Allow server plugin to talk to https services. Option for skipping tls verification (#2103)

* Allow server plugin to talk to https services. Option for skipping tls verification

* Rename TlsVerify to TLSVerify

* Server plugin should use default http transport when scheme is not https
This commit is contained in:
Mike Cardwell 2020-12-03 06:36:14 +00:00 committed by GitHub
parent fca59c71e2
commit 0ab055e946
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 37 additions and 13 deletions

View File

@ -209,9 +209,10 @@ path = /handler
ops = NewProxy ops = NewProxy
``` ```
addr: the address where the external RPC service listens on. - addr: the address where the external RPC service listens. Defaults to http. For https, specify the schema: `addr = https://127.0.0.1:9001`.
path: http request url path for the POST request. - path: http request url path for the POST request.
ops: operations plugin needs to handle (e.g. "Login", "NewProxy", ...). - ops: operations plugin needs to handle (e.g. "Login", "NewProxy", ...).
- tls_verify: When the schema is https, we verify by default. Set this value to false if you want to skip verification.
### Metadata ### Metadata

View File

@ -458,11 +458,16 @@ func UnmarshalPluginsFromIni(sections ini.File, cfg *ServerCommonConf) {
for name, section := range sections { for name, section := range sections {
if strings.HasPrefix(name, "plugin.") { if strings.HasPrefix(name, "plugin.") {
name = strings.TrimSpace(strings.TrimPrefix(name, "plugin.")) name = strings.TrimSpace(strings.TrimPrefix(name, "plugin."))
var tls_verify, err = strconv.ParseBool(section["tls_verify"])
if err != nil {
tls_verify = true
}
options := plugin.HTTPPluginOptions{ options := plugin.HTTPPluginOptions{
Name: name, Name: name,
Addr: section["addr"], Addr: section["addr"],
Path: section["path"], Path: section["path"],
Ops: strings.Split(section["ops"], ","), Ops: strings.Split(section["ops"], ","),
TLSVerify: tls_verify,
} }
for i := range options.Ops { for i := range options.Ops {
options.Ops[i] = strings.TrimSpace(options.Ops[i]) options.Ops[i] = strings.TrimSpace(options.Ops[i])

View File

@ -17,19 +17,22 @@ package plugin
import ( import (
"bytes" "bytes"
"context" "context"
"crypto/tls"
"encoding/json" "encoding/json"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"net/url" "net/url"
"reflect" "reflect"
"strings"
) )
type HTTPPluginOptions struct { type HTTPPluginOptions struct {
Name string Name string
Addr string Addr string
Path string Path string
Ops []string Ops []string
TLSVerify bool
} }
type httpPlugin struct { type httpPlugin struct {
@ -40,10 +43,25 @@ type httpPlugin struct {
} }
func NewHTTPPluginOptions(options HTTPPluginOptions) Plugin { func NewHTTPPluginOptions(options HTTPPluginOptions) Plugin {
var url = fmt.Sprintf("%s%s", options.Addr, options.Path)
var client *http.Client
if strings.HasPrefix(url, "https://") {
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: options.TLSVerify == false},
}
client = &http.Client{Transport: tr}
} else {
client = &http.Client{}
}
if !strings.HasPrefix(url, "https://") && !strings.HasPrefix(url, "http://") {
url = "http://" + url
}
return &httpPlugin{ return &httpPlugin{
options: options, options: options,
url: fmt.Sprintf("http://%s%s", options.Addr, options.Path), url: url,
client: &http.Client{}, client: client,
} }
} }