Merge pull request #392 from EXXETA/391-support-target-uris-with-https-protocol

Support target URIs with https: protocol

Author: LexLuengas

docker/README.md

@@ -26,8 +26,7 @@ as well that the container running openapi-cop has access to the target server (
 The image accepts the following environment variables, which correspond to the
 same [openapi-cop CLI flags](https://github.com/EXXETA/openapi-cop#cli-usage):
 
-- `TARGET`: The URI of the target server. Must include the port, e.g. http:\/\/somehostname:1234. Note that HTTPS is not
-  currently supported. If you wish to use HTTPS, put openapi-cop behind a SSL proxy.
+- `TARGET`: Full base path of the target API (format: http(s)://host:port/basePath).
 - `FILE`: The file path or URI pointing to the OpenAPI definition file. Supports JSON or YAML.
 - `DEFAULT_FORBID_ADDITIONAL_PROPERTIES`: When set, additional properties that are not present in the OpenAPI definition
   are not allowed.

src/app.ts

@@ -24,6 +24,7 @@ import {
   toOasRequest,
 } from './util';
 import {dereference, hasErrors, resolve, Validator} from './validation';
+import {URL} from "url";
 
 interface BuildOptions {
   targetUrl: string;
@@ -107,11 +108,16 @@ export async function buildApp(
       operation,
     );
 
+    const patchedHeaders = {
+      ...req.headers,
+      host: new URL(targetUrl).hostname,
+    };
+
     const options: rp.Options = {
       url: targetUrl.replace(/\/$/, '') + req.params[0],
       qs: req.query,
       method: req.method,
-      headers: req.headers,
+      headers: patchedHeaders,
       gzip: true,
       resolveWithFullResponse: true,
       simple: false,
@@ -158,6 +164,8 @@ export async function buildApp(
           // unmodified server response
           res.status(statusCode).send(serverResponse.body);
         } else {
+          // Replace response payload with parsed payload due to practicality
+          serverResponse.body = parsedResponseBody;
           // when not silent, render validation results on error
           res.status(500).json({
             error: {
@@ -214,9 +222,9 @@ export async function buildApp(
 
 /**
  * Builds the proxy and runs it on the given port.
- * @param proxy The port on which the proxy will run.
+ * @param port Port number on which to run the proxy.
  * @param host The host name or IP address of the proxy server.
- * @param targetUrl The URL the proxy routes from.
+ * @param targetUrl Full base path of the target API (format: http(s)://host:port/basePath).
  * @param apiDocFile The OpenAPI document path used to perform validation.
  * @param defaultForbidAdditionalProperties Whether additional properties are
  * allowed in requests and responses.

src/cli.ts

@@ -1,4 +1,6 @@
 #!/usr/bin/env node
+import {URL} from "url";
+
 const debugMod = require('debug');
 const debug = debugMod('openapi-cop:proxy');
 debug.log = console.log.bind(console); // output to stdout
@@ -19,7 +21,7 @@ program //
   .option('-p, --port <port>', 'port number on which to run the proxy', 8888)
   .option(
     '-t, --target <target>',
-    'full base path of the target API (format: http://host:port/basePath)',
+    'full base path of the target API (format: http(s)://host:port/basePath)',
   )
   .option(
     '--default-forbid-additional-properties',
@@ -45,40 +47,27 @@ if (program.verbose) {
 
 // Validate CLI arguments
 if (!program.file) {
-  console.log('Did not provide a OpenAPI file path.\n');
+  console.error('Did not provide a OpenAPI file path.\n');
   program.outputHelp();
   process.exit();
 }
 
 if (!program.target) {
-  console.log('Did not provide a target server URL.\n');
+  console.error('Did not provide a target server URL.\n');
   program.outputHelp();
   process.exit();
 }
 
-const targetPortMatch = (program.target as string).match(
-  /\w+:\/\/[\w.-]+:(\d{1,5})(\/|$)/,
-);
-const targetPort: string = targetPortMatch !== null ? targetPortMatch[1] : '';
+const targetUrl = new URL(program.target);
 
-if (isNaN(Number(targetPort))) {
-  // Check for implied port numbers
-  if (!program.target.startsWith('http://')) {
-    console.log('Did not provide a port number within the target URL.\n');
-    program.outputHelp();
-    process.exit();
-  }
+const defaultPorts: { [key: string]: number } = {
+  'http:': 80,
+  'https:': 443
 }
-if (program.target.startsWith('https://')) {
-  console.log('HTTPS is not supported. Not possible to modify requests/responses when the channel is encrypted. Consider to use openapi-cop behind a SSL proxy.\n');
-  process.exit();
-}
-if (
-  program.target.indexOf('//localhost') !== -1 &&
-  program.target.indexOf('//0.0.0.0') !== -1 &&
-  program.port === Number(targetPort)
-) {
-  console.log('Cannot proxy locally to the same port!');
+const targetPort = (targetUrl.port !== '')? Number(targetUrl.port) : defaultPorts[targetUrl.protocol];
+
+if ((targetUrl.hostname === 'localhost' || targetUrl.hostname === '0.0.0.0') && Number(program.port) === targetPort) {
+  console.error('Cannot proxy to the same local port: ' + program.port);
   process.exit();
 }