fix: 申请证书没有使用到系统设置的http代理的bug

2024-10-22 01:01:04 +08:00 · 2024-10-22 01:01:04 +08:00 · 3db216f515
parent 4a7018ac26
commit 3db216f515
10 changed files with 151 additions and 25 deletions
--- a/packages/core/acme-client/package.json
+++ b/packages/core/acme-client/package.json
@ -20,6 +20,7 @@
        "asn1js": "^3.0.5",
        "axios": "^1.7.2",
        "debug": "^4.3.5",
        "http-proxy-agent": "^7.0.2",
        "https-proxy-agent": "^7.0.5",
        "node-forge": "^1.3.1"
    },
--- a/packages/core/acme-client/src/agents.js
+++ b/packages/core/acme-client/src/agents.js
@ -0,0 +1,101 @@
 const nodeHttp = require('node:http');
 const https = require('node:https');
 const { HttpProxyAgent } = require('http-proxy-agent');
 const { HttpsProxyAgent } = require('https-proxy-agent');
 const { log } = require('./logger');
 function createAgent(opts = {}) {
    let httpAgent;
    let
        httpsAgent;
    const httpProxy = process.env.HTTP_PROXY || process.env.http_proxy;
    if (httpProxy) {
        log(`acme use httpProxy:${httpProxy}`);
        httpAgent = new HttpProxyAgent(httpProxy, opts);
    }
    else {
        httpAgent = new nodeHttp.Agent(opts);
    }
    const httpsProxy = process.env.HTTPS_PROXY || process.env.https_proxy;
    if (httpsProxy) {
        log(`acme use httpsProxy:${httpsProxy}`);
        httpsAgent = new HttpsProxyAgent(httpsProxy, opts);
    }
    else {
        httpsAgent = new https.Agent(opts);
    }
    return {
        httpAgent,
        httpsAgent,
    };
 }
 let defaultAgents = createAgent();
 function getGlobalAgents() {
    return defaultAgents;
 }
 function setGlobalProxy(opts) {
    log('acme setGlobalProxy:', opts);
    if (opts.httpProxy) {
        process.env.HTTP_PROXY = opts.httpProxy;
    }
    if (opts.httpsProxy) {
        process.env.HTTPS_PROXY = opts.httpsProxy;
    }
    defaultAgents = createAgent();
 }
 class HttpError extends Error {
    constructor(error) {
        super(error || error.message);
        if (!error) {
            return;
        }
        if (error.message.indexOf('ssl3_get_record:wrong version number') >= 0) {
            this.message = 'http协议错误，服务端要求http协议，请检查是否使用了https请求';
        }
        this.name = error.name;
        this.code = error.code;
        this.cause = error.cause;
        if (error.response) {
            this.status = error.response.status;
            this.statusText = error.response.statusText;
            this.response = {
                data: error.response.data,
            };
        }
        let url = '';
        if (error.config) {
            this.request = {
                baseURL: error.config.baseURL,
                url: error.config.url,
                method: error.config.method,
                params: error.config.params,
                data: error.config.data,
            };
            url = error.config.baseURL + error.config.url;
        }
        if (url) {
            this.message = `${this.message}:${url}`;
        }
        delete error.response;
        delete error.config;
        delete error.request;
        // logger.error(error);
    }
 }
 module.exports = {
    setGlobalProxy,
    createAgent,
    getGlobalAgents,
    HttpError,
 };
--- a/packages/core/acme-client/src/api.js
+++ b/packages/core/acme-client/src/api.js
@ -30,6 +30,7 @@ class AcmeApi {
                }
            }
        }
        console.log(locationUrl, mapping);
        return locationUrl;
    }
--- a/packages/core/acme-client/src/axios.js
+++ b/packages/core/acme-client/src/axios.js
@ -1,11 +1,11 @@
 /**
 * Axios instance
 */
 const axios = require('axios');
 const { parseRetryAfterHeader } = require('./util');
 const { log } = require('./logger');
 const pkg = require('./../package.json');
 const Agents = require('./agents');
 const { AxiosError } = axios;
@ -24,8 +24,8 @@ instance.defaults.acmeSettings = {
    httpsChallengePort: 443,
    tlsAlpnChallengePort: 443,
-    retryMaxAttempts: 5,
+    retryMaxAttempts: 3,
-    retryDefaultDelay: 5,
+    retryDefaultDelay: 3,
 };
 // instance.defaults.proxy = {
 //     host: '192.168.34.139',
@ -56,19 +56,26 @@ function isRetryableError(error) {
 /* https://github.com/axios/axios/blob/main/lib/core/settle.js */
 function validateStatus(response) {
-    const validator = response.config.retryValidateStatus;
+    if (!response) {
-
+        return new Error('Response is undefined');
    }
    let validator = null;
    if (response.config) {
        validator = response.config.retryValidateStatus;
    }
    if (!response.status || !validator || validator(response.status)) {
        return response;
    }
-    throw new AxiosError(
+    const err = new AxiosError(
        `Request failed with status code ${response.status}`,
