Skip to content

Commit

Permalink
Fix #682: Add tls support to the real forwarder
Browse files Browse the repository at this point in the history
  • Loading branch information
ylemoigne committed Jun 15, 2024
1 parent 8447841 commit 80822ab
Show file tree
Hide file tree
Showing 5 changed files with 47 additions and 24 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,8 @@ public ForwardedDevServerBuildItem prepareDevService(
devServerConfig.host(),
devServerConfig.port().get(),
checkPath);
return new ForwardedDevServerBuildItem(resolvedDevServerHost, devServerConfig.port().get());
return new ForwardedDevServerBuildItem(devServerConfig.tls(), devServerConfig.tlsAllowInsecure(),
resolvedDevServerHost, devServerConfig.port().get());
}
shutdownDevService();
}
Expand All @@ -125,7 +126,7 @@ public ForwardedDevServerBuildItem prepareDevService(
final String resolvedHostIPAddress = PackageManagerRunner.isDevServerUp(configuredTls, configuredTlsAllowInsecure,
configuredDevServerHost, port, checkPath);
if (resolvedHostIPAddress != null) {
return new ForwardedDevServerBuildItem(resolvedHostIPAddress, port);
return new ForwardedDevServerBuildItem(configuredTls, configuredTlsAllowInsecure, resolvedHostIPAddress, port);
} else {
throw new IllegalStateException(
"The Web UI dev server (configured as not managed by Quinoa) is not started on port: " + port);
Expand Down Expand Up @@ -161,7 +162,7 @@ public ForwardedDevServerBuildItem prepareDevService(
devService = new DevServicesResultBuildItem.RunningDevService(
DEV_SERVICE_NAME, null, onClose, devServerConfigMap);
devServices.produce(devService.toBuildItem());
return new ForwardedDevServerBuildItem(devServer.hostIPAddress(), port);
return new ForwardedDevServerBuildItem(configuredTls, configuredTlsAllowInsecure, devServer.hostIPAddress(), port);
} catch (Throwable t) {
packageManagerRunner.stopDev(dev.get());
if (devServer != null) {
Expand Down Expand Up @@ -206,7 +207,8 @@ public void runtimeInit(
LOG.infof("Quinoa is forwarding unhandled requests to port: %d", devProxy.get().getPort());
final QuinoaHandlerConfig handlerConfig = toHandlerConfig(quinoaConfig, true, httpBuildTimeConfig);
routes.produce(RouteBuildItem.builder().orderedRoute("/*", QUINOA_ROUTE_ORDER)
.handler(recorder.quinoaProxyDevHandler(handlerConfig, vertx.getVertx(), devProxy.get().getHost(),
.handler(recorder.quinoaProxyDevHandler(handlerConfig, vertx.getVertx(), devProxy.get().isTls(),
devProxy.get().isTlsAllowInsecure(), devProxy.get().getHost(),
devProxy.get().getPort(),
quinoaConfig.devServer().websocket()))
.build());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,13 +41,13 @@ public interface DevServerConfig {
String host();

/**
* Protocol of the server to forward requests to.
* If true, request will be forwarded with tls enabled.
*/
@WithDefault("false")
boolean tls();

/**
* Protocol of the server to forward requests to.
* If true, any certificate with any hostname will be accepted.
*/
@WithDefault("false")
boolean tlsAllowInsecure();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,26 @@

public final class ForwardedDevServerBuildItem extends SimpleBuildItem {

private final boolean tls;
private final boolean tlsAllowInsecure;
private final String host;
private final Integer port;

public ForwardedDevServerBuildItem(String host, Integer port) {
public ForwardedDevServerBuildItem(boolean tls, boolean tlsAllowInsecure, String host, Integer port) {
this.tls = tls;
this.tlsAllowInsecure = tlsAllowInsecure;
this.host = host;
this.port = port;
}

public boolean isTls() {
return tls;
}

public boolean isTlsAllowInsecure() {
return tlsAllowInsecure;
}

public String getHost() {
return host;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@

import java.util.List;

import io.vertx.core.net.JdkSSLEngineOptions;
import io.vertx.ext.web.client.WebClientOptions;
import org.jboss.logging.Logger;

import io.vertx.core.AsyncResult;
Expand Down Expand Up @@ -36,11 +38,19 @@ class QuinoaDevProxyHandler implements Handler<RoutingContext> {
private final ClassLoader currentClassLoader;
private final QuinoaHandlerConfig config;

