Add the ability to set a proxy for outgoing requests - Closes #252

Bubka · Dec 13, 2023 · e503826 · e503826
1 parent 15c31c3
commit e503826
Show file tree

Hide file tree

Showing 9 changed files with 41 additions and 15 deletions.
diff --git a/.env.example b/.env.example
@@ -236,6 +236,8 @@ WEBAUTHN_USER_VERIFICATION=preferred
 # GITHUB_CLIENT_SECRET=
 
 
+#### Proxy settings ####
+
 # Use this setting to declare trusted proxied.
 # Supported:
 #   '*': to trust any proxy
@@ -244,6 +246,13 @@ WEBAUTHN_USER_VERIFICATION=preferred
 TRUSTED_PROXIES=null
 
 
+# Proxy for outgoing requests like new releases detection or logo fetching.
+# You can provide a proxy URL that contains a scheme, username, and password.
+# For example, "http://username:[email protected]:10".
+
+PROXY_FOR_OUTGOING_REQUESTS=null
+
+
 # Leave the following configuration vars as is.
 # Unless you like to tinker and know what you're doing.
 

diff --git a/Dockerfile b/Dockerfile
@@ -223,6 +223,10 @@ ENV \
     #   '*': to trust any proxy
     #   A comma separated IP list: The list of proxies IP to trust
     TRUSTED_PROXIES=null \
+    # Proxy for outgoing requests like new releases detection or logo fetching.
+    # You can provide a proxy URL that contains a scheme, username, and password.
+    # For example, "http://username:[email protected]:10".
+    PROXY_FOR_OUTGOING_REQUESTS=null \
     # Leave the following configuration vars as is.
     # Unless you like to tinker and know what you're doing.
     BROADCAST_DRIVER=log \

diff --git a/app/Models/TwoFAccount.php b/app/Models/TwoFAccount.php
@@ -691,7 +691,9 @@ private function storeRemoteImageAsIcon(string $url) : string|null
             $newFilename = self::getUniqueFilename($path_parts['extension']);
 
             try {
-                $response = Http::retry(3, 100)->get($url);
+                $response = Http::withOptions([
+                    'proxy' => config('2fauth.config.outgoingProxy'),
+                ])->retry(3, 100)->get($url);
 
                 if ($response->successful()) {
                     Storage::disk('imagesLink')->put($newFilename, $response->body());

diff --git a/app/Services/LogoService.php b/app/Services/LogoService.php
@@ -92,7 +92,9 @@ protected function setTfaCollection() : void
     protected function cacheTfaDirectorySource() : void
     {
         try {
-            $response = Http::retry(3, 100)->get(self::TFA_URL);
+            $response = Http::withOptions([
+                'proxy' => config('2fauth.config.outgoingProxy'),
+            ])->retry(3, 100)->get(self::TFA_URL);
 
             $coll = collect(json_decode(htmlspecialchars_decode($response->body()), true)) /* @phpstan-ignore-line */
                 ->mapWithKeys(function ($item, $key) {
@@ -117,8 +119,9 @@ protected function cacheTfaDirectorySource() : void
     protected function fetchLogo(string $logoFile) : void
     {
         try {
-            $response = Http::retry(3, 100)
-                ->get('https://raw.githubusercontent.com/2factorauth/twofactorauth/master/img/' . $logoFile[0] . '/' . $logoFile);
+            $response = Http::withOptions([
+                'proxy' => config('2fauth.config.outgoingProxy'),
+            ])->retry(3, 100)->get('https://raw.githubusercontent.com/2factorauth/twofactorauth/master/img/' . $logoFile[0] . '/' . $logoFile);
 
             if ($response->successful()) {
                 Storage::disk('logos')->put($logoFile, $response->body())

diff --git a/app/Services/ReleaseRadarService.php b/app/Services/ReleaseRadarService.php
@@ -22,23 +22,25 @@ public static function scheduledScan() : void
     /**
      * Run a manual release scan
      *
-     * @return false|string False if no new release, the new release number otherwise
+     * @return string|null|false False if no new release, null if check failed, the new release number otherwise
      */
-    public static function manualScan() : false|string
+    public static function manualScan() : string|null|false
     {
         return self::newRelease();
     }
 
