foster/denoland-deno
1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-21 21:50:00 -05:00
Code Issues Packages 1 Wiki Activity

BREAKING(unstable): remove CreateHttpClientOptions.caFile (#8928)

Browse source
This commit is contained in:
Mo 2021-01-04 17:55:20 +02:00 committed by GitHub
parent 1d4f8298a7
commit 3e5a3daf59
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 34 additions and 70 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
cli/dts/lib.deno.unstable.d.ts vendored
View file

@ -1220,12 +1220,6 @@ declare namespace Deno {
* The options used when creating a [HttpClient]. * The options used when creating a [HttpClient].
*/ */
interface CreateHttpClientOptions { interface CreateHttpClientOptions {
/** A certificate authority to use when validating TLS certificates.
*
* Requires `allow-read` permission.
*/
caFile?: string;
/** A certificate authority to use when validating TLS certificates. Certificate data must be PEM encoded. /** A certificate authority to use when validating TLS certificates. Certificate data must be PEM encoded.
*/ */
caData?: string; caData?: string;

4
cli/file_fetcher.rs
View file

@ -283,14 +283,14 @@ impl FileFetcher {
http_cache: HttpCache, http_cache: HttpCache,
cache_setting: CacheSetting, cache_setting: CacheSetting,
allow_remote: bool, allow_remote: bool,
maybe_ca_file: Option<&str>, maybe_ca_data: Option<&str>,
) -> Result<Self, AnyError> { ) -> Result<Self, AnyError> {
Ok(Self { Ok(Self {
allow_remote, allow_remote,
cache: FileCache::default(), cache: FileCache::default(),
cache_setting, cache_setting,
http_cache, http_cache,
http_client: create_http_client(get_user_agent(), maybe_ca_file)?, http_client: create_http_client(get_user_agent(), maybe_ca_data)?,
}) })
} }

65
cli/http_util.rs
View file

@ -14,8 +14,6 @@ use deno_runtime::deno_fetch::reqwest::redirect::Policy;
use deno_runtime::deno_fetch::reqwest::Client; use deno_runtime::deno_fetch::reqwest::Client;
use deno_runtime::deno_fetch::reqwest::StatusCode; use deno_runtime::deno_fetch::reqwest::StatusCode;
use std::collections::HashMap; use std::collections::HashMap;
use std::fs::File;
use std::io::Read;
pub fn get_user_agent() -> String { pub fn get_user_agent() -> String {
format!("Deno/{}", version::deno()) format!("Deno/{}", version::deno())
@ -25,7 +23,7 @@ pub fn get_user_agent() -> String {
/// proxies and doesn't follow redirects. /// proxies and doesn't follow redirects.
pub fn create_http_client( pub fn create_http_client(
user_agent: String, user_agent: String,
ca_file: Option<&str>, ca_data: Option<&str>,
) -> Result<Client, AnyError> { ) -> Result<Client, AnyError> {
let mut headers = HeaderMap::new(); let mut headers = HeaderMap::new();
headers.insert(USER_AGENT, user_agent.parse().unwrap()); headers.insert(USER_AGENT, user_agent.parse().unwrap());
@ -34,10 +32,9 @@ pub fn create_http_client(
.default_headers(headers) .default_headers(headers)
.use_rustls_tls(); .use_rustls_tls();
if let Some(ca_file) = ca_file { if let Some(ca_data) = ca_data {
let mut buf = Vec::new(); let ca_data_vec = ca_data.as_bytes().to_vec();
File::open(ca_file)?.read_to_end(&mut buf)?; let cert = reqwest::Certificate::from_pem(&ca_data_vec)?;
let cert = reqwest::Certificate::from_pem(&buf)?;
builder = builder.add_root_certificate(cert); builder = builder.add_root_certificate(cert);
} }
@ -159,9 +156,10 @@ pub async fn fetch_once(
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use super::*; use super::*;
use std::fs::read_to_string;
fn create_test_client(ca_file: Option<&str>) -> Client { fn create_test_client(ca_data: Option<&str>) -> Client {
create_http_client("test_client".to_string(), ca_file).unwrap() create_http_client("test_client".to_string(), ca_data).unwrap()
} }
#[tokio::test] #[tokio::test]
@ -314,17 +312,12 @@ mod tests {
// Relies on external http server. See target/debug/test_server // Relies on external http server. See target/debug/test_server
let url = let url =
Url::parse("https://localhost:5545/cli/tests/fixture.json").unwrap(); Url::parse("https://localhost:5545/cli/tests/fixture.json").unwrap();
let ca_data: String = read_to_string(
let client = create_http_client( test_util::root_path().join("std/http/testdata/tls/RootCA.pem"),
get_user_agent(),
Some(
test_util::root_path()
.join("std/http/testdata/tls/RootCA.pem")
.to_str()
.unwrap(),
),
) )
.unwrap(); .unwrap();
let client =
create_http_client(get_user_agent(), Some(ca_data.as_str())).unwrap();
let result = fetch_once(client, &url, None).await; let result = fetch_once(client, &url, None).await;
if let Ok(FetchOnceResult::Code(body, headers)) = result { if let Ok(FetchOnceResult::Code(body, headers)) = result {
assert!(!body.is_empty()); assert!(!body.is_empty());
@ -344,16 +337,12 @@ mod tests {
"https://localhost:5545/cli/tests/053_import_compression/gziped", "https://localhost:5545/cli/tests/053_import_compression/gziped",
) )
.unwrap(); .unwrap();
let client = create_http_client( let ca_data: String = read_to_string(
get_user_agent(), test_util::root_path().join("std/http/testdata/tls/RootCA.pem"),
Some(
test_util::root_path()
.join("std/http/testdata/tls/RootCA.pem")
.to_str()
.unwrap(),
),
) )
.unwrap(); .unwrap();
let client =
create_http_client(get_user_agent(), Some(ca_data.as_str())).unwrap();
let result = fetch_once(client, &url, None).await; let result = fetch_once(client, &url, None).await;
if let Ok(FetchOnceResult::Code(body, headers)) = result { if let Ok(FetchOnceResult::Code(body, headers)) = result {
assert_eq!(String::from_utf8(body).unwrap(), "console.log('gzip')"); assert_eq!(String::from_utf8(body).unwrap(), "console.log('gzip')");
@ -372,16 +361,12 @@ mod tests {
async fn test_fetch_with_cafile_with_etag() { async fn test_fetch_with_cafile_with_etag() {
let _http_server_guard = test_util::http_server(); let _http_server_guard = test_util::http_server();
let url = Url::parse("https://localhost:5545/etag_script.ts").unwrap(); let url = Url::parse("https://localhost:5545/etag_script.ts").unwrap();
let client = create_http_client( let ca_data: String = read_to_string(
get_user_agent(), test_util::root_path().join("std/http/testdata/tls/RootCA.pem"),
Some(
test_util::root_path()
.join("std/http/testdata/tls/RootCA.pem")
.to_str()
.unwrap(),
),
) )
.unwrap(); .unwrap();
let client =
create_http_client(get_user_agent(), Some(ca_data.as_str())).unwrap();
let result = fetch_once(client.clone(), &url, None).await; let result = fetch_once(client.clone(), &url, None).await;
if let Ok(FetchOnceResult::Code(body, headers)) = result { if let Ok(FetchOnceResult::Code(body, headers)) = result {
assert!(!body.is_empty()); assert!(!body.is_empty());
@ -409,16 +394,12 @@ mod tests {
"https://localhost:5545/cli/tests/053_import_compression/brotli", "https://localhost:5545/cli/tests/053_import_compression/brotli",
) )
.unwrap(); .unwrap();
let client = create_http_client( let ca_data: String = read_to_string(
get_user_agent(), test_util::root_path().join("std/http/testdata/tls/RootCA.pem"),
Some(
test_util::root_path()
.join("std/http/testdata/tls/RootCA.pem")
.to_str()
.unwrap(),
),
) )
.unwrap(); .unwrap();
let client =
create_http_client(get_user_agent(), Some(ca_data.as_str())).unwrap();
let result = fetch_once(client, &url, None).await; let result = fetch_once(client, &url, None).await;
if let Ok(FetchOnceResult::Code(body, headers)) = result { if let Ok(FetchOnceResult::Code(body, headers)) = result {
assert!(!body.is_empty()); assert!(!body.is_empty());

