@infoxchange/make-it-so 2.12.0-internal-testing-odic-verify-proxy-fix.1 → 2.12.0-internal-testing-odic-verify-proxy-fix.2

package/dist/lib/auth/oidc.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/oidc.ts"],"names":[],"mappings":"AACA,OAAO,EAAsB,UAAU,EAAa,MAAM,MAAM,CAAC;AAEjE,KAAK,uBAAuB,CAAC,UAAU,SAAS,OAAO,GAAG,KAAK,IAAI;IACjE,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB,CAAC;AAEF;;;;;;;;;GASG;AACH,wBAAsB,iBAAiB,CAAC,UAAU,SAAS,OAAO,GAAG,KAAK,EAAE,EAC1E,KAAK,EACL,SAAS,EACT,QAAQ,EACR,UAAU,GACX,EAAE,uBAAuB,CAAC,UAAU,CAAC,GAAG,OAAO,CAC9C,UAAU,SAAS,IAAI,GAEf;IAAE,KAAK,EAAE,KAAK,GAAG,OAAO,CAAC;IAAC,OAAO,EAAE,IAAI,CAAA;CAAE,GACzC;IAAE,KAAK,EAAE,IAAI,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,GACxC,UAAU,CACf,CA6CA"}
+{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/oidc.ts"],"names":[],"mappings":"AACA,OAAO,EAAsB,UAAU,EAAa,MAAM,MAAM,CAAC;AAEjE,KAAK,uBAAuB,CAAC,UAAU,SAAS,OAAO,GAAG,KAAK,IAAI;IACjE,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB,CAAC;AAEF;;;;;;;;;GASG;AACH,wBAAsB,iBAAiB,CAAC,UAAU,SAAS,OAAO,GAAG,KAAK,EAAE,EAC1E,KAAK,EACL,SAAS,EACT,QAAQ,EACR,UAAU,GACX,EAAE,uBAAuB,CAAC,UAAU,CAAC,GAAG,OAAO,CAC9C,UAAU,SAAS,IAAI,GAEf;IAAE,KAAK,EAAE,KAAK,GAAG,OAAO,CAAC;IAAC,OAAO,EAAE,IAAI,CAAA;CAAE,GACzC;IAAE,KAAK,EAAE,IAAI,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,GACxC,UAAU,CACf,CA+CA"}

package/dist/lib/auth/oidc.js

@@ -12,7 +12,9 @@ import { createRemoteJWKSet, jwtVerify } from "jose";
  */
 export async function verifyAccessToken({ token, issuerUrl, audience, safeVerify, }) {
     try {
+        console.debug("Discovered JWKS URI aa:", issuerUrl);
         const issuer = await Issuer.discover(issuerUrl);
+        console.debug("Discovered JWKS URI aa 2");
         const jwksUri = issuer.metadata.jwks_uri;
         if (!jwksUri) {
             throw new Error("JWKS URI not found in issuer metadata");

package/dist/lib/proxy/fetch.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"fetch.d.ts","sourceRoot":"","sources":["../../../src/lib/proxy/fetch.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,IAAI,WAAW,EACrB,MAAM,QAAQ,CAAC;AAEhB,wBAAgB,kBAAkB,SAKjC;AAED,wBAAgB,eAAe,uBAW9B"}
+{"version":3,"file":"fetch.d.ts","sourceRoot":"","sources":["../../../src/lib/proxy/fetch.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,IAAI,WAAW,EACrB,MAAM,QAAQ,CAAC;AAGhB,wBAAgB,kBAAkB,SAcjC;AAED,wBAAgB,eAAe,uBAY9B"}

