From e2f7949bd12d5a632f7ce10f332e0fdfadab94e9 Mon Sep 17 00:00:00 2001 From: Yann Le Moigne Date: Sat, 15 Jun 2024 04:29:16 +0200 Subject: [PATCH] Fix #682: Add tls support to real forwarder --- .../deployment/ForwardedDevProcessor.java | 10 +++--- .../deployment/config/DevServerConfig.java | 4 +-- .../items/ForwardedDevServerBuildItem.java | 14 +++++++- .../ROOT/pages/includes/quarkus-quinoa.adoc | 33 ++++++++++++++++++- .../quinoa/QuinoaDevProxyHandler.java | 13 ++++++-- .../io/quarkiverse/quinoa/QuinoaRecorder.java | 4 +-- 6 files changed, 66 insertions(+), 12 deletions(-) diff --git a/deployment/src/main/java/io/quarkiverse/quinoa/deployment/ForwardedDevProcessor.java b/deployment/src/main/java/io/quarkiverse/quinoa/deployment/ForwardedDevProcessor.java index 0be94ba5..8815d498 100644 --- a/deployment/src/main/java/io/quarkiverse/quinoa/deployment/ForwardedDevProcessor.java +++ b/deployment/src/main/java/io/quarkiverse/quinoa/deployment/ForwardedDevProcessor.java @@ -99,7 +99,8 @@ public ForwardedDevServerBuildItem prepareDevService( devServerConfig.host(), devServerConfig.port().get(), checkPath); - return new ForwardedDevServerBuildItem(resolvedDevServerHost, devServerConfig.port().get()); + return new ForwardedDevServerBuildItem(devServerConfig.tls(), devServerConfig.tlsAllowInsecure(), + resolvedDevServerHost, devServerConfig.port().get()); } shutdownDevService(); } @@ -125,7 +126,7 @@ public ForwardedDevServerBuildItem prepareDevService( final String resolvedHostIPAddress = PackageManagerRunner.isDevServerUp(configuredTls, configuredTlsAllowInsecure, configuredDevServerHost, port, checkPath); if (resolvedHostIPAddress != null) { - return new ForwardedDevServerBuildItem(resolvedHostIPAddress, port); + return new ForwardedDevServerBuildItem(configuredTls, configuredTlsAllowInsecure, resolvedHostIPAddress, port); } else { throw new IllegalStateException( "The Web UI dev server (configured as not managed by Quinoa) is not started on port: " + port); @@ -161,7 +162,7 @@ public ForwardedDevServerBuildItem prepareDevService( devService = new DevServicesResultBuildItem.RunningDevService( DEV_SERVICE_NAME, null, onClose, devServerConfigMap); devServices.produce(devService.toBuildItem()); - return new ForwardedDevServerBuildItem(devServer.hostIPAddress(), port); + return new ForwardedDevServerBuildItem(configuredTls, configuredTlsAllowInsecure, devServer.hostIPAddress(), port); } catch (Throwable t) { packageManagerRunner.stopDev(dev.get()); if (devServer != null) { @@ -206,7 +207,8 @@ public void runtimeInit( LOG.infof("Quinoa is forwarding unhandled requests to port: %d", devProxy.get().getPort()); final QuinoaDevProxyHandlerConfig handlerConfig = toDevProxyHandlerConfig(quinoaConfig, httpBuildTimeConfig); routes.produce(RouteBuildItem.builder().orderedRoute("/*", QUINOA_ROUTE_ORDER) - .handler(recorder.quinoaProxyDevHandler(handlerConfig, vertx.getVertx(), devProxy.get().getHost(), + .handler(recorder.quinoaProxyDevHandler(handlerConfig, vertx.getVertx(), devProxy.get().isTls(), + devProxy.get().isTlsAllowInsecure(), devProxy.get().getHost(), devProxy.get().getPort(), quinoaConfig.devServer().websocket())) .build()); diff --git a/deployment/src/main/java/io/quarkiverse/quinoa/deployment/config/DevServerConfig.java b/deployment/src/main/java/io/quarkiverse/quinoa/deployment/config/DevServerConfig.java index 9a86dc78..a7a961c6 100644 --- a/deployment/src/main/java/io/quarkiverse/quinoa/deployment/config/DevServerConfig.java +++ b/deployment/src/main/java/io/quarkiverse/quinoa/deployment/config/DevServerConfig.java @@ -41,13 +41,13 @@ public interface DevServerConfig { String host(); /** - * Protocol of the server to forward requests to. + * When set to true, Quinoa requests will be forwarded with tls enabled. */ @WithDefault("false") boolean tls(); /** - * Protocol of the server to forward requests to. + * When set to true, Quinoa will accept any certificate with any hostname. */ @WithDefault("false") boolean tlsAllowInsecure(); diff --git a/deployment/src/main/java/io/quarkiverse/quinoa/deployment/items/ForwardedDevServerBuildItem.java b/deployment/src/main/java/io/quarkiverse/quinoa/deployment/items/ForwardedDevServerBuildItem.java index 71ea8458..a202cb3d 100644 --- a/deployment/src/main/java/io/quarkiverse/quinoa/deployment/items/ForwardedDevServerBuildItem.java +++ b/deployment/src/main/java/io/quarkiverse/quinoa/deployment/items/ForwardedDevServerBuildItem.java @@ -4,14 +4,26 @@ public final class ForwardedDevServerBuildItem extends SimpleBuildItem { + private final boolean tls; + private final boolean tlsAllowInsecure; private final String host; private final Integer port; - public