  });
+  const response = {};
+  (response as any).body = CERTIFICATE;
 
   if (statusCode) {
     (response as any).statusCode = statusCode;
   } else {
     (response as any).statusCode = 200;
   }
 
-  const requestEmitter = new events.EventEmitter();
-
-  process.nextTick(() => {
-    if (e) {
-      requestEmitter.emit('error', e);
-    } else {
-      requestEmitter.emit('response', response);
-    }
-  });
-
-  return requestEmitter;
+  if (e) {
+    throw e;
+  }
+  return response;
 };
 
 let packAndSignApi: any;
@@ -61,6 +49,10 @@ describe('doPackAndSign', () => {
   before(() => {
     let signature: string;
 
+    stubMethod($$.SANDBOX, got, 'get').callsFake(async (path: string) => {
+      return _getCertResponse(path);
+    });
+
     $$.SANDBOX.stub(console, 'log');
     $$.SANDBOX.stub(console, 'info');
 
@@ -105,10 +97,6 @@ describe('doPackAndSign', () => {
       cb(null, `foo.tgz${EOL}`);
     });
 
-    stubMethod($$.SANDBOX, https, 'get').callsFake((path: any) => {
-      return _getCertResponse(path);
-    });
-
     packAndSignApi = require('../../src/codeSigning/packAndSign').api;
   });
 
@@ -223,7 +211,7 @@ describe('packAndSign Tests', () => {
   describe('verify', () => {
     it('verify flow - false', () => {
       let url: string;
-      stubMethod($$.SANDBOX, https, 'get').callsFake((_url: string) => {
+      stubMethod($$.SANDBOX, got, 'get').callsFake(async (_url: string) => {
         url = _url;
         return _getCertResponse(_url);
       });
@@ -246,14 +234,14 @@ describe('packAndSign Tests', () => {
         packAndSignApi = require('../../src/codeSigning/packAndSign').api;
       }
 
-      return packAndSignApi.verify(tarGz, signature, 'baz').then((authentic: boolean) => {
+      return packAndSignApi.verify(tarGz, signature, 'https://baz').then((authentic: boolean) => {
         expect(authentic).to.be.equal(false);
-        expect(url).to.be.equal('baz');
+        expect(url).to.be.equal('https://baz');
       });
     });
 
     it('verify flow - self signed', () => {
-      stubMethod($$.SANDBOX, https, 'get').callsFake((_url: string) => {
+      stubMethod($$.SANDBOX, got, 'get').callsFake(async (_url: string) => {
         const e: any = new Error();
         e.code = 'DEPTH_ZERO_SELF_SIGNED_CERT';
         return _getCertResponse(_url, e);
@@ -278,7 +266,7 @@ describe('packAndSign Tests', () => {
       }
 
       return packAndSignApi
-        .verify(tarGz, signature, 'baz')
+        .verify(tarGz, signature, 'https://baz.com')
         .then(() => {
           throw new Error('This should never happen');
         })
@@ -288,7 +276,7 @@ describe('packAndSign Tests', () => {
     });
 
     it('verify flow - http 500', () => {
-      stubMethod($$.SANDBOX, https, 'get').callsFake((_url: string) => {
+      stubMethod($$.SANDBOX, got, 'get').callsFake((_url: string) => {
         return _getCertResponse(_url, undefined, 500);
       });
 
@@ -311,7 +299,7 @@ describe('packAndSign Tests', () => {
       }
 
       return packAndSignApi
-        .verify(tarGz, signature, 'baz')
+        .verify(tarGz, signature, 'https://baz')
         .then(() => {
           throw new Error('This should never happen');
         })
@@ -341,4 +329,12 @@ describe('packAndSign Tests', () => {
       expect(packAndSignApi.validateNpmIgnorePatterns('*.tgz*.sigpackage.json.bak')).to.be.equal(undefined);
     });
   });
+
+  // minimal test since the function getAgentForUrl delegates to proxy-agent module
+  describe('getAgentForUri', () => {
+    it('should always return an agent', () => {
+      const agents = packAndSignApi.getAgentForUri('https://somewhere.com');
+      expect(agents).to.be.ok;
+    });
+  });
 });

tsconfig.json

@@ -2,9 +2,8 @@
   "extends": "@salesforce/dev-config/tsconfig",
   "compilerOptions": {
     "outDir": "lib",
-    "rootDir": "src"
+    "rootDir": "src",
+    "allowSyntheticDefaultImports": true
   },
-  "include": [
-    "./src/**/*.ts"
-  ]
+  "include": ["./src/**/*.ts"]
 }