package/dist/lib/proxy/fetch.js

@@ -1,12 +1,22 @@
 import { setGlobalDispatcher, EnvHttpProxyAgent, fetch as undiciFetch, } from "undici";
+import { bootstrap } from "global-agent";
 export function setupProxyGlobally() {
+    // To cover libraries that use fetch
     // See https://nodejs.org/api/globals.html#custom-dispatcher
     // This might stop being needed at some point: https://github.com/actions/create-github-app-token/pull/143#discussion_r1747641337
     const envHttpProxyAgent = new EnvHttpProxyAgent();
     setGlobalDispatcher(envHttpProxyAgent);
+    // To cover libraries that use the http/https object
+    if (!process.env.GLOBAL_AGENT_HTTP_PROXY) {
+        process.env.GLOBAL_AGENT_HTTP_PROXY = process.env.HTTP_PROXY;
+        process.env.GLOBAL_AGENT_HTTPS_PROXY =
+            process.env.HTTPS_PROXY ?? process.env.HTTP_PROXY;
+    }
+    bootstrap();
 }
 export function getProxiedFetch() {
     const fetch = (input, init = {}) => {
+        console.log("Using proxied fetch for request to:", input);
         if (init.dispatcher) {
             console.warn("A custom dispatcher was provided to fetch but this is ignored as a proxy agent is being used.");
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@infoxchange/make-it-so",
-  "version": "2.12.0-internal-testing-odic-verify-proxy-fix.1",
+  "version": "2.12.0-internal-testing-odic-verify-proxy-fix.2",
   "description": "Makes deploying services to IX infra easy",
   "repository": "github:infoxchange/make-it-so",
   "type": "module",
@@ -33,6 +33,7 @@
     "@eslint/js": "^9.3.0",
     "@tsconfig/node21": "^21.0.3",
     "@types/aws-cloudfront-function": "^1.0.6",
+    "@types/global-agent": "^3.0.0",
     "@types/jsonwebtoken": "^9.0.10",
     "aws-cdk-lib": "2.142.1",
     "constructs": "^10.3.0",
@@ -54,6 +55,7 @@
     "sst": "^2.0.0"
   },
   "dependencies": {
+    "global-agent": "^3.0.0",
     "jsonwebtoken": "^9.0.2",
     "undici": "^7.16.0",
     "zod": "^3.24.2"

package/src/lib/auth/oidc.ts

@@ -31,7 +31,9 @@ export async function verifyAccessToken<SafeVerify extends boolean = false>({
     : JWTPayload
 > {
   try {
+    console.debug("Discovered JWKS URI aa:", issuerUrl);
     const issuer = await Issuer.discover(issuerUrl);
+    console.debug("Discovered JWKS URI aa 2");
     const jwksUri = issuer.metadata.jwks_uri;
     if (!jwksUri) {
       throw new Error("JWKS URI not found in issuer metadata");

package/src/lib/proxy/fetch.ts

@@ -3,16 +3,27 @@ import {
   EnvHttpProxyAgent,
   fetch as undiciFetch,
 } from "undici";
+import { bootstrap } from "global-agent";
 
 export function setupProxyGlobally() {
+  // To cover libraries that use fetch
   // See https://nodejs.org/api/globals.html#custom-dispatcher
   // This might stop being needed at some point: https://github.com/actions/create-github-app-token/pull/143#discussion_r1747641337
   const envHttpProxyAgent = new EnvHttpProxyAgent();
   setGlobalDispatcher(envHttpProxyAgent);
+
+  // To cover libraries that use the http/https object
+  if (!process.env.GLOBAL_AGENT_HTTP_PROXY) {
+    process.env.GLOBAL_AGENT_HTTP_PROXY = process.env.HTTP_PROXY;
+    process.env.GLOBAL_AGENT_HTTPS_PROXY =
+      process.env.HTTPS_PROXY ?? process.env.HTTP_PROXY;
+  }
+  bootstrap();
 }
 
 export function getProxiedFetch() {
   const fetch: typeof undiciFetch = (input, init = {}) => {
+    console.log("Using proxied fetch for request to:", input);
     if (init.dispatcher) {
       console.warn(
         "A custom dispatcher was provided to fetch but this is ignored as a proxy agent is being used.",