Code Monkey home page Code Monkey logo

Comments (4)

plimptm avatar plimptm commented on August 24, 2024 1

I just had the exact same error reported here in my instance which is also behind a (corporate) forward proxy.

I was suspicious that the environment variables were not being utilized so I set NODE_DEBUG=https and confirmed that the outgoing connection to my OIDC IDP issuer is not using the proxy which has been set.

I think this node-openid-client functionality might be relevant to getting this enabled in grist-core.

Perhaps adding something like the following into OIDCConfig.ts would do the trick:

import { ProxyAgent } from 'proxy-agent';
// The correct proxy `Agent` implementation to use will be determined
// via the `http_proxy` / `https_proxy` / `no_proxy` / etc. env vars
const agent = new ProxyAgent();

import { custom } from 'openid-client';
client[custom.http_options] = function (url, options) {
  const result = {};
  // use HTTP(S)_PROXY
  // https://nodejs.org/api/http.html#httprequesturl-options-callback
  // e.g. using https://www.npmjs.com/package/proxy-agent
  result.agent = agent;

  return result;
}

from grist-core.

fflorent avatar fflorent commented on August 24, 2024 1

Since nodejs/undici#2994 (undici is what node uses for its native fetch implementation) that may be changing.

Unfortunately, node-openid-client uses directly the http / https native module: https://nodejs.org/api/http.html

@fflorent what do you think of telling openid-client about that in the way @plimptm suggests?

That should be pretty much doable, and not very difficult. The harder would be to setup an environment for testing manually (or even better but even harder: setting up an integration test in the CI), that's the reason why I would not flag it good-first-issue.

from grist-core.

paulfitz avatar paulfitz commented on August 24, 2024

Node has been a bit of an outlier in terms of support for proxy variables. Since nodejs/undici#2994 (undici is what node uses for its native fetch implementation) that may be changing. In the meantime, there is a proxyAgent(url) method in app/server/lib/ProxyAgent.ts that can give an agent consistent with other parts of Grist. @fflorent what do you think of telling openid-client about that in the way @plimptm suggests?

from grist-core.

plimptm avatar plimptm commented on August 24, 2024

@fflorent I'm more than willing to help with testing code changes, both using my existing environment and hopefully coming up with a similar test environment.

I took a stab at implementing my own suggestion earlier and built a fresh docker image. It built and started up fine, but the timeout issue did not go away. I probably just didn't do it properly...admittedly my js skills are not the best.

Here is my diff, maybe something obvious will stand out:

diff --git a/app/server/lib/OIDCConfig.ts b/app/server/lib/OIDCConfig.ts
index 86f78bce..9f9e78ee 100644
--- a/app/server/lib/OIDCConfig.ts
+++ b/app/server/lib/OIDCConfig.ts
@@ -52,12 +52,13 @@
 
 import * as express from 'express';
 import { GristLoginSystem, GristServer } from './GristServer';
-import { Client, generators, Issuer, UserinfoResponse } from 'openid-client';
+import { Client, generators, Issuer, UserinfoResponse, custom } from 'openid-client';
 import { Sessions } from './Sessions';
 import log from 'app/server/lib/log';
 import { appSettings } from './AppSettings';
 import { RequestWithLogin } from './Authorizer';
 import { UserProfile } from 'app/common/LoginSessionAPI';
+import { ProxyAgent } from 'proxy-agent';
 
 const CALLBACK_URL = '/oauth2/callback';
 
@@ -121,6 +122,12 @@ export class OIDCConfig {
       redirect_uris: [ this._redirectUrl ],
       response_types: [ 'code' ],
     });
+    this._client[custom.http_options] = function(url, options) {
+           // use HTTP(S)_PROXY env vars
+           // https://nodejs.org/api/http.html#httprequesturl-options-callback
+           const agent = new ProxyAgent();
+           return { agent };
+    }
     if (this._client.issuer.metadata.end_session_endpoint === undefined &&
         !this._endSessionEndpoint && !this._skipEndSessionEndpoint) {
       throw new Error('The Identity provider does not propose end_session_endpoint. ' +
diff --git a/package.json b/package.json
index bbe1c5e5..c6d83c88 100644
--- a/package.json
+++ b/package.json
@@ -182,6 +182,7 @@
     "popper-max-size-modifier": "0.2.0",
     "popweasel": "0.1.20",
     "prom-client": "14.2.0",
+    "proxy-agent": "6.4.0",

from grist-core.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.