From ae902b9dd1a91a634c8f30c79c8dad5157b1da10 Mon Sep 17 00:00:00 2001
From: Anmol Sethi <hi@nhooyr.io>
Date: Fri, 18 Dec 2020 10:38:00 -0500
Subject: [PATCH] proxy_agent: Use proxy-from-env for robustness

Now we support pretty much every variable under the sun along with
$NO_PROXY all correctly and with minimal code on our end.
---
 lib/vscode/package.json |  2 ++
 lib/vscode/yarn.lock    |  7 +++++
 package.json            |  2 ++
 src/node/proxy_agent.ts | 61 +++++++++++++++++++++++++----------------
 yarn.lock               |  9 +++++-
 5 files changed, 57 insertions(+), 24 deletions(-)

diff --git a/lib/vscode/package.json b/lib/vscode/package.json
index b5b0612d..97ad6b92 100644
--- a/lib/vscode/package.json
+++ b/lib/vscode/package.json
@@ -65,6 +65,7 @@
     "native-watchdog": "1.3.0",
     "node-pty": "0.10.0-beta17",
     "proxy-agent": "^4.0.0",
+    "proxy-from-env": "^1.1.0",
     "rimraf": "^2.2.8",
     "spdlog": "^0.11.1",
     "sudo-prompt": "9.1.1",
@@ -95,6 +96,7 @@
     "@types/minimist": "^1.2.0",
     "@types/mocha": "2.2.39",
     "@types/node": "^12.11.7",
+    "@types/proxy-from-env": "^1.0.1",
     "@types/sinon": "^1.16.36",
     "@types/trusted-types": "^1.0.6",
     "@types/vscode-windows-registry": "^1.0.0",
diff --git a/lib/vscode/yarn.lock b/lib/vscode/yarn.lock
index c73be6d8..b0befe0e 100644
--- a/lib/vscode/yarn.lock
+++ b/lib/vscode/yarn.lock
@@ -302,6 +302,13 @@
   resolved "https://registry.yarnpkg.com/@types/node/-/node-13.13.28.tgz#b6d0628b0371d6c629d729c98322de314b640219"
   integrity sha512-EM/qFeRH8ZCD+TlsaIPULyyFm9vOhFIvgskY2JmHbEsWsOPgN+rtjSXrcHGgJpob4Nu17VfO95FKewr0XY7iOQ==
 
+"@types/proxy-from-env@^1.0.1":
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/@types/proxy-from-env/-/proxy-from-env-1.0.1.tgz#b5f3e99230ca4518af196c18267055fc51f892b7"
+  integrity sha512-luG++TFHyS61eKcfkR1CVV6a1GMNXDjtqEQIIfaSHax75xp0HU3SlezjOi1yqubJwrG8e9DeW59n6wTblIDwFg==
+  dependencies:
+    "@types/node" "*"
+
 "@types/semver@^5.4.0", "@types/semver@^5.5.0":
   version "5.5.0"
   resolved "https://registry.yarnpkg.com/@types/semver/-/semver-5.5.0.tgz#146c2a29ee7d3bae4bf2fcb274636e264c813c45"
diff --git a/package.json b/package.json
index bb25d9da..d0cb4e33 100644
--- a/package.json
+++ b/package.json
@@ -40,6 +40,7 @@
     "@types/node": "^12.12.7",
     "@types/parcel-bundler": "^1.12.1",
     "@types/pem": "^1.9.5",
+    "@types/proxy-from-env": "^1.0.1",
     "@types/safe-compare": "^1.1.0",
     "@types/semver": "^7.1.0",
     "@types/split2": "^2.1.6",
@@ -82,6 +83,7 @@
     "limiter": "^1.1.5",
     "pem": "^1.14.2",
     "proxy-agent": "^4.0.0",
+    "proxy-from-env": "^1.1.0",
     "qs": "6.7.0",
     "rotating-file-stream": "^2.1.1",
     "safe-buffer": "^5.1.1",
diff --git a/src/node/proxy_agent.ts b/src/node/proxy_agent.ts
index 26026900..416a9786 100644
--- a/src/node/proxy_agent.ts
+++ b/src/node/proxy_agent.ts
@@ -1,13 +1,15 @@
 import { logger } from "@coder/logger"
 import * as http from "http"
-import * as url from "url"
-import * as proxyagent from "proxy-agent"
+import * as proxyAgent from "proxy-agent"
+import * as proxyFromEnv from "proxy-from-env"
 
 /**
  * This file has nothing to do with the code-server proxy.
- * It is for $HTTP_PROXY and $HTTPS_PROXY support.
+ * It is to support $HTTP_PROXY, $HTTPS_PROXY and $NO_PROXY.
+ *
  * - https://github.com/cdr/code-server/issues/124
  * - https://www.npmjs.com/package/proxy-agent
+ * - https://www.npmjs.com/package/proxy-from-env
  *
  * This file exists in two locations:
  * - src/node/proxy_agent.ts
@@ -17,7 +19,7 @@ import * as proxyagent from "proxy-agent"
 
