Merge pull request #88 from bli111/authentication

add authentication, selfsigned cert,proxy support
PierreRambaud · Oct 10, 2024 · 246a572 · 246a572
2 parents b5d6684 + 59e7e9d
commit 246a572
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 1 deletion.
diff --git a/lib/gemirro/http.rb b/lib/gemirro/http.rb
@@ -29,7 +29,34 @@ def self.get(url)
     # @return [HTTPClient]
     #
     def self.client
-      @client ||= HTTPClient.new
+      client ||= HTTPClient.new
+      config = Utils.configuration
+      if defined?(config.upstream_user)
+        user = config.upstream_user
+        password = config.upstream_password
+        domain = config.upstream_domain
+        client.set_auth(domain, user, password)
+      end
+
+      if defined?(config.proxy)
+        proxy = config.proxy
+        client.proxy=(proxy)
+      end
+
+      # Use my own ca file for self signed cert
+      if defined?(config.rootca)
+          abort "The configuration file #{config.rootca} does not exist" unless File.file?(config.rootca)
+          client.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_PEER
+          client.ssl_config.set_trust_ca(config.rootca)
+      elsif defined?(config.verify_mode)
+        client.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE unless config.verify_mode
+      end
+
+      # Enforce base auth
+      if defined?(config.basic_auth)
+        client.force_basic_auth=(true) if config.basic_auth
+      end
+      @client = client
     end
   end
 end
diff --git a/template/config.rb b/template/config.rb
@@ -32,6 +32,24 @@
   #
   # fetch_gem false
 
+  # If upstream repository requires authentication
+  # upstream_user 'username'
+  # upstream_password 'password'
+  # upstream_domain 'https://internal.com'
+
+  # Enforce the the base_auth
+  # basic_auth true
+
+  # Set the proxy server if behind the firewall
+  # proxy 'http://proxy.internal.com:80'
+
+  # Root CA cert location if additional root ca is added
+  # This will overwrite verfiy_mode. use PEER as default
+  # rootca '/etc/root_ca.crt'
+
+  # Not verify certificate in case the proxy has self-signed cert
+  # verify_mode false
+
   # You must define a source which where gems will be downloaded.
   # All gem in the block will be downloaded with the update command.
   # Other gems will be downloaded with the server.