11
cli/program_state.rs
View file

@ -25,6 +25,7 @@ use deno_core::ModuleSource;
use deno_core::ModuleSpecifier; use deno_core::ModuleSpecifier;
use std::collections::HashMap; use std::collections::HashMap;
use std::env; use std::env;
use std::fs::read_to_string;
use std::sync::Arc; use std::sync::Arc;
use std::sync::Mutex; use std::sync::Mutex;
@ -58,7 +59,13 @@ impl ProgramState {
let dir = deno_dir::DenoDir::new(custom_root)?; let dir = deno_dir::DenoDir::new(custom_root)?;
let deps_cache_location = dir.root.join("deps"); let deps_cache_location = dir.root.join("deps");
let http_cache = http_cache::HttpCache::new(&deps_cache_location); let http_cache = http_cache::HttpCache::new(&deps_cache_location);
let ca_file = flags.ca_file.clone().or_else(|| env::var("DENO_CERT").ok()); let ca_file_path =
flags.ca_file.clone().or_else(|| env::var("DENO_CERT").ok());
let ca_data: Option<String> = match ca_file_path.as_ref() {
None => None,
Some(ca_file_path) => Some(read_to_string(ca_file_path)?),
};
let cache_usage = if flags.cached_only { let cache_usage = if flags.cached_only {
CacheSetting::Only CacheSetting::Only
@ -74,7 +81,7 @@ impl ProgramState {
http_cache, http_cache,
cache_usage, cache_usage,
!flags.no_remote, !flags.no_remote,
ca_file.as_deref(), ca_data.as_deref(),
)?; )?;
let lockfile = if let Some(filename) = &flags.lock { let lockfile = if let Some(filename) = &flags.lock {

18
cli/tests/unit/fetch_test.ts
View file

@ -1010,24 +1010,6 @@ unitTest(function fetchResponseEmptyConstructor(): void {
assertEquals([...response.headers], []); assertEquals([...response.headers], []);
}); });
unitTest(
{ perms: { net: true, read: true } },
async function fetchCustomHttpClientFileCertificateSuccess(): Promise<
void
> {
const client = Deno.createHttpClient(
{ caFile: "./cli/tests/tls/RootCA.crt" },
);
const response = await fetch(
"https://localhost:5545/cli/tests/fixture.json",
{ client },
);
const json = await response.json();
assertEquals(json.name, "deno");
client.close();
},
);
unitTest( unitTest(
{ perms: { net: true } }, { perms: { net: true } },
async function fetchCustomHttpClientParamCertificateSuccess(): Promise< async function fetchCustomHttpClientParamCertificateSuccess(): Promise<