Support pass-through proxies with HTTPS_PROXY env var (#1878)

We've simplified; HTTPS_PROXY or https_proxy is used for all requests.

We also require that only our self-signed certificates are used for
secure traffic. That rules out all SSL-terminating MITM proxies, since
we don't trust their root certificate.

Once we're sure that this system works for people, we'll improve config
on MacOS and Windows.

js/libtextsecure.js

@@ -37461,12 +37461,12 @@ var TextSecureServer = (function() {
     }
 
     function createSocket(url) {
-      var proxyUrl = window.getProxyForUrl(url);
+      var proxyUrl = window.config.proxyUrl;
       var requestOptions;
       if (proxyUrl) {
-        console.log('createSocket: using proxy url', proxyUrl);
         requestOptions = {
-            agent: ProxyAgent(proxyUrl)
+            ca: window.config.certificateAuthorities,
+            agent: new ProxyAgent(proxyUrl),
         };
       } else {
         requestOptions = {
@@ -37487,15 +37487,10 @@ var TextSecureServer = (function() {
         console.log(options.type, url);
         var timeout = typeof options.timeout !== 'undefined' ? options.timeout : 10000;
 
-        var proxyUrl = window.getProxyForUrl(url);
+        var proxyUrl = window.config.proxyUrl;
         var agent;
         if (proxyUrl) {
-            console.log('promixe_ajax: using proxy url', proxyUrl);
             agent = new ProxyAgent(proxyUrl);
-        } else {
-            agent = new httpsAgent({
-                ca: options.certificateAuthorities
-            });
         }
 
         var fetchOptions = {
@@ -37503,6 +37498,7 @@ var TextSecureServer = (function() {
           body: options.data || null,
           headers: { 'X-Signal-Agent': 'OWD' },
           agent: agent,
+          ca: options.certificateAuthorities,
           timeout: timeout,
         };
 

libtextsecure/api.js

@@ -25,12 +25,12 @@ var TextSecureServer = (function() {
     }
 
     function createSocket(url) {
-      var proxyUrl = window.getProxyForUrl(url);
+      var proxyUrl = window.config.proxyUrl;
       var requestOptions;
       if (proxyUrl) {
-        console.log('createSocket: using proxy url', proxyUrl);
         requestOptions = {
-            agent: ProxyAgent(proxyUrl)
+            ca: window.config.certificateAuthorities,
+            agent: new ProxyAgent(proxyUrl),
         };
       } else {
         requestOptions = {
@@ -51,15 +51,10 @@ var TextSecureServer = (function() {
         console.log(options.type, url);
         var timeout = typeof options.timeout !== 'undefined' ? options.timeout : 10000;
 
-        var proxyUrl = window.getProxyForUrl(url);
+        var proxyUrl = window.config.proxyUrl;
         var agent;
         if (proxyUrl) {
-            console.log('promixe_ajax: using proxy url', proxyUrl);
             agent = new ProxyAgent(proxyUrl);
-        } else {
-            agent = new httpsAgent({
-                ca: options.certificateAuthorities
-            });
         }
 
         var fetchOptions = {
@@ -67,6 +62,7 @@ var TextSecureServer = (function() {
           body: options.data || null,
           headers: { 'X-Signal-Agent': 'OWD' },
           agent: agent,
+          ca: options.certificateAuthorities,
           timeout: timeout,
         };
 

main.js

@@ -93,6 +93,7 @@ function prepareURL(pathSegments) {
       hostname: os.hostname(),
       appInstance: process.env.NODE_APP_INSTANCE,
       polyfillNotifications: polyfillNotifications ? true : undefined, // for stringify()
+      proxyUrl: process.env.HTTPS_PROXY || process.env.https_proxy,
     }
   })
 }

package.json

@@ -170,11 +170,10 @@
     "google-libphonenumber": "^3.0.7",
     "lodash": "^4.17.4",
     "mkdirp": "^0.5.1",
-    "node-fetch": "^1.7.3",
+    "node-fetch": "https://github.com/scottnonnenberg/node-fetch.git#3e5f51e08c647ee5f20c43b15cf2d352d61c36b4",
     "node-notifier": "^5.1.2",
     "os-locale": "^2.1.0",
     "proxy-agent": "^2.1.0",
-    "proxy-from-env": "^1.0.0",
     "rimraf": "^2.6.2",
     "semver": "^5.4.1",
     "spellchecker": "^3.4.3",

preload.js

@@ -42,6 +42,11 @@
   // We pull these dependencies in now, from here, because they have Node.js dependencies
 
   require('./js/logging');
+
+  if (window.config.proxyUrl) {
+    console.log('using proxy url', window.config.proxyUrl);
+  }
+
   require('./js/backup');
 
   window.nodeSetImmediate = setImmediate;
@@ -52,12 +57,10 @@
     window.nodeSetImmediate(function() {});
   }, 1000);
 
-  window.getProxyForUrl = require('proxy-from-env').getProxyForUrl;
   window.ProxyAgent = require('proxy-agent');
   window.EmojiConvertor = require('emoji-js');
   window.emojiData = require('emoji-datasource');
   window.nodeFetch = require('node-fetch');
-  window.httpsAgent = require('https').Agent;
   window.nodeBuffer = Buffer;
   window.EmojiPanel = require('emoji-panel');
   window.libphonenumber = require('google-libphonenumber').PhoneNumberUtil.getInstance();

yarn.lock

@@ -2689,9 +2689,9 @@ node-emoji@^1.8.1:
   dependencies:
     lodash.toarray "^4.4.0"
 
-node-fetch@^1.7.3:
+"node-fetch@https://github.com/scottnonnenberg/node-fetch.git#3e5f51e08c647ee5f20c43b15cf2d352d61c36b4":
   version "1.7.3"
-  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-1.7.3.tgz#980f6f72d85211a5347c6b2bc18c5b84c3eb47ef"
+  resolved "https://github.com/scottnonnenberg/node-fetch.git#3e5f51e08c647ee5f20c43b15cf2d352d61c36b4"
   dependencies:
     encoding "^0.1.11"
     is-stream "^1.0.1"
@@ -3181,10 +3181,6 @@ proxy-agent@^2.1.0:
     pac-proxy-agent "^2.0.0"
     socks-proxy-agent "2"
 
-proxy-from-env@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.0.0.tgz#33c50398f70ea7eb96d21f7b817630a55791c7ee"
-
 pseudomap@^1.0.1:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/pseudomap/-/pseudomap-1.0.2.tgz#f052a28da70e618917ef0a8ac34c1ae5a68286b3"