 /**
  * monkeyPatch patches the node http,https modules to route all requests through the
- * agents we get from the proxy-agent package.
+ * agent we get from the proxy-agent package.
  *
  * This approach only works if there is no code specifying an explicit agent when making
  * a request.
@@ -28,29 +30,22 @@ import * as proxyagent from "proxy-agent"
  *
  * Even if they do, it's probably the same proxy so we should be fine! And those knobs
  * are deprecated anyway.
- *
- * We use $HTTP_PROXY for all HTTP resources via a normal HTTP proxy.
- * We use $HTTPS_PROXY for all HTTPS resources via HTTP connect.
- * See https://stackoverflow.com/a/10442767/4283659
  */
 export function monkeyPatch(inVSCode: boolean): void {
-  const http = require("http")
-  const https = require("https")
+  if (shouldEnableProxy()) {
+    const http = require("http")
+    const https = require("https")
 
-  const httpProxyURL = process.env.HTTP_PROXY || process.env.http_proxy
-  if (httpProxyURL) {
-    logger.debug(`using $HTTP_PROXY ${httpProxyURL}`)
-    http.globalAgent = newProxyAgent(inVSCode, httpProxyURL)
-  }
-
-  const httpsProxyURL = process.env.HTTPS_PROXY || process.env.https_proxy
-  if (httpsProxyURL) {
-    logger.debug(`using $HTTPS_PROXY ${httpsProxyURL}`)
-    https.globalAgent = newProxyAgent(inVSCode, httpsProxyURL)
+    // If we do not pass in a proxy URL, proxy-agent will get the URL from the environment.
+    // See https://www.npmjs.com/package/proxy-from-env.
+    // Also see shouldEnableProxy.
+    const pa = newProxyAgent(inVSCode)
+    http.globalAgent = pa
+    https.globalAgent = pa
   }
 }
 
-function newProxyAgent(inVSCode: boolean, for: "http" | "https", proxyURL: string): http.Agent {
+function newProxyAgent(inVSCode: boolean): http.Agent {
   // The reasoning for this split is that VS Code's build process does not have
   // esModuleInterop enabled but the code-server one does. As a result depending on where
   // we execute, we either have a default attribute or we don't.
@@ -59,8 +54,28 @@ function newProxyAgent(inVSCode: boolean, for: "http" | "https", proxyURL: strin
   // a huge number of errors. And we can't use require as otherwise the modules won't be
   // included in the final product.
   if (inVSCode) {
-    return new (proxyagent as any)(opts)
+    return new (proxyAgent as any)()
   } else {
-    return new (proxyagent as any).default(opts)
+    return new (proxyAgent as any).default()
   }
 }
+
+// If they have $NO_PROXY set to example.com then this check won't work!
+// But that's drastically unlikely.
+function shouldEnableProxy(): boolean {
+  let shouldEnable = false
+
+  const httpProxy = proxyFromEnv.getProxyForUrl(`http://example.com`)
+  if (httpProxy) {
+    shouldEnable = true
+    logger.debug(`using $HTTP_PROXY ${httpProxy}`)
+  }
+
+  const httpsProxy = proxyFromEnv.getProxyForUrl(`https://example.com`)
+  if (httpsProxy) {
+    shouldEnable = true
+    logger.debug(`using $HTTPS_PROXY ${httpsProxy}`)
+  }
+
+  return shouldEnable
+}
diff --git a/yarn.lock b/yarn.lock
index 5f0bdb5e..e0e3fa62 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1137,6 +1137,13 @@
   dependencies:
     "@types/node" "*"
 
+"@types/proxy-from-env@^1.0.1":
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/@types/proxy-from-env/-/proxy-from-env-1.0.1.tgz#b5f3e99230ca4518af196c18267055fc51f892b7"
+  integrity sha512-luG++TFHyS61eKcfkR1CVV6a1GMNXDjtqEQIIfaSHax75xp0HU3SlezjOi1yqubJwrG8e9DeW59n6wTblIDwFg==
+  dependencies:
+    "@types/node" "*"
+
 "@types/q@^1.5.1":
   version "1.5.4"
   resolved "https://registry.yarnpkg.com/@types/q/-/q-1.5.4.tgz#15925414e0ad2cd765bfef58842f7e26a7accb24"
@@ -6333,7 +6340,7 @@ proxy-agent@^4.0.0:
     proxy-from-env "^1.0.0"
     socks-proxy-agent "^5.0.0"
 
-proxy-from-env@^1.0.0:
+proxy-from-env@^1.0.0, proxy-from-env@^1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz#e102f16ca355424865755d2c9e8ea4f24d58c3e2"
   integrity sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==