     /**
      * Run a release scan
      *
-     * @return false|string False if no new release, the new release number otherwise
+     * @return string|null|false False if no new release, null if check failed, the new release number otherwise
      */
-    protected static function newRelease() : false|string
+    protected static function newRelease() : string|null|false
     {
         Log::info('Release scan started');
+        $latestRelease = self::getLatestReleaseData();
 
-        if ($latestReleaseData = json_decode(self::getLatestReleaseData())) {
+        if ($latestRelease) {
+            $latestReleaseData = json_decode($latestRelease);
             $githubVersion    = Helpers::cleanVersionNumber($latestReleaseData->tag_name);
             $installedVersion = Helpers::cleanVersionNumber(config('2fauth.version'));
 
@@ -55,7 +57,7 @@ protected static function newRelease() : false|string
             }
         }
 
-        return false;
+        return $latestRelease ? false : null;
     }
 
     /**
@@ -66,8 +68,9 @@ protected static function getLatestReleaseData() : string|null
         $url = config('2fauth.latestReleaseUrl');
 
         try {
-            $response = Http::retry(3, 100)
-                ->get($url);
+            $response = Http::withOptions([
+                'proxy' => config('2fauth.config.outgoingProxy'),
+            ])->retry(3, 100)->get($url);
 
             if ($response->successful()) {
                 Settings::set('lastRadarScan', time());

diff --git a/config/2fauth.php b/config/2fauth.php
@@ -25,6 +25,7 @@
         'isDemoApp' => env('IS_DEMO_APP', false),
         'isTestingApp' => env('IS_TESTING_APP', false),
         'trustedProxies' => env('TRUSTED_PROXIES', null),
+        'outgoingProxy' => env('PROXY_FOR_OUTGOING_REQUESTS', ''),
         'proxyLogoutUrl' => env('PROXY_LOGOUT_URL', null),
         'appSubdirectory' => env('APP_SUBDIRECTORY', ''),
     ],

diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -121,6 +121,10 @@ services:
       #   '*': to trust any proxy
       #   A comma separated IP list: The list of proxies IP to trust
       - TRUSTED_PROXIES=null
+      # Proxy for outgoing requests like new releases detection or logo fetching.
+      # You can provide a proxy URL that contains a scheme, username, and password.
+      # For example, "http://username:[email protected]:10".
+      - PROXY_FOR_OUTGOING_REQUESTS=null
       # Leave the following configuration vars as is.
       # Unless you like to tinker and know what you're doing.
       - BROADCAST_DRIVER=log

diff --git a/resources/js/components/VersionChecker.vue b/resources/js/components/VersionChecker.vue
@@ -13,7 +13,7 @@
         await systemService.getLastRelease({returnError: true})
         .then(response => {
             appSettings.latestRelease = response.data.newRelease
-            isUpToDate.value = response.data.newRelease === false
+            isUpToDate.value = response.data.newRelease === null ? null : response.data.newRelease === false
         })
         .catch(() => {
             isUpToDate.value = null

diff --git a/tests/Feature/Services/ReleaseRadarServiceTest.php b/tests/Feature/Services/ReleaseRadarServiceTest.php
@@ -71,7 +71,7 @@ public function test_manualScan_complete_when_http_call_fails()
         // We do not fake the http request so an exception will be thrown
         Http::preventStrayRequests();
 
-        $this->assertFalse(ReleaseRadarService::manualScan());
+        $this->assertNull(ReleaseRadarService::manualScan());
     }
 
     /**
@@ -86,7 +86,7 @@ public function test_manualScan_succeed_when_github_is_unreachable()
             $url => Http::response(null, 400),
         ]);
 
-        $this->assertFalse(ReleaseRadarService::manualScan());
+        $this->assertNull(ReleaseRadarService::manualScan());
     }
 
     /**