Allow server plugin to talk to https services. Option for skipping tls verification (#2103)

* Allow server plugin to talk to https services. Option for skipping tls verification

* Rename TlsVerify to TLSVerify

* Server plugin should use default http transport when scheme is not https
This commit is contained in:
Mike Cardwell 2020-12-03 06:36:14 +00:00 committed by GitHub
parent fca59c71e2
commit 0ab055e946
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 37 additions and 13 deletions

View File

@ -209,9 +209,10 @@ path = /handler
ops = NewProxy
```
addr: the address where the external RPC service listens on.
path: http request url path for the POST request.
ops: operations plugin needs to handle (e.g. "Login", "NewProxy", ...).
- addr: the address where the external RPC service listens. Defaults to http. For https, specify the schema: `addr = https://127.0.0.1:9001`.
- path: http request url path for the POST request.
- ops: operations plugin needs to handle (e.g. "Login", "NewProxy", ...).
- tls_verify: When the schema is https, we verify by default. Set this value to false if you want to skip verification.
### Metadata

View File

@ -458,11 +458,16 @@ func UnmarshalPluginsFromIni(sections ini.File, cfg *ServerCommonConf) {
for name, section := range sections {
if strings.HasPrefix(name, "plugin.") {
name = strings.TrimSpace(strings.TrimPrefix(name, "plugin."))
var tls_verify, err = strconv.ParseBool(section["tls_verify"])
if err != nil {
tls_verify = true
}
options := plugin.HTTPPluginOptions{
Name: name,
Addr: section["addr"],
Path: section["path"],
Ops: strings.Split(section["ops"], ","),
TLSVerify: tls_verify,
}
for i := range options.Ops {
options.Ops[i] = strings.TrimSpace(options.Ops[i])

View File

@ -17,12 +17,14 @@ package plugin
import (
"bytes"
"context"
"crypto/tls"
"encoding/json"
"fmt"
"io/ioutil"
"net/http"
"net/url"
"reflect"
"strings"
)
type HTTPPluginOptions struct {
@ -30,6 +32,7 @@ type HTTPPluginOptions struct {
Addr string
Path string
Ops []string
TLSVerify bool
}
type httpPlugin struct {
@ -40,10 +43,25 @@ type httpPlugin struct {
}
func NewHTTPPluginOptions(options HTTPPluginOptions) Plugin {
var url = fmt.Sprintf("%s%s", options.Addr, options.Path)
var client *http.Client
if strings.HasPrefix(url, "https://") {
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: options.TLSVerify == false},
}
client = &http.Client{Transport: tr}
} else {
client = &http.Client{}
}
if !strings.HasPrefix(url, "https://") && !strings.HasPrefix(url, "http://") {
url = "http://" + url
}
return &httpPlugin{
options: options,
url: fmt.Sprintf("http://%s%s", options.Addr, options.Path),
client: &http.Client{},
url: url,
client: client,
}
}