        (Math.floor(response.status / 100) === 4) ? AxiosError.ERR_BAD_REQUEST : AxiosError.ERR_BAD_RESPONSE,
        response.config,
        response.request,
        response,
    );
    throw new Agents.HttpError(err);
 }
 /* Pass all responses through the error interceptor */
@ -76,8 +83,17 @@ instance.interceptors.request.use((config) => {
    if (!('retryValidateStatus' in config)) {
        config.retryValidateStatus = config.validateStatus;
    }
    config.validateStatus = () => false;
    const agents = Agents.getGlobalAgents();
    // if (config.skipSslVerify) {
    //     logger.info('跳过SSL验证');
    //     agents = createAgent({ rejectUnauthorized: false } as any);
    // }
    // delete config.skipSslVerify;
    config.httpsAgent = agents.httpsAgent;
    config.httpAgent = agents.httpAgent;
    config.proxy = false; // 必须 否则还会走一层代理，
    return config;
 });
@ -86,7 +102,7 @@ instance.interceptors.response.use(null, async (error) => {
    const { config, response } = error;
    if (!config) {
-        return Promise.reject(error);
+        return Promise.reject(new Agents.HttpError(error));
    }
    /* Pick up errors we want to retry */
@ -115,6 +131,9 @@ instance.interceptors.response.use(null, async (error) => {
        }
    }
    if (!response) {
        return Promise.reject(new Agents.HttpError(error));
    }
    /* Validate and return response */
    return validateStatus(response);
 });
--- a/packages/core/acme-client/src/http.js
+++ b/packages/core/acme-client/src/http.js
@ -3,21 +3,9 @@
 */
 const { createHmac, createSign, constants: { RSA_PKCS1_PADDING } } = require('crypto');
 const { HttpsProxyAgent } = require('https-proxy-agent');
 const { getJwk } = require('./crypto');
 const { log } = require('./logger');
-const axios1 = require('./axios');
+const axios = require('./axios');
 const httpsProxy = process.env.HTTPS_PROXY || process.env.https_proxy;
 let httpsAgent = null;
 if (httpsProxy) {
    httpsAgent = new HttpsProxyAgent(httpsProxy);
    log(`use https_proxy:${httpsProxy}`);
 }
 const axios = axios1.create({
    proxy: false,
    httpsAgent,
 });
 /**
 * ACME HTTP client
--- a/packages/core/acme-client/src/index.js
+++ b/packages/core/acme-client/src/index.js
@ -39,6 +39,7 @@ exports.forge = require('./crypto/forge');
 */
 exports.axios = require('./axios');
 exports.agents = require('./agents');
 /**
 * Logger
--- a/packages/core/acme-client/types/index.d.ts
+++ b/packages/core/acme-client/types/index.d.ts
@ -192,6 +192,7 @@ export const forge: CryptoLegacyInterface;
 export const axios: AxiosInstance;
 export const agents: any;
 /**
 * Logger
 */
--- a/packages/core/basic/src/utils/util.request.ts
+++ b/packages/core/basic/src/utils/util.request.ts
@ -35,6 +35,14 @@ export class HttpError extends Error {
      params: error.config?.params,
      data: error.config?.data,
    };
    let url = error.config?.url;
    if (error.config?.baseURL) {
      url = error.config?.baseURL + url;
    }
    if (url) {
      this.message = `${this.message} : ${url}`;
    }
    this.response = {
      data: error.response?.data,
    };
@ -62,6 +70,10 @@ export function setGlobalProxy(opts: { httpProxy?: string; httpsProxy?: string }
  defaultAgents = createAgent();
 }
 export function getGlobalAgents() {
  return defaultAgents;
 }
 /**
 * @description 创建请求实例
 */
--- a/packages/libs/lib-server/package.json
+++ b/packages/libs/lib-server/package.json
@ -27,6 +27,7 @@
  "license": "AGPL",
  "dependencies": {
    "@certd/basic": "^1.26.10",
    "@certd/acme-client": "^1.26.10",
    "@certd/pipeline": "^1.26.10",
    "@midwayjs/cache": "~3.14.0",
    "@midwayjs/core": "~3.17.1",
--- a/packages/libs/lib-server/src/system/settings/service/sys-settings-service.ts
+++ b/packages/libs/lib-server/src/system/settings/service/sys-settings-service.ts
@ -7,7 +7,7 @@ import { BaseSettings, SysInstallInfo, SysPrivateSettings, SysPublicSettings, Sy
 import * as _ from 'lodash-es';
 import { BaseService } from '../../../basic/index.js';
 import { logger, setGlobalProxy } from '@certd/basic';
-
+import { agents } from '@certd/acme-client';
 /**
 * 设置
 */
@ -23,7 +23,6 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
  getRepository() {
    return this.repository;
  }
  async getById(id: any): Promise<SysSettingsEntity | null> {
    const entity = await this.info(id);
    if (!entity) {
@ -129,10 +128,12 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
  async reloadPrivateSettings() {
    const bean = await this.getPrivateSettings();
    if (bean.httpProxy || bean.httpsProxy) {
-      setGlobalProxy({
+      const opts = {
        httpProxy: bean.httpProxy,
        httpsProxy: bean.httpsProxy,
-      });
+      };
      setGlobalProxy(opts);
      agents.setGlobalProxy(opts);
    }
  }