Merge pull request #298 from sonatype-nexus-community/fix/forward-proxy-for-guide

fix: Support forward proxy when communicating with Sonatype Guide

Author: madpah

package-lock.json

@@ -85,7 +85,7 @@
     "@xmldom/xmldom": "^0.9.0",
     "chalk": "^4.1.2",
     "figlet": "^1.2.4",
-    "js-yaml": "^4.1.0",
+    "js-yaml": "^4.2.0",
     "log4js": "^6.4.0",
     "node-persist": "^3.1.0",
     "ora": "^5.4.1",

package.json

@@ -20,6 +20,7 @@ import { OSSIndexCompatibilityApi } from '@sonatype/sonatype-guide-api-client';
 import type { InitOverrideFunction } from '@sonatype/sonatype-guide-api-client';
 import { Coordinates } from '../Types/Coordinates';
 import { rmSync, existsSync } from 'node:fs';
+import { ProxyAgent } from 'undici';
 
 // node-persist is mocked globally so tests never touch the filesystem cache.
 vi.mock('node-persist', () => ({
@@ -36,12 +37,19 @@ const CACHE_PATH = '/tmp/.sonatype-guide-test';
 const SERVER = 'https://api.guide.sonatype.com';
 
 describe('GuideRequestService', () => {
+  const mockFetch = vi.fn();
+
   beforeEach(() => {
     if (existsSync(CACHE_PATH)) rmSync(CACHE_PATH, { recursive: true, force: true });
+    vi.stubGlobal('fetch', mockFetch);
   });
 
   afterEach(() => {
     vi.restoreAllMocks();
+    vi.unstubAllGlobals();
+    delete process.env.http_proxy;
+    delete process.env.https_proxy;
+    mockFetch.mockClear();
   });
 
   it('sends Authorization: Bearer when accessToken is set (PAT token mode)', async () => {
@@ -119,4 +127,49 @@ describe('GuideRequestService', () => {
       expect(result).toEqual([]);
     });
   });
+
+  describe('proxy support', () => {
+    const mockSuccessResponse = {
+      ok: true,
+      status: 200,
+      statusText: 'OK',
+      json: vi.fn().mockResolvedValue([
+        {
+          coordinates: 'pkg:npm/test@1.0.0',
+          reference: 'https://guide.sonatype.com/blah',
+          vulnerabilities: [],
+        },
+      ]),
+    };
+
+    it('should pass ProxyAgent as dispatcher when http_proxy is set', async () => {
+      process.env.http_proxy = 'http://proxy.example.com:8080';
+      mockFetch.mockResolvedValueOnce(mockSuccessResponse);
+
+      const svc = new GuideRequestService('user', 'token', CACHE_PATH, SERVER);
+      const coords = [new Coordinates('test', '1.0.0')];
+      await svc.callGuideOrGetFromCache(coords, 'npm');
+
+      // Verify fetch was called with a dispatcher (ProxyAgent)
+      expect(mockFetch).toHaveBeenCalled();
+      const fetchOptions = mockFetch.mock.calls[0][1] as RequestInit & { dispatcher?: ProxyAgent };
+      expect(fetchOptions.dispatcher).toBeDefined();
+      expect(fetchOptions.dispatcher).toBeInstanceOf(ProxyAgent);
+    });
+
+    it('should not include dispatcher when no proxy is configured', async () => {
+      // Ensure no proxy env vars are set before creating service
+      delete process.env.http_proxy;
+      delete process.env.https_proxy;
+      mockFetch.mockResolvedValueOnce(mockSuccessResponse);
+
+      const svc = new GuideRequestService('user', 'token', CACHE_PATH, SERVER);
+      const coords = [new Coordinates('test', '1.0.0')];
+      await svc.callGuideOrGetFromCache(coords, 'npm');
+
+      expect(mockFetch).toHaveBeenCalled();
+      const fetchOptions = mockFetch.mock.calls[0][1] as RequestInit & { dispatcher?: unknown };
+      expect(fetchOptions.dispatcher).toBeUndefined();
+    });
+  });
 });

src/Services/GuideRequestService.spec.ts

@@ -15,12 +15,13 @@
  */
 
 import { OSSIndexCompatibilityApi, RecommendationsApi, Configuration } from '@sonatype/sonatype-guide-api-client';
-import type { RecommendationResponse, InitOverrideFunction } from '@sonatype/sonatype-guide-api-client';
+import type { RecommendationResponse, InitOverrideFunction, FetchAPI } from '@sonatype/sonatype-guide-api-client';
 import NodePersist from 'node-persist';
 import path from 'path';
 import { homedir } from 'os';
 import { Coordinates } from '../Types/Coordinates';
 import { OssIndexServerResultJSON } from '../Types/OssIndexServerResult';
+import { RequestHelpers } from './RequestHelpers';
 
 const GUIDE_BASE_URL = 'https://api.guide.sonatype.com';
 
