Add custom hook for cert fetching

Question

Add custom hook for cert fetching

Closed this issue a year ago · 7 comments

Hi Devin,
Thank you for your excellent job and it saved me time to write the whole SNS validation in my project!

I'm using the lib in a project that is deployed in a cluster with complex network conditions. I find that it's hard to apply proxies and other modifications(Like adding headers, etc.) for fetching cert while the lib is using https.get internally. I end up hijacking the https.get and replacing it with our own implementation.

I wonder that is it sounds reasonable for you to support custom fetch implementation, like an optional fetch cert hook like

(url: string) => Promise<string>

to inject custom network request implementation from the client side?

Answer 1 · 2023-01-18T06:19:49.000Z

Hi @ChenNima, thanks for you interest in this project. Are you suggesting a way to plug in your own HTTP request library, ie, axios, got, a dozen others?

Or are you trying to add headers to the HTTP request, regardless of method used?

I avoided a third party HTTP request library because it is one GET, and don't want to bog it down with dependencies and having to watch for security within them.

If you could give me an example of what you are trying to inject, I can see if I can pass that through the the native Node HTTPS get call as an optional parameter.

Answer 2 · 2023-01-18T12:46:25.000Z

@ChenNima - I also noticed that you have forked the repo. Feel free to either work up a PR or give me further clarification and I'm sure we can accommodate your request. (And likely others as well)

Answer 3 · 2023-01-26T14:01:18.000Z

@ChenNima - It has been over a week since there has been a response to this enhancement. Therefore, I am closing it. If you or anybody else wants to provide more details, or a PR, feel free to reopen.

Answer 4 · 2023-02-06T02:09:15.000Z

Hi @devinstewart

Sorry for the delayed reply.

The network environment that I tried to deploy is a little bit complex due to many network policy restrictions. At the end of the day, the SNS cert call needs to go through a proxy.

I think that adding a param for interface httpsAgent should be good enough. In that case, I can pass a proxy instance of https://github.com/koichik/node-tunnel to the validator.

I've forked the repo and I'll try the solution on my end and issue a PR if it worked for me.

Answer 5 · 2023-02-06T16:16:53.000Z

Reopening due to PR #49

Answer 6 · 2023-02-06T16:26:25.000Z

@ChenNima - Looks great. I have pulled this into main. Will write up some documentation, add to the changelog, and publish in a few hours.

Answer 7 · 2023-02-07T01:56:51.000Z

Resolved by PR #49, shipped in #50