ForwardedDevServerBuildItem(String host, Integer port) { + public ForwardedDevServerBuildItem(boolean tls, boolean tlsAllowInsecure, String host, Integer port) { + this.tls = tls; + this.tlsAllowInsecure = tlsAllowInsecure; this.host = host; this.port = port; } + public boolean isTls() { + return tls; + } + + public boolean isTlsAllowInsecure() { + return tlsAllowInsecure; + } + public String getHost() { return host; } diff --git a/docs/modules/ROOT/pages/includes/quarkus-quinoa.adoc b/docs/modules/ROOT/pages/includes/quarkus-quinoa.adoc index d6c180ba..2c81bbcf 100644 --- a/docs/modules/ROOT/pages/includes/quarkus-quinoa.adoc +++ b/docs/modules/ROOT/pages/includes/quarkus-quinoa.adoc @@ -519,6 +519,37 @@ endif::add-copy-button-to-env-var[] --|boolean |`true` +a|icon:lock[title=Fixed at build time] [[quarkus-quinoa_quarkus-quinoa-dev-server-tls]]`link:#quarkus-quinoa_quarkus-quinoa-dev-server-tls[quarkus.quinoa.dev-server.tls]` + + +[.description] +-- +When set to true, Quinoa requests will be forwarded with tls enabled. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_QUINOA_DEV_SERVER_TLS+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_QUINOA_DEV_SERVER_TLS+++` +endif::add-copy-button-to-env-var[] +--|boolean +|`false` + +a|icon:lock[title=Fixed at build time] [[quarkus-quinoa_quarkus-quinoa-dev-server-tls-allow-insecure]]`link:#quarkus-quinoa_quarkus-quinoa-dev-server-tls-allow-insecure[quarkus.quinoa.dev-server.tls.allow-insecure]` + + +[.description] +-- +When set to true, Quinoa will accept any certificate with any hostname. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_QUINOA_DEV_SERVER_TLS_ALLOW_INSECURE+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_QUINOA_DEV_SERVER_TLS_ALLOW_INSECURE+++` +endif::add-copy-button-to-env-var[] +--|boolean +|`false` a|icon:lock[title=Fixed at build time] [[quarkus-quinoa_quarkus-quinoa-dev-server-port]]`link:#quarkus-quinoa_quarkus-quinoa-dev-server-port[quarkus.quinoa.dev-server.port]` @@ -745,4 +776,4 @@ endif::add-copy-button-to-env-var[] | -|=== \ No newline at end of file +|=== diff --git a/runtime/src/main/java/io/quarkiverse/quinoa/QuinoaDevProxyHandler.java b/runtime/src/main/java/io/quarkiverse/quinoa/QuinoaDevProxyHandler.java index 973a625f..af609dea 100644 --- a/runtime/src/main/java/io/quarkiverse/quinoa/QuinoaDevProxyHandler.java +++ b/runtime/src/main/java/io/quarkiverse/quinoa/QuinoaDevProxyHandler.java @@ -7,6 +7,7 @@ import java.util.List; +import io.vertx.ext.web.client.WebClientOptions; import org.jboss.logging.Logger; import io.vertx.core.AsyncResult; @@ -36,11 +37,19 @@ class QuinoaDevProxyHandler implements Handler { private final ClassLoader currentClassLoader; private final QuinoaDevProxyHandlerConfig config; - QuinoaDevProxyHandler(final QuinoaDevProxyHandlerConfig config, final Vertx vertx, String host, int port, + QuinoaDevProxyHandler(final QuinoaDevProxyHandlerConfig config, final Vertx vertx, boolean tls, boolean tlsAllowInsecure,String host, int port, boolean websocket) { this.host = host; this.port = port; - this.client = WebClient.create(vertx); + WebClientOptions options = new WebClientOptions(); + if(tls){ + options.setSsl(true); + if(tlsAllowInsecure){ + options.setTrustAll(true); + options.setVerifyHost(false); + } + } + this.client = WebClient.create(vertx, options); this.wsUpgradeHandler = websocket ? new QuinoaDevWebSocketProxyHandler(vertx, host, port) : null; this.config = config; currentClassLoader = Thread.currentThread().getContextClassLoader(); diff --git a/runtime/src/main/java/io/quarkiverse/quinoa/QuinoaRecorder.java b/runtime/src/main/java/io/quarkiverse/quinoa/QuinoaRecorder.java index d3401e53..1ac4cc72 100644 --- a/runtime/src/main/java/io/quarkiverse/quinoa/QuinoaRecorder.java +++ b/runtime/src/main/java/io/quarkiverse/quinoa/QuinoaRecorder.java @@ -26,12 +26,12 @@ public class QuinoaRecorder { public static final Set HANDLED_METHODS = Set.of(HttpMethod.HEAD, HttpMethod.OPTIONS, HttpMethod.GET); public Handler quinoaProxyDevHandler(final QuinoaDevProxyHandlerConfig handlerConfig, Supplier vertx, - String host, int port, boolean websocket) { + boolean tls, boolean tlsAllowInsecure, String host, int port, boolean websocket) { if (LOG.isDebugEnabled()) { LOG.debugf("Quinoa dev proxy-handler is ignoring paths starting with: " + String.join(", ", handlerConfig.ignoredPathPrefixes)); } - return new QuinoaDevProxyHandler(handlerConfig, vertx.get(), host, port, websocket); + return new QuinoaDevProxyHandler(handlerConfig, vertx.get(), tls, tlsAllowInsecure, host, port, websocket); } public Handler quinoaSPARoutingHandler(List ignoredPathPrefixes) throws IOException {