From a5bb6028869ec8092c8fec5c12ab48c47899da7f Mon Sep 17 00:00:00 2001 From: Bin Li Date: Fri, 20 Sep 2024 14:42:40 -0400 Subject: [PATCH 1/3] add authentication,selfsigned cert,proxy support --- lib/gemirro/http.rb | 30 +++++++++++++++++++++++++++++- template/config.rb | 18 ++++++++++++++++++ 2 files changed, 47 insertions(+), 1 deletion(-) diff --git a/lib/gemirro/http.rb b/lib/gemirro/http.rb index 14b0a11..79e6075 100644 --- a/lib/gemirro/http.rb +++ b/lib/gemirro/http.rb @@ -29,7 +29,35 @@ def self.get(url) # @return [HTTPClient] # def self.client - @client ||= HTTPClient.new + client ||= HTTPClient.new + config = Utils.configuration + if defined?(config.upstream_user) + user = config.upstream_user + password = config.upstream_password + domain = config.upstream_domain + client.set_auth(domain, user, password) + end + + if defined?(config.proxy) + proxy = config.proxy + client.proxy=(proxy) + end + + # Use my own ca file for self signed cert + if defined?(config.rootca) + abort "The configuration file #{config.rootca} does not exist" unless File.file?(config.rootca) + client.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_PEER + client.ssl_config.set_trust_ca(config.rootca) + elsif defined?(config.verify_mode) + client.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE unless config.verify_mode + end + + # Enforece base auth + if defined?(config.basic_auth) + client.force_basic_auth=(true) if config.basic_auth + # client.www_auth.reset_challenge() + end + @client = client end end end diff --git a/template/config.rb b/template/config.rb index ac9627f..e997a43 100644 --- a/template/config.rb +++ b/template/config.rb @@ -32,6 +32,24 @@ # # fetch_gem false + # If upstream repository requires authentication + # upstream_user 'username' + # upstream_password 'password' + # upstream_domain 'https://internal.com' + + # Enforce the the base_auth + # basic_auth true + + # Set the proxy server if behind the firewall + # proxy 'http://proxy.internal.com:80' + + # Root CA cert location if additional root ca is added + # This will overwrite verfiy_mode. use PEER as default + # rootca '/etc/root_ca.crt' + + # Not verify certificate in case the proxy has self-signed cert + # verify_mode false + # You must define a source which where gems will be downloaded. # All gem in the block will be downloaded with the update command. # Other gems will be downloaded with the server. From 75717ec19df526c4ddf7e188654ba74383347f36 Mon Sep 17 00:00:00 2001 From: GoT Date: Thu, 10 Oct 2024 13:46:27 +0200 Subject: [PATCH 2/3] typo: fix enforece to enforce --- lib/gemirro/http.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/gemirro/http.rb b/lib/gemirro/http.rb index 79e6075..bdc2086 100644 --- a/lib/gemirro/http.rb +++ b/lib/gemirro/http.rb @@ -52,7 +52,7 @@ def self.client client.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE unless config.verify_mode end - # Enforece base auth + # Enforce base auth if defined?(config.basic_auth) client.force_basic_auth=(true) if config.basic_auth # client.www_auth.reset_challenge() From 59e7e9df62a2228e64434dbe4720cb254c9b8abb Mon Sep 17 00:00:00 2001 From: GoT Date: Thu, 10 Oct 2024 13:46:39 +0200 Subject: [PATCH 3/3] refactor: remove unneeded comment --- lib/gemirro/http.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/gemirro/http.rb b/lib/gemirro/http.rb index bdc2086..b39110c 100644 --- a/lib/gemirro/http.rb +++ b/lib/gemirro/http.rb @@ -55,7 +55,6 @@ def self.client # Enforce base auth if defined?(config.basic_auth) client.force_basic_auth=(true) if config.basic_auth - # client.www_auth.reset_challenge() end @client = client end