Skip to content

Commit

Permalink
add verify_upstream_tls support
Browse files Browse the repository at this point in the history
  • Loading branch information
bobzilladev committed Mar 11, 2024
1 parent 2b2c0bf commit 9b5d2a6
Show file tree
Hide file tree
Showing 8 changed files with 64 additions and 4 deletions.
6 changes: 3 additions & 3 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ version = "1.1.1"
crate-type = ["cdylib"]

[dependencies]
async-rustls = { version = "0.3.0" }
async-trait = "0.1.59"
bytes = "1.3.0"
futures = "0.3.26"
Expand All @@ -18,10 +17,11 @@ mio = { version = "=0.8.6" }
# Default enable napi4 feature, see https://nodejs.org/api/n-api.html#node-api-version-matrix
napi = { version = "2.12.1", default-features = false, features = ["napi4", "tokio_rt"] }
napi-derive = "2.12.1"
ngrok = { version = "0.14.0-pre.11" }
ngrok = { version = "0.14.0-pre.12" }
parking_lot = "0.12.1"
regex = "1.9.5"
rustls-pemfile = "1.0.1"
rustls = "0.22.2"
rustls-pemfile = "2.0.0"
tokio = { version = "1.23.0", features = ["sync"] }
tracing = "0.1.37"
tracing-subscriber = { version = "0.3.16", features = ["env-filter"] }
Expand Down
21 changes: 21 additions & 0 deletions __test__/connect.spec.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,27 @@ test("forward http2", async (t) => {
t.assert(res.data.includes(expected));
});

test("forward http2 no cert validation", async (t) => {
const httpServer = await makeHttp({useHttp2: true});
const listener = await ngrok.forward({
// numeric port
addr: parseInt(httpServer.listenTo.split(":")[1], 10),
// authtoken from env
authtoken: process.env["NGROK_AUTHTOKEN"],
// The L7 app_protocol
app_protocol: "http2",
// No upstrea, cert validation
verify_upstream_tls: false,
});

const url = listener.url();
t.truthy(url.startsWith("https://"), url);
const res = await validateShutdown(t, httpServer, url);

t.assert(res.status === 200);
t.assert(res.data.includes(expected));
});

test("connect number", async (t) => {
const httpServer = await makeHttp();
ngrok.authtoken(process.env["NGROK_AUTHTOKEN"]);
Expand Down
16 changes: 16 additions & 0 deletions __test__/online.spec.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,22 @@ test("tls backend", async (t) => {
await listener.close();
});

test("unverified tls backend", async (t) => {
const session = await makeSession();
const listener = await session.httpEndpoint().verifyUpstreamTls(false)
.listenAndForward("https://dashboard.ngrok.com");

const error = await t.throwsAsync(
async () => {
await axios.get(listener.url());
},
{ instanceOf: AxiosError }
);
t.is(421, error.response.status);
t.truthy(error.response.headers["ngrok-trace-id"]);
await listener.close();
});

test("http headers", async (t) => {
const httpServer = http.createServer(function (req, res) {
const { headers } = req;
Expand Down
10 changes: 10 additions & 0 deletions index.d.ts

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions src/config.rs
Original file line number Diff line number Diff line change
Expand Up @@ -269,6 +269,9 @@ pub struct Config {
/// Unused, will warn and be ignored
#[napi(js_name = "terminate_at")]
pub terminate_at: Option<String>,
/// Whether to disable certificate verification for this listener
#[napi(js_name = "verify_upstream_tls")]
pub verify_upstream_tls: Option<bool>,
/// WebhookVerification configuration, the provider to use.
/// See [Webhook Verification] in the ngrok docs for additional details.
///
Expand Down
2 changes: 2 additions & 0 deletions src/connect.rs
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ macro_rules! config_common {
plumb_vec!($builder, $config, deny_cidr);
plumb!($builder, $config, proxy_proto);
plumb!($builder, $config, forwards_to);
plumb!($builder, $config, verify_upstream_tls);

// returns a Result, so we can't use the macro
if let Some(ref v) = $config.policy {
Expand Down Expand Up @@ -283,6 +284,7 @@ async fn labeled_listener(session: &Session, cfg: &Config) -> Result<String> {
let mut bld = session.labeled_listener();
plumb!(bld, cfg, metadata);
plumb!(bld, cfg, app_protocol);
plumb!(bld, cfg, verify_upstream_tls);
plumb_vec!(bld, cfg, label, labels, ":");
Ok(bld.listen(None).await?.id())
}
Expand Down
8 changes: 8 additions & 0 deletions src/listener_builder.rs
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,14 @@ macro_rules! make_listener_builder {
self
}

/// Whether to disable certificate verification for this listener.
#[napi]
pub fn verify_upstream_tls(&mut self, verify_upstream_tls: bool) -> &Self {
let mut builder = self.listener_builder.lock();
builder.verify_upstream_tls(verify_upstream_tls);
self
}

/// Begin listening for new connections on this listener.
#[napi]
pub async fn listen(&self, _bind: Option<bool>) -> Result<Listener> {
Expand Down
2 changes: 1 addition & 1 deletion src/session.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ use std::{
time::Duration,
};

use async_rustls::rustls::ClientConfig;
use bytes::Bytes;
use lazy_static::lazy_static;
use napi::{
Expand All @@ -28,6 +27,7 @@ use ngrok::{
Session as NgrokSession,
};
use parking_lot::Mutex as SyncMutex;
use rustls::ClientConfig;
use tokio::sync::Mutex;
use tracing::{
debug,
Expand Down

0 comments on commit 9b5d2a6

Please sign in to comment.