Skip to content

Support for self-signed certificates #565

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
martijnwalraven merged 2 commits into from
Aug 30, 2018
Merged

Support for self-signed certificates #565

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9a8fddd
[support-for-skipping-certificate-validation] Add support for securel…
Aug 29, 2018
e3c84ba
Rename 'insecure' flag to a more self-explainatory name.
Aug 30, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions packages/apollo-cli/src/commands/schema/download.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,10 @@ export default class SchemaDownload extends Command {
description:
"The URL of the server to fetch the schema from or path to ./your/local/schema.graphql"
}),
insecure: flags.boolean({
Copy link
Copy Markdown
Contributor

@martijnwalraven martijnwalraven Aug 30, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wondering about the naming, because it's a bit confusing to have insecure, skipsSSLValidation , and rejectUnauthorized referring to the same option.

skipSSLValidation seems the most descriptive (I prefer skip vs. skips, but that's no biggie). I understand wanting to follow curl in using insecure, but consistency between command flag and config is more important here I think.

Copy link
Copy Markdown
Author

@robertomg robertomg Aug 30, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree on this that giving a more self-explanatory name is more important than keeping old names. So I decided to change this (also to skip instead of skips). Thanks for the feedback

char: "k",
description: "Allow connections to a SSL site without certs"
}),

...engineFlags
};
Expand Down
1 change: 1 addition & 0 deletions packages/apollo-cli/src/config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ export interface SchemaDependency {
engineKey?: string;
extends?: string;
clientSide?: boolean;
skipsSSLValidation?: boolean;
Copy link
Copy Markdown
Contributor

@martijnwalraven martijnwalraven Aug 30, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should probably be part of EndpointConfig, similar to endpoint-specific headers.

Copy link
Copy Markdown
Author

@robertomg robertomg Aug 30, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is a great suggestion and actually I thought about implementing this way on the first place. 👍

}

export interface DocumentSet {
Expand Down
49 changes: 32 additions & 17 deletions packages/apollo-cli/src/fetch-schema.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,20 +1,15 @@
import { extractDocumentFromJavascript } from "apollo-codegen-core/lib/loading";
import { fs } from "apollo-codegen-core/lib/localfs";
import * as path from "path";
import fetch from "node-fetch";
import gql from "graphql-tag";
import {
buildSchema,
introspectionQuery,
GraphQLSchema,
Source,
buildClientSchema
} from "graphql";
import { execute, toPromise } from "apollo-link";
import { createHttpLink } from "apollo-link-http";

import { extractDocumentFromJavascript } from "apollo-codegen-core/lib/loading";
import { createHttpLink, HttpLink } from "apollo-link-http";
import { buildClientSchema, buildSchema, GraphQLSchema, introspectionQuery, Source } from "graphql";
import gql from "graphql-tag";
import { Agent, AgentOptions } from 'https';
import fetch from "node-fetch";
import * as path from "path";
import { URL } from 'url';
import { EndpointConfig } from "./config";
import { getIdFromKey, engineLink } from "./engine";
import { engineLink, getIdFromKey } from "./engine";
import { SCHEMA_QUERY } from "./operations/schema";

const introspection = gql(introspectionQuery);
Expand Down Expand Up @@ -56,15 +51,35 @@ export async function fromFile(

export const fetchSchema = async (
{ url, headers }: EndpointConfig,
projectFolder?: string
projectFolder?: string,
insecureEnabled?: boolean
): Promise<GraphQLSchema | undefined> => {
if (!url) throw new Error("No endpoint provided when fetching schema");
const filePath = projectFolder ? path.resolve(projectFolder, url) : url;
if (fs.existsSync(filePath)) return fromFile(filePath);

const insecureOptionActive = insecureEnabled ? insecureEnabled : false;
Copy link
Copy Markdown
Contributor

@martijnwalraven martijnwalraven Aug 30, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can avoid an extra variable here by using a default parameter value (insecureEnabled?: boolean = false).

Copy link
Copy Markdown
Author

@robertomg robertomg Aug 30, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just discovered that checking a (boolean | undefined) variable on an if would only accept it if the variable is true so this line is not necessary anymore.


var options: HttpLink.Options = { uri: url, fetch }

if (insecureOptionActive) {
const host = new URL(url).host

const agentOptions: AgentOptions = {
host: host,
port: 443,
rejectUnauthorized: false
};

const agent = new Agent(agentOptions);

options.fetchOptions = { agent: agent }
}

return toPromise(
// XXX node-fetch isn't compatiable typescript wise here?
execute(createHttpLink({ uri: url, fetch } as any), {

// XXX node-fetch isn't compatible typescript wise here?
execute(createHttpLink(options), {
query: introspection,
context: { headers }
})
Expand Down
6 changes: 6 additions & 0 deletions packages/apollo-cli/src/load-config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,12 @@ export function loadConfigStep(
ctx.config.engineEndpoint = flags.engine;
}

if (flags.insecure) {
if (Object.keys(ctx.config.schemas).length == 1) {
(Object.values(ctx.config.schemas)[0] as SchemaDependency).skipsSSLValidation = flags.insecure;
}
}

if (ctx.config.queries.length == 0 && ctx.config.schemas.default) {
ctx.config.queries.push({
schema: "default",
Expand Down
2 changes: 1 addition & 1 deletion packages/apollo-cli/src/load-schema.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ export async function loadSchema(

if (dependency.endpoint && dependency.endpoint.url) {
try {
return await fetchSchema(dependency.endpoint, config.projectFolder);
return await fetchSchema(dependency.endpoint, config.projectFolder, dependency.skipsSSLValidation);
Copy link
Copy Markdown
Contributor

@martijnwalraven martijnwalraven Aug 30, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we put skipSSLValidation under endpoint we can avoid passing in an extra parameter.

Copy link
Copy Markdown
Author

@robertomg robertomg Aug 30, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

} catch {}
}

Expand Down