@aikidosec/broker-client 0.0.6 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +8 -3
- package/app/client.js +10 -38
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -55,9 +55,11 @@ Resource IDs are displayed in the Aikido UI when you register them.
|
|
|
55
55
|
|
|
56
56
|
**Optional:**
|
|
57
57
|
- `ALLOWED_INTERNAL_SUBNETS` - Comma-separated subnet whitelist (e.g., `10.0.0.0/8,172.16.0.0/12`)
|
|
58
|
-
- `DNS_SERVERS` - Custom DNS servers for internal hostname resolution
|
|
59
|
-
- `
|
|
60
|
-
- `HTTP_PROXY` -
|
|
58
|
+
- `DNS_SERVERS` - Custom DNS servers for internal hostname resolution (e.g., `8.8.8.8,8.8.4.4`)
|
|
59
|
+
- `NODE_EXTRA_CA_CERTS` - Path to custom CA certificate bundle for self-signed certificates (e.g., `/certs/corporate-ca.crt`)
|
|
60
|
+
- `HTTP_PROXY` - Proxy server for HTTP requests (e.g., `http://proxy.company.local:8080`)
|
|
61
|
+
- `HTTPS_PROXY` - Proxy server for HTTPS requests (e.g., `http://proxy.company.local:8080`)
|
|
62
|
+
- `ALL_PROXY` - Universal proxy fallback for all protocols if protocol-specific proxy is not set
|
|
61
63
|
|
|
62
64
|
## How It Works
|
|
63
65
|
|
|
@@ -74,6 +76,9 @@ Resource IDs are displayed in the Aikido UI when you register them.
|
|
|
74
76
|
CLIENT_SECRET=aikido_broker_123_123_123456789
|
|
75
77
|
ALLOWED_INTERNAL_SUBNETS=10.0.0.0/8,172.16.0.0/12
|
|
76
78
|
HTTP_PROXY=http://proxy.company.local:8080
|
|
79
|
+
HTTPS_PROXY=http://proxy.company.local:8080
|
|
80
|
+
NODE_EXTRA_CA_CERTS=/certs/corporate-ca.crt
|
|
81
|
+
DNS_SERVERS=10.0.0.1,10.0.0.2
|
|
77
82
|
```
|
|
78
83
|
|
|
79
84
|
After registering resources through the Aikido UI, they will be accessible via subdomains like:
|
package/app/client.js
CHANGED
|
@@ -35,42 +35,12 @@ const DNS_SERVERS = process.env.DNS_SERVERS
|
|
|
35
35
|
? process.env.DNS_SERVERS.split(',').map(s => s.trim()).filter(s => s)
|
|
36
36
|
: null;
|
|
37
37
|
|
|
38
|
-
// Optional: Custom CA certificate bundle for self-signed certificates
|
|
39
|
-
const CUSTOM_CA_BUNDLE = process.env.CUSTOM_CA_BUNDLE || null;
|
|
40
|
-
|
|
41
|
-
// Optional: HTTP proxy for outbound requests to internal resources
|
|
42
|
-
const HTTP_PROXY = process.env.HTTP_PROXY || null;
|
|
43
|
-
|
|
44
|
-
// Determine TLS verification setting
|
|
45
|
-
let httpsAgent = null;
|
|
46
|
-
if (CUSTOM_CA_BUNDLE) {
|
|
47
|
-
const https = await import('https');
|
|
48
|
-
const ca = fs.readFileSync(CUSTOM_CA_BUNDLE);
|
|
49
|
-
httpsAgent = new https.Agent({ ca });
|
|
50
|
-
log.info(`Using custom CA bundle: ${CUSTOM_CA_BUNDLE}`);
|
|
51
|
-
} else {
|
|
52
|
-
log.info("Using system CA certificates for TLS verification");
|
|
53
|
-
}
|
|
54
|
-
|
|
55
38
|
// Configure axios defaults
|
|
56
39
|
const axiosConfig = {
|
|
57
40
|
timeout: 30000,
|
|
58
|
-
maxRedirects: 5
|
|
59
|
-
httpsAgent
|
|
41
|
+
maxRedirects: 5
|
|
60
42
|
};
|
|
61
43
|
|
|
62
|
-
if (HTTP_PROXY) {
|
|
63
|
-
const proxyUrl = new URL(HTTP_PROXY);
|
|
64
|
-
axiosConfig.proxy = {
|
|
65
|
-
host: proxyUrl.hostname,
|
|
66
|
-
port: proxyUrl.port || 80,
|
|
67
|
-
protocol: proxyUrl.protocol
|
|
68
|
-
};
|
|
69
|
-
log.info(`Using HTTP proxy for internal requests: ${HTTP_PROXY}`);
|
|
70
|
-
} else {
|
|
71
|
-
log.info("No HTTP proxy configured for internal requests");
|
|
72
|
-
}
|
|
73
|
-
|
|
74
44
|
// Create axios instance for internal requests
|
|
75
45
|
const internalHttpClient = axios.create(axiosConfig);
|
|
76
46
|
|
|
@@ -407,11 +377,13 @@ async function registerWithServer() {
|
|
|
407
377
|
|
|
408
378
|
for (let attempt = 0; attempt < maxRetries; attempt++) {
|
|
409
379
|
try {
|
|
380
|
+
const axiosConfig = {
|
|
381
|
+
timeout: 10000
|
|
382
|
+
};
|
|
383
|
+
|
|
410
384
|
const response = await axios.post(serverUrl, {
|
|
411
385
|
client_secret: CLIENT_SECRET
|
|
412
|
-
},
|
|
413
|
-
timeout: 10000
|
|
414
|
-
});
|
|
386
|
+
}, axiosConfig);
|
|
415
387
|
|
|
416
388
|
if (response.status === 200) {
|
|
417
389
|
const clientId = response.data.client_id;
|
|
@@ -472,7 +444,7 @@ async function registerWithServer() {
|
|
|
472
444
|
* Runs continuously while client is connected.
|
|
473
445
|
*/
|
|
474
446
|
async function resourceSyncTask() {
|
|
475
|
-
await new Promise(resolve => setTimeout(resolve, 15000)); //
|
|
447
|
+
await new Promise(resolve => setTimeout(resolve, 15000)); // Small initial delay before first sync
|
|
476
448
|
|
|
477
449
|
while (true) {
|
|
478
450
|
try {
|
|
@@ -498,10 +470,10 @@ async function main() {
|
|
|
498
470
|
log.info(`Registered resources: ${Object.keys(registeredResources).length > 0 ? Object.keys(registeredResources).join(', ') : 'None'}`);
|
|
499
471
|
|
|
500
472
|
log.info(`Server URL: ${SERVER_URL}`);
|
|
501
|
-
if (HTTP_PROXY) {
|
|
502
|
-
log.info(`
|
|
473
|
+
if (process.env.HTTP_PROXY || process.env.HTTPS_PROXY) {
|
|
474
|
+
log.info(`Proxy configured: HTTP_PROXY=${process.env.HTTP_PROXY || 'not set'}, HTTPS_PROXY=${process.env.HTTPS_PROXY || 'not set'}`);
|
|
503
475
|
} else {
|
|
504
|
-
log.info("
|
|
476
|
+
log.info("Proxy: Not configured");
|
|
505
477
|
}
|
|
506
478
|
|
|
507
479
|
// Register with server (creates client_id file, waits for propagation)
|
package/package.json
CHANGED