feat(mock): proxy and server auth (#412)

* chore: upgrade actions checkout v4

* feat(mock): add proxy, proxy-user and user flags

* feat(mock): add insecure flag

Author: adrienaury

.github/workflows/ci.yml

@@ -23,7 +23,7 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

.github/workflows/codeql-analysis.yml

@@ -39,7 +39,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/release.yml

@@ -21,7 +21,7 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

CHANGELOG.md

@@ -14,6 +14,10 @@ Types of changes
 - `Fixed` for any bug fixes.
 - `Security` in case of vulnerabilities.
 
+## [1.31.0]
+
+- `Added` insecure, proxy, proxy-user and user flags to mock command
+
 ## [1.30.2]
 
 - `Fixed` mask `findInCSV` memory usage

cmd/pimo/mock.go

@@ -1,8 +1,11 @@
 package main
 
 import (
+	"crypto/tls"
 	"net/http"
 	"net/url"
+	"os"
+	"strings"
 
 	over "github.com/adrienaury/zeromdc"
 	"github.com/cgi-fr/pimo/internal/app/pimo"
@@ -11,13 +14,31 @@ import (
 	"github.com/cgi-fr/pimo/pkg/uri"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
+	"golang.org/x/term"
 )
 
 // pimo --serve ":8080" --mask 'name=[{add: true}, {randomChoiceInUri: "pimo://nameFR"}]'
 // pimo -v5 mock -p :8081 http://localhost:8080
 
+func askPassword(prompt string) string {
+	if term.IsTerminal(int(os.Stdin.Fd())) {
+		os.Stdout.Write([]byte(prompt))
+		bytePassword, err := term.ReadPassword(int(os.Stdin.Fd()))
+		os.Stdout.Write([]byte("\n"))
+		if err != nil {
+			os.Exit(1)
+		}
+		return string(bytePassword)
+	}
+	return ""
+}
+
 func setupMockCommand(rootCmd *cobra.Command) {
 	mockAddr := ":8080"
+	proxyURL := ""
+	proxyAuth := ""
+	serverAuth := ""
+	insecure := false
 
 	mockCmd := &cobra.Command{
 		Use:   "mock",
@@ -34,12 +55,57 @@ func setupMockCommand(rootCmd *cobra.Command) {
 			if cmd.Flags().Changed("seed") {
 				globalSeed = &seedValue
 			}
-			runMockCommand(backendURL, mockAddr, mockConfigFile, globalSeed)
+
+			client := http.DefaultClient
+			if proxyURL != "" {
+				proxyURLParsed, err := url.Parse(proxyURL)
+				if err != nil {
+					log.Fatal().Err(err).Msg("Failed to parse proxy URL")
+				}
+				if proxyAuth != "" {
+					if !strings.Contains(proxyAuth, ":") {
+						password := askPassword("enter password for proxy authentication: ")
+						proxyAuth = proxyAuth + ":" + password
+					}
+					proxyURLParsed.User = url.UserPassword(strings.Split(proxyAuth, ":")[0], strings.Split(proxyAuth, ":")[1])
+				}
+				client.Transport = &http.Transport{
+					Proxy: http.ProxyURL(proxyURLParsed),
+				}
+			}
+
+			if insecure {
+				if client.Transport == nil {
+					client.Transport = &http.Transport{
+						TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, //nolint:gosec
+					}
+				} else {
+					client.Transport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true} //nolint:gosec
+				}
+			}
+
+			if serverAuth != "" {
+				if !strings.Contains(serverAuth, ":") {
+					password := askPassword("enter password for server authentication: ")
+					proxyAuth = proxyAuth + ":" + password
+				}
+				client.Transport = &TransportWithAuth{
+					wrapped: client.Transport,
+					user:    strings.Split(serverAuth, ":")[0],
+					pass:    strings.Split(serverAuth, ":")[1],
+				}
+			}
+
+			runMockCommand(backendURL, mockAddr, mockConfigFile, globalSeed, client)
 		},
 		Args: cobra.ExactArgs(1),
 	}
 
 	mockCmd.PersistentFlags().StringVarP(&mockAddr, "port", "p", mockAddr, "address and port number")
+	mockCmd.PersistentFlags().StringVarP(&proxyURL, "proxy", "x", proxyURL, "use the specified proxy to perform backend request")
+	mockCmd.PersistentFlags().StringVarP(&proxyAuth, "proxy-user", "U", proxyAuth, "specify user:password to use for proxy authentication")
+	mockCmd.PersistentFlags().StringVarP(&serverAuth, "user", "u", serverAuth, "specify user:password to use for server authentication")
+	mockCmd.PersistentFlags().BoolVarP(&insecure, "insecure", "k", insecure, "allow insecure server connections when using SSL")
 	addFlag(mockCmd, flagBufferSize)
 	// addFlag(mockCmd, flagCatchErrors) // could use
 	addFlag(mockCmd, flagConfigRoute)
@@ -56,7 +122,21 @@ func setupMockCommand(rootCmd *cobra.Command) {
 	rootCmd.AddCommand(mockCmd)
 }
 
-func runMockCommand(backendURL, mockAddr, configFile string, globalSeed *int64) {
+type TransportWithAuth struct {
+	wrapped http.RoundTripper
+	user    string
+	pass    string
+}
+
+func (t *TransportWithAuth) RoundTrip(req *http.Request) (*http.Response, error) {
+	req.SetBasicAuth(t.user, t.pass)
+	if t.wrapped == nil {
+		return http.DefaultTransport.RoundTrip(req)
+	}
+	return t.wrapped.RoundTrip(req)
+}
+
+func runMockCommand(backendURL, mockAddr, configFile string, globalSeed *int64, client *http.Client) {
 	pimo.InjectMasks()
 	statistics.Reset()
 
@@ -72,7 +152,7 @@ func runMockCommand(backendURL, mockAddr, configFile string, globalSeed *int64)
 		log.Fatal().Err(err).Msg("Failed to parse backend URL")
 	}
 
-	ctx, err := cfg.Build(backend, globalSeed, cachesToLoad)
+	ctx, err := cfg.Build(backend, globalSeed, cachesToLoad, client)
 	if err != nil {
 		log.Fatal().Err(err).Msgf("Failed to build routes from %s", configFile)
 	}

go.mod

@@ -24,6 +24,7 @@ require (
 	github.com/zach-klippenstein/goregen v0.0.0-20160303162051-795b5e3961ea
 	golang.org/x/crypto v0.36.0
 	golang.org/x/exp v0.0.0-20240707233637-46b078467d37
+	golang.org/x/term v0.30.0
 	golang.org/x/text v0.23.0
 )
 

go.sum

@@ -178,6 +178,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
 golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
+golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
 golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=

internal/app/pimo/mock/routes.go

@@ -39,9 +39,9 @@ func LoadConfigFromFile(filename string) (*Config, error) {
 	return config, nil
 }
 
-func (cfg *Config) Build(backend *url.URL, globalSeed *int64, cachesToLoad map[string]string) (Context, error) {
+func (cfg *Config) Build(backend *url.URL, globalSeed *int64, cachesToLoad map[string]string, client *http.Client) (Context, error) {
 	ctx := Context{
-		client:  http.DefaultClient,
+		client:  client,
 		backend: backend,
 		routes:  []ContextRoute{},
 		caches:  map[string]model.Cache{},