@@ -41,20 +42,27 @@ export class GuideRequestService {
     readonly server: string = GUIDE_BASE_URL,
     readonly accessToken?: string,
   ) {
+    // Create a custom fetch wrapper that includes proxy support via dispatcher
+    const proxyAgent = RequestHelpers.getHttpAgent();
+    const fetchApi: FetchAPI | undefined = proxyAgent
+      ? (url: string | URL | Request, init?: RequestInit) =>
+          fetch(url, { ...init, dispatcher: proxyAgent } as unknown as RequestInit)
+      : undefined;
+
     // OSSIndexCompatibilityApi only supports HTTP Basic auth.
     // In PAT-only mode (no username), send the PAT as password with empty username
     // so the generated client includes an Authorization: Basic :<PAT> header.
     const ossUsername = username ?? (accessToken ? '' : undefined);
     const ossPassword = token ?? accessToken;
     this.api = new OSSIndexCompatibilityApi(
-      new Configuration({ username: ossUsername, password: ossPassword, basePath: server }),
+      new Configuration({ username: ossUsername, password: ossPassword, basePath: server, fetchApi }),
     );
 
     // RecommendationsApi supports Bearer auth; fall back to Basic when username is present.
     const recConfig =
       accessToken && !username
-        ? new Configuration({ accessToken, basePath: server })
-        : new Configuration({ username, password: token, basePath: server });
+        ? new Configuration({ accessToken, basePath: server, fetchApi })
+        : new Configuration({ username, password: token, basePath: server, fetchApi });
     this.recommendationsApi = new RecommendationsApi(recConfig);
   }
 

src/Services/GuideRequestService.ts

@@ -18,6 +18,7 @@ import { expect, vi, describe, it, afterEach, beforeEach } from 'vitest';
 import { OssIndexRequestService } from './OssIndexRequestService';
 import { Coordinates } from '../Types/Coordinates';
 import { rmSync, existsSync } from 'fs';
+import { ProxyAgent } from 'undici';
 
 // This will only work on Linux/OS X; find a better Windows-friendly path
 const CACHE_LOCATION = '/tmp/.ossindex';
@@ -34,6 +35,8 @@ describe('OssIndexRequestService', () => {
   afterEach(() => {
     vi.clearAllMocks();
     vi.unstubAllGlobals();
+    delete process.env.http_proxy;
+    delete process.env.https_proxy;
   });
 
   it('should have its request rejected when the OSS Index server is down', async () => {
@@ -66,4 +69,34 @@ describe('OssIndexRequestService', () => {
     const result = await requestService.callOSSIndexOrGetFromCache(coords);
     expect(result).toEqual(expectedOutput);
   });
+
+  it('should pass ProxyAgent as dispatcher when http_proxy is set', async () => {
+    if (existsSync(CACHE_LOCATION)) rmSync(CACHE_LOCATION, { recursive: true, force: true });
+    process.env.http_proxy = 'http://proxy.example.com:8080';
+
+    const expectedOutput = [
+      {
+        coordinates: 'pkg:npm/test@1.0.0',
+        reference: 'https://ossindex.sonatype.org/blah',
+        vulnerabilities: [],
+      },
+    ];
+
+    mockFetch.mockResolvedValueOnce({
+      ok: true,
+      statusText: 'OK',
+      json: vi.fn().mockResolvedValue(expectedOutput),
+    });
+
+    const requestService = new OssIndexRequestService(undefined, undefined, CACHE_LOCATION, OSS_INDEX_BASE_URL);
+    const coords = [new Coordinates('test', '1.0.0')];
+    await requestService.callOSSIndexOrGetFromCache(coords);
+
+    // Verify fetch was called with a dispatcher (ProxyAgent)
+    expect(mockFetch).toHaveBeenCalled();
+    const fetchCall = mockFetch.mock.calls[0];
+    const fetchOptions = fetchCall[1] as RequestInit & { dispatcher?: ProxyAgent };
+    expect(fetchOptions.dispatcher).toBeDefined();
+    expect(fetchOptions.dispatcher).toBeInstanceOf(ProxyAgent);
+  });
 });