Allow server plugin to talk to https services. Option for skipping tls verification (#2103)

* Allow server plugin to talk to https services. Option for skipping tls verification * Rename TlsVerify to TLSVerify * Server plugin should use default http transport when scheme is not https
2024-11-01 22:31:29 +08:00 · 2020-12-03 06:36:14 +00:00 · 2020-12-03 06:36:14 +00:00 · 0ab055e946
commit 0ab055e946
parent fca59c71e2
3 changed files with 37 additions and 13 deletions
--- a/doc/server_plugin.md
+++ b/doc/server_plugin.md
@ -209,9 +209,10 @@ path = /handler
 ops = NewProxy
 ```

-addr: the address where the external RPC service listens on.
-path: http request url path for the POST request.
-ops: operations plugin needs to handle (e.g. "Login", "NewProxy", ...).
+- addr: the address where the external RPC service listens. Defaults to http. For https, specify the schema: `addr = https://127.0.0.1:9001`.
+- path: http request url path for the POST request.
+- ops: operations plugin needs to handle (e.g. "Login", "NewProxy", ...).
+- tls_verify: When the schema is https, we verify by default. Set this value to false if you want to skip verification.

 ### Metadata

--- a/pkg/config/server_common.go
+++ b/pkg/config/server_common.go
@ -458,11 +458,16 @@ func UnmarshalPluginsFromIni(sections ini.File, cfg *ServerCommonConf) {
 	for name, section := range sections {
 		if strings.HasPrefix(name, "plugin.") {
 			name = strings.TrimSpace(strings.TrimPrefix(name, "plugin."))
+			var tls_verify, err = strconv.ParseBool(section["tls_verify"])
+			if err != nil {
+				tls_verify = true
+			}
 			options := plugin.HTTPPluginOptions{
-				Name: name,
-				Addr: section["addr"],
-				Path: section["path"],
-				Ops:  strings.Split(section["ops"], ","),
+				Name:      name,
+				Addr:      section["addr"],
+				Path:      section["path"],
+				Ops:       strings.Split(section["ops"], ","),
+				TLSVerify: tls_verify,
 			}
 			for i := range options.Ops {
 				options.Ops[i] = strings.TrimSpace(options.Ops[i])
--- a/pkg/plugin/server/http.go
+++ b/pkg/plugin/server/http.go
@ -17,19 +17,22 @@ package plugin
 import (
 	"bytes"
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"net/url"
 	"reflect"
+	"strings"
 )

 type HTTPPluginOptions struct {
-	Name string
-	Addr string
-	Path string
-	Ops  []string
+	Name      string
+	Addr      string
+	Path      string
+	Ops       []string
+	TLSVerify bool
 }

 type httpPlugin struct {
@ -40,10 +43,25 @@ type httpPlugin struct {
 }

 func NewHTTPPluginOptions(options HTTPPluginOptions) Plugin {
+	var url = fmt.Sprintf("%s%s", options.Addr, options.Path)
+
+	var client *http.Client
+	if strings.HasPrefix(url, "https://") {
+		tr := &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: options.TLSVerify == false},
+		}
+		client = &http.Client{Transport: tr}
+	} else {
+		client = &http.Client{}
+	}
+
+	if !strings.HasPrefix(url, "https://") && !strings.HasPrefix(url, "http://") {
+		url = "http://" + url
+	}
 	return &httpPlugin{
 		options: options,
-		url:     fmt.Sprintf("http://%s%s", options.Addr, options.Path),
-		client:  &http.Client{},
+		url:     url,
+		client:  client,
 	}
 }