mirror of
https://github.com/mattermost/mattermost.git
synced 2025-02-25 18:55:24 -06:00
PLT-5705 Created a single source of http.Client creation logic with internet proxy support, reasonable timeouts and optional insecure connections (#6503)
This commit is contained in:
Torsten Juergeleit
committed by
Harrison Healey
Harrison Healey
parent
ddc996f33f
commit
fdf1164aee
60
utils/httpclient.go
Normal file
60
utils/httpclient.go
Normal file
@@ -0,0 +1,60 @@
|
||||
// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
|
||||
// See License.txt for license information.
|
||||
|
||||
package utils
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"net"
|
||||
"net/http"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
connectTimeout = 3 * time.Second
|
||||
requestTimeout = 5 * time.Second
|
||||
)
|
||||
|
||||
// HttpClient returns a variation the default implementation of Client.
|
||||
// It uses a Transport with the same settings as the default Transport
|
||||
// but with the following modifications:
|
||||
// - shorter timeout for dial and TLS handshake (defined as constant
|
||||
// "connectTimeout")
|
||||
// - timeout for the end-to-end request (defined as constant
|
||||
// "requestTimeout")
|
||||
// - skipping server certificate check if specified in "config.json"
|
||||
// via "ServiceSettings.EnableInsecureOutgoingConnections"
|
||||
func HttpClient() *http.Client {
|
||||
if Cfg.ServiceSettings.EnableInsecureOutgoingConnections != nil && *Cfg.ServiceSettings.EnableInsecureOutgoingConnections {
|
||||
return insecureHttpClient
|
||||
}
|
||||
return secureHttpClient
|
||||
}
|
||||
|
||||
var (
|
||||
secureHttpClient = createHttpClient(false)
|
||||
insecureHttpClient = createHttpClient(true)
|
||||
)
|
||||
|
||||
func createHttpClient(enableInsecureConnections bool) *http.Client {
|
||||
client := &http.Client{
|
||||
Transport: &http.Transport{
|
||||
Proxy: http.ProxyFromEnvironment,
|
||||
DialContext: (&net.Dialer{
|
||||
Timeout: connectTimeout,
|
||||
KeepAlive: 30 * time.Second,
|
||||
DualStack: true,
|
||||
}).DialContext,
|
||||
MaxIdleConns: 100,
|
||||
IdleConnTimeout: 90 * time.Second,
|
||||
TLSHandshakeTimeout: connectTimeout,
|
||||
ExpectContinueTimeout: 1 * time.Second,
|
||||
TLSClientConfig: &tls.Config{
|
||||
InsecureSkipVerify: enableInsecureConnections,
|
||||
},
|
||||
},
|
||||
Timeout: requestTimeout,
|
||||
}
|
||||
|
||||
return client
|
||||
}
|
||||
42
utils/httpclient_test.go
Normal file
42
utils/httpclient_test.go
Normal file
@@ -0,0 +1,42 @@
|
||||
// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
|
||||
// See License.txt for license information.
|
||||
|
||||
package utils
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"os"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestHttpClientWithProxy(t *testing.T) {
|
||||
proxy := createProxyServer()
|
||||
defer proxy.Close()
|
||||
os.Setenv("HTTP_PROXY", proxy.URL)
|
||||
|
||||
client := HttpClient()
|
||||
resp, err := client.Get("http://acme.com")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
body, err := ioutil.ReadAll(resp.Body)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if string(body) != "proxy" {
|
||||
t.FailNow()
|
||||
}
|
||||
}
|
||||
|
||||
func createProxyServer() *httptest.Server {
|
||||
return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(200)
|
||||
w.Header().Set("Content-Type", "text/plain; charset=us-ascii")
|
||||
fmt.Fprint(w, "proxy")
|
||||
}))
|
||||
}
|
||||
Reference in New Issue
Block a user