QuinoaDevProxyHandler(final QuinoaHandlerConfig config, final Vertx vertx, String host, int port,
QuinoaDevProxyHandler(final QuinoaHandlerConfig config, final Vertx vertx, boolean tls, boolean tlsAllowInsecure, String host, int port,
boolean websocket) {
this.host = host;
this.port = port;
this.client = WebClient.create(vertx);
WebClientOptions options = new WebClientOptions();
if(tls){
options.setSsl(true);
if(tlsAllowInsecure){
options.setTrustAll(true);
options.setVerifyHost(false);
}
}
this.client = WebClient.create(vertx, options);
this.wsUpgradeHandler = websocket ? new QuinoaDevWebSocketProxyHandler(vertx, host, port) : null;
this.config = config;
currentClassLoader = Thread.currentThread().getContextClassLoader();
Expand Down
29 changes: 14 additions & 15 deletions runtime/src/main/java/io/quarkiverse/quinoa/QuinoaRecorder.java
Original file line number Diff line number Diff line change
@@ -1,21 +1,20 @@
package io.quarkiverse.quinoa;

import static io.quarkus.vertx.http.runtime.RouteConstants.ROUTE_ORDER_DEFAULT;

import java.io.IOException;
import java.util.List;
import java.util.Set;
import java.util.function.Supplier;

import org.jboss.logging.Logger;

import io.quarkus.runtime.annotations.Recorder;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.http.impl.MimeMapping;
import io.vertx.ext.web.RoutingContext;
import org.jboss.logging.Logger;

import java.io.IOException;
import java.util.List;
import java.util.Set;
import java.util.function.Supplier;

import static io.quarkus.vertx.http.runtime.RouteConstants.ROUTE_ORDER_DEFAULT;

@Recorder
public class QuinoaRecorder {
Expand All @@ -26,27 +25,27 @@ public class QuinoaRecorder {
public static final Set<HttpMethod> HANDLED_METHODS = Set.of(HttpMethod.HEAD, HttpMethod.OPTIONS, HttpMethod.GET);

public Handler<RoutingContext> quinoaProxyDevHandler(final QuinoaHandlerConfig handlerConfig, Supplier<Vertx> vertx,
String host, int port, boolean websocket) {
boolean tls, boolean tlsAllowInsecure, String host, int port, boolean websocket) {
logIgnoredPathPrefixes(handlerConfig.ignoredPathPrefixes);
return new QuinoaDevProxyHandler(handlerConfig, vertx.get(), host, port, websocket);
return new QuinoaDevProxyHandler(handlerConfig, vertx.get(), tls, tlsAllowInsecure, host, port, websocket);
}

public Handler<RoutingContext> quinoaSPARoutingHandler(final QuinoaHandlerConfig handlerConfig) throws IOException {
return new QuinoaSPARoutingHandler(handlerConfig);
}

public Handler<RoutingContext> quinoaHandler(final QuinoaHandlerConfig handlerConfig, final String directory,
final Set<String> uiResources) {
final Set<String> uiResources) {
logIgnoredPathPrefixes(handlerConfig.ignoredPathPrefixes);
return new QuinoaUIResourceHandler(handlerConfig, directory, uiResources);
}

static String resolvePath(RoutingContext ctx) {
return (ctx.mountPoint() == null) ? ctx.normalizedPath()
: ctx.normalizedPath().substring(
// let's be extra careful here in case Vert.x normalizes the mount points at
// some point
ctx.mountPoint().endsWith("/") ? ctx.mountPoint().length() - 1 : ctx.mountPoint().length());
// let's be extra careful here in case Vert.x normalizes the mount points at
// some point
ctx.mountPoint().endsWith("/") ? ctx.mountPoint().length() - 1 : ctx.mountPoint().length());
}

static boolean isIgnored(final String path, final List<String> ignoredPathPrefixes) {
Expand Down

0 comments on commit 80822ab

Please sign in to comment.