@aikidosec/broker-client 1.0.1 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +8 -3
- package/app/client.js +9 -37
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -55,9 +55,11 @@ Resource IDs are displayed in the Aikido UI when you register them.
|
|
|
55
55
|
|
|
56
56
|
**Optional:**
|
|
57
57
|
- `ALLOWED_INTERNAL_SUBNETS` - Comma-separated subnet whitelist (e.g., `10.0.0.0/8,172.16.0.0/12`)
|
|
58
|
-
- `DNS_SERVERS` - Custom DNS servers for internal hostname resolution
|
|
59
|
-
- `
|
|
60
|
-
- `HTTP_PROXY` -
|
|
58
|
+
- `DNS_SERVERS` - Custom DNS servers for internal hostname resolution (e.g., `8.8.8.8,8.8.4.4`)
|
|
59
|
+
- `NODE_EXTRA_CA_CERTS` - Path to custom CA certificate bundle for self-signed certificates (e.g., `/certs/corporate-ca.crt`)
|
|
60
|
+
- `HTTP_PROXY` - Proxy server for HTTP requests (e.g., `http://proxy.company.local:8080`)
|
|
61
|
+
- `HTTPS_PROXY` - Proxy server for HTTPS requests (e.g., `http://proxy.company.local:8080`)
|
|
62
|
+
- `ALL_PROXY` - Universal proxy fallback for all protocols if protocol-specific proxy is not set
|
|
61
63
|
|
|
62
64
|
## How It Works
|
|
63
65
|
|
|
@@ -74,6 +76,9 @@ Resource IDs are displayed in the Aikido UI when you register them.
|
|
|
74
76
|
CLIENT_SECRET=aikido_broker_123_123_123456789
|
|
75
77
|
ALLOWED_INTERNAL_SUBNETS=10.0.0.0/8,172.16.0.0/12
|
|
76
78
|
HTTP_PROXY=http://proxy.company.local:8080
|
|
79
|
+
HTTPS_PROXY=http://proxy.company.local:8080
|
|
80
|
+
NODE_EXTRA_CA_CERTS=/certs/corporate-ca.crt
|
|
81
|
+
DNS_SERVERS=10.0.0.1,10.0.0.2
|
|
77
82
|
```
|
|
78
83
|
|
|
79
84
|
After registering resources through the Aikido UI, they will be accessible via subdomains like:
|
package/app/client.js
CHANGED
|
@@ -35,42 +35,12 @@ const DNS_SERVERS = process.env.DNS_SERVERS
|
|
|
35
35
|
? process.env.DNS_SERVERS.split(',').map(s => s.trim()).filter(s => s)
|
|
36
36
|
: null;
|
|
37
37
|
|
|
38
|
-
// Optional: Custom CA certificate bundle for self-signed certificates
|
|
39
|
-
const CUSTOM_CA_BUNDLE = process.env.CUSTOM_CA_BUNDLE || null;
|
|
40
|
-
|
|
41
|
-
// Optional: HTTP proxy for outbound requests to internal resources
|
|
42
|
-
const HTTP_PROXY = process.env.HTTP_PROXY || null;
|
|
43
|
-
|
|
44
|
-
// Determine TLS verification setting
|
|
45
|
-
let httpsAgent = null;
|
|
46
|
-
if (CUSTOM_CA_BUNDLE) {
|
|
47
|
-
const https = await import('https');
|
|
48
|
-
const ca = fs.readFileSync(CUSTOM_CA_BUNDLE);
|
|
49
|
-
httpsAgent = new https.Agent({ ca });
|
|
50
|
-
log.info(`Using custom CA bundle: ${CUSTOM_CA_BUNDLE}`);
|
|
51
|
-
} else {
|
|
52
|
-
log.info("Using system CA certificates for TLS verification");
|
|
53
|
-
}
|
|
54
|
-
|
|
55
38
|
// Configure axios defaults
|
|
56
39
|
const axiosConfig = {
|
|
57
40
|
timeout: 30000,
|
|
58
|
-
maxRedirects: 5
|
|
59
|
-
httpsAgent
|
|
41
|
+
maxRedirects: 5
|
|
60
42
|
};
|
|
61
43
|
|
|
62
|
-
if (HTTP_PROXY) {
|
|
63
|
-
const proxyUrl = new URL(HTTP_PROXY);
|
|
64
|
-
axiosConfig.proxy = {
|
|
65
|
-
host: proxyUrl.hostname,
|
|
66
|
-
port: proxyUrl.port || 80,
|
|
67
|
-
protocol: proxyUrl.protocol
|
|
68
|
-
};
|
|
69
|
-
log.info(`Using HTTP proxy for internal requests: ${HTTP_PROXY}`);
|
|
70
|
-
} else {
|
|
71
|
-
log.info("No HTTP proxy configured for internal requests");
|
|
72
|
-
}
|
|
73
|
-
|
|
74
44
|
// Create axios instance for internal requests
|
|
75
45
|
const internalHttpClient = axios.create(axiosConfig);
|
|
76
46
|
|
|
@@ -407,11 +377,13 @@ async function registerWithServer() {
|
|
|
407
377
|
|
|
408
378
|
for (let attempt = 0; attempt < maxRetries; attempt++) {
|
|
409
379
|
try {
|
|
380
|
+
const axiosConfig = {
|
|
381
|
+
timeout: 10000
|
|
382
|
+
};
|
|
383
|
+
|
|
410
384
|
const response = await axios.post(serverUrl, {
|
|
411
385
|
client_secret: CLIENT_SECRET
|
|
412
|
-
},
|
|
413
|
-
timeout: 10000
|
|
414
|
-
});
|
|
386
|
+
}, axiosConfig);
|
|
415
387
|
|
|
416
388
|
if (response.status === 200) {
|
|
417
389
|
const clientId = response.data.client_id;
|
|
@@ -498,10 +470,10 @@ async function main() {
|
|
|
498
470
|
log.info(`Registered resources: ${Object.keys(registeredResources).length > 0 ? Object.keys(registeredResources).join(', ') : 'None'}`);
|
|
499
471
|
|
|
500
472
|
log.info(`Server URL: ${SERVER_URL}`);
|
|
501
|
-
if (HTTP_PROXY) {
|
|
502
|
-
log.info(`
|
|
473
|
+
if (process.env.HTTP_PROXY || process.env.HTTPS_PROXY) {
|
|
474
|
+
log.info(`Proxy configured: HTTP_PROXY=${process.env.HTTP_PROXY || 'not set'}, HTTPS_PROXY=${process.env.HTTPS_PROXY || 'not set'}`);
|
|
503
475
|
} else {
|
|
504
|
-
log.info("
|
|
476
|
+
log.info("Proxy: Not configured");
|
|
505
477
|
}
|
|
506
478
|
|
|
507
479
|
// Register with server (creates client_id file, waits for propagation)
|
package/package.json
CHANGED