test tls pass through

Author: dmikey

.gitignore

@@ -1,3 +1,4 @@
 node_modules
 *-lock.json
-*.lock
+*.lock
+coverage/

jest.config.js

@@ -4,5 +4,5 @@ module.exports = {
   testRegex: "/src/.*\\.(test|spec)?\\.(ts|tsx)$",
   moduleFileExtensions: ["ts", "tsx", "js", "jsx", "json", "node"],
   collectCoverage: true,
-  coverageReporters: ["text-summary"],
+  coverageReporters: ["text-summary", "html"],
 };

src/from.ts

@@ -5,6 +5,7 @@ const Stream = require("stream");
 const createError = require("http-errors");
 const buildRequest = require("./request");
 const Url = require("url");
+const https = require("https");
 const {
   filterPseudoHeaders,
   copyHeaders,
@@ -62,6 +63,20 @@ export default fp(
       const req = this.request.raw;
       const getUpstream = opts.getUpstream || upstreamNoOp;
 
+      const { proxy_key, proxy_cert } = this.request.body || {};
+
+      if (proxy_cert && proxy_key) {
+        opts.http = {
+          ...opts.http,
+          agents: {
+            https: new https.Agent({
+              key: proxy_key,
+              cert: proxy_cert,
+            }),
+          },
+        };
+      }
+
       // we can forward the cert and key here, if we have them
       const { request, close, retryOnError } = buildRequest({
         http: opts.http,

src/index.test.ts

@@ -38,4 +38,41 @@ describe("testing proxy", () => {
       }
     );
   });
+
+  test("should return TLS certificate was presented", (done) => {
+    return app.inject(
+      {
+        headers: {
+          upstream: "https://certauth.cryptomix.com",
+        },
+        method: "POST",
+        url: "/",
+        payload: {
+          proxy_cert: `-----BEGIN CERTIFICATE-----
+          MIIBljCCAT2gAwIBAgIGAXpec6QTMAoGCCqGSM49BAMCMDcxNTAzBgNVBAMTLGFr
+          YXNoMWcyazlhejhmYWZnbmhheGN6ajJwY2Y3ZHh6bTk2cjN3MGVhM2Z2MB4XDTIx
+          MDYzMDA1MDAwMFoXDTIzMDYzMDA1MDAwMFowNzE1MDMGA1UEAxMsYWthc2gxZzJr
+          OWF6OGZhZmduaGF4Y3pqMnBjZjdkeHptOTZyM3cwZWEzZnYwWTATBgcqhkjOPQIB
+          BggqhkjOPQMBBwNCAAQxL+j8g6BVY90Qhosaywz/FnAPZSudeKxp1R+7xZp3ObnI
+          isXvOeFVxgI4QlZ18XkNzCkH0ld3jE9wM9oWpFlBozUwMzAOBgNVHQ8BAf8EBAMC
+          ADAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAKBggqhkjOPQQD
+          AgNHADBEAiACxXpENnv/0z+YY8O5PxNcZhCoy0cYEHP7taJSqYCNxAIgezBwfet7
+          2fT9yAO55qii1pg9yUTUb+0bLDc4iUSOU60=
+          -----END CERTIFICATE-----`,
+          proxy_key: `-----BEGIN PRIVATE KEY-----
+          MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgGYAxjsEAPUfNblnM
+          1hpJhwwEcGNJ2UQ5ZVqgPVggmFugCgYIKoZIzj0DAQehRANCAAQxL+j8g6BVY90Q
+          hosaywz/FnAPZSudeKxp1R+7xZp3ObnIisXvOeFVxgI4QlZ18XkNzCkH0ld3jE9w
+          M9oWpFlB
+          -----END PRIVATE KEY-----`,
+        },
+      },
+      (err, response) => {
+        if (response) {
+          expect(JSON.parse(response.body).data).toContain("success");
+        }
+        done(err);
+      }
+    );
+  });
 });

src/request.ts

@@ -63,9 +63,10 @@ function buildRequest(opts: any) {
       );
     }
   } else {
-    agents = httpOpts.agents || {
+    agents = {
       "http:": new http.Agent(httpOpts.agentOptions),
       "https:": new https.Agent(httpOpts.agentOptions),
+      ...httpOpts.agents,
     };
   }