configurable proxy

Author: leafty

backend/doi/doi.go

@@ -19,6 +19,7 @@ import (
 	"github.com/rclone/rclone/fs/config/configmap"
 	"github.com/rclone/rclone/fs/config/configstruct"
 	"github.com/rclone/rclone/fs/fserrors"
+	"github.com/rclone/rclone/fs/fshttp"
 	"github.com/rclone/rclone/fs/hash"
 	"github.com/rclone/rclone/lib/cache"
 	"github.com/rclone/rclone/lib/pacer"
@@ -72,6 +73,16 @@ The DOI provider can be set when rclone does not automatically recognize a suppo
 				}},
 			Required: false,
 			Advanced: true,
+		}, {
+			Name:     "proxy_url",
+			Help:     "Proxy URL",
+			Required: false,
+			Advanced: true,
+		}, {
+			Name:     "proxy_ca_cert",
+			Help:     "Proxy CA certificate",
+			Required: false,
+			Advanced: true,
 		}},
 	}
 	fs.Register(fsi)
@@ -91,8 +102,10 @@ const (
 
 // Options defines the configuration for this backend
 type Options struct {
-	Doi      string `config:"doi"`      // The DOI, a digital identifier of an object, usually a dataset
-	Provider string `config:"provider"` // The DOI provider
+	Doi         string `config:"doi"`      // The DOI, a digital identifier of an object, usually a dataset
+	Provider    string `config:"provider"` // The DOI provider
+	ProxyURL    string `config:"proxy_url"`
+	ProxyCACert string `config:"proxy_ca_cert"`
 }
 
 // Fs stores the interface to the remote HTTP files
@@ -277,9 +290,14 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 	}
 	opt.Doi = parseDoi(opt.Doi)
 
-	client, err := newHttpClient(ctx)
-	if err != nil {
-		return nil, err
+	var client *http.Client
+	if opt.ProxyURL != "" {
+		client, err = newHttpClient(ctx, opt)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		client = fshttp.NewClient(ctx)
 	}
 
 	ci := fs.GetConfig(ctx)

backend/doi/proxy.go

@@ -11,18 +11,14 @@ import (
 	"net/url"
 	"os"
 
+	"github.com/rclone/rclone/fs"
 	"github.com/rclone/rclone/fs/fshttp"
 )
 
-var (
-	caCertFile  = "/Users/leafty/projects/github.com/sdsc/renku-squid-cache/self.cert"
-	proxyUrlStr = "http://localhost:3128"
-)
-
-func newHttpClient(ctx context.Context) (client *http.Client, err error) {
+func newHttpClient(ctx context.Context, opt *Options) (client *http.Client, err error) {
 	client = fshttp.NewClient(ctx)
 
-	proxyUrl, err := url.Parse(proxyUrlStr)
+	proxyUrl, err := url.Parse(opt.ProxyURL)
 	if err != nil {
 		return nil, err
 	}
@@ -33,14 +29,17 @@ func newHttpClient(ctx context.Context) (client *http.Client, err error) {
 		rootCAs = x509.NewCertPool()
 	}
 
-	// Read in the self-signed certificate
-	certs, err := os.ReadFile(caCertFile)
-	if err != nil {
-		return nil, err
-	}
-
-	if ok := rootCAs.AppendCertsFromPEM(certs); !ok {
-		return nil, fmt.Errorf("could not append self-signed certificate to the CA pool")
+	if opt.ProxyCACert != "" {
+		fs.Logf(nil, "Adding to root CAs: %s", opt.ProxyCACert)
+		// Read in the self-signed certificate
+		certs, err := os.ReadFile(opt.ProxyCACert)
+		if err != nil {
+			return nil, err
+		}
+		// Add the certificate to the root CAs
+		if ok := rootCAs.AppendCertsFromPEM(certs); !ok {
+			return nil, fmt.Errorf("could not append self-signed certificate to the CA pool")
+		}
 	}
 
 	defaultTransport := http.DefaultTransport.(*http.Transport)