🐛 use system certificates in binary

sestinj · sestinj · commit 92be66325753 · 2024-04-16T02:23:21.000-07:00
diff --git a/binary/package-lock.json b/binary/package-lock.json
diff --git a/binary/package.json b/binary/package.json
@@ -41,9 +41,12 @@
     "commander": "^12.0.0",
     "core": "file:../core",
     "follow-redirects": "^1.15.5",
+    "mac-ca": "^2.0.3",
     "ncp": "^2.0.0",
     "posthog-node": "^3.6.3",
+    "system-ca": "^1.0.2",
     "uuid": "^9.0.1",
-    "vectordb": "^0.4.10"
+    "vectordb": "^0.4.10",
+    "win-ca": "^3.5.1"
   }
 }
diff --git a/binary/src/ca.ts b/binary/src/ca.ts
@@ -0,0 +1,23 @@
+import { globalAgent } from "https";
+import { systemCertsAsync } from "system-ca";
+
+export async function setupCa() {
+  try {
+    switch (process.platform) {
+      case "darwin":
+        // https://www.npmjs.com/package/mac-ca#usage
+        require("mac-ca").addToGlobalAgent();
+        break;
+      case "win32":
+        // https://www.npmjs.com/package/win-ca#caveats
+        require("win-ca").inject("+");
+        break;
+      default:
+        // https://www.npmjs.com/package/system-ca
+        globalAgent.options.ca = await systemCertsAsync();
+        break;
+    }
+  } catch (e) {
+    console.warn("Failed to setup CA: ", e);
+  }
+}
diff --git a/binary/src/index.ts b/binary/src/index.ts
@@ -3,6 +3,7 @@ import { Command } from "commander";
 import { getCoreLogsPath } from "core/util/paths";
 import fs from "fs";
 import { IpcIde } from "./IpcIde";
+import { setupCa } from "./ca";
 import { Core } from "./core";
 import { IpcMessenger } from "./messenger";
 
@@ -18,6 +19,8 @@ program.action(() => {
     // const ide = new FileSystemIde();
     const core = new Core(messenger, ide);
 
+    setupCa();
+
     // setTimeout(() => {
     //   messenger.mock({
     //     messageId: "2fe7823c-10bd-4771-abb5-781f520039ec",
diff --git a/core/util/fetchWithOptions.ts b/core/util/fetchWithOptions.ts
@@ -1,6 +1,7 @@
 import { http, https } from "follow-redirects";
 import * as fs from "fs";
 import { HttpProxyAgent } from "http-proxy-agent";
+import { globalAgent } from "https";
 import { HttpsProxyAgent } from "https-proxy-agent";
 import fetch, { RequestInit, Response } from "node-fetch";
 import tls from "tls";
@@ -13,7 +14,15 @@ export function fetchwithRequestOptions(
 ): Promise<Response> {
   const TIMEOUT = 7200; // 7200 seconds = 2 hours
 
-  const ca = [...tls.rootCertificates];
+  let globalCerts: string[] = [];
+  if (process.env.IS_BINARY) {
+    if (Array.isArray(globalAgent.options.ca)) {
+      globalCerts = [...globalAgent.options.ca.map((cert) => cert.toString())];
+    } else if (typeof globalAgent.options.ca !== "undefined") {
+      globalCerts.push(globalAgent.options.ca.toString());
+    }
+  }
+  const ca = Array.from(new Set(...tls.rootCertificates, ...globalCerts));
   const customCerts =
     typeof requestOptions?.caBundlePath === "string"
       ? [requestOptions?.caBundlePath]

Original file line number	Diff line number	Diff line change
`@@ -41,9 +41,12 @@`
`41`	`41`	`"commander": "^12.0.0",`
`42`	`42`	`"core": "file:../core",`
`43`	`43`	`"follow-redirects": "^1.15.5",`
	`44`	`+ "mac-ca": "^2.0.3",`
`44`	`45`	`"ncp": "^2.0.0",`
`45`	`46`	`"posthog-node": "^3.6.3",`
	`47`	`+ "system-ca": "^1.0.2",`
`46`	`48`	`"uuid": "^9.0.1",`
`47`		`- "vectordb": "^0.4.10"`
	`49`	`+ "vectordb": "^0.4.10",`
	`50`	`+ "win-ca": "^3.5.1"`
`48`	`51`	`}`
`49`	`52`	`}`