Spaces:
Running
Running
Tom
feat: add support for endpoints requiring client authentication using PKI (#393)
66adc5d
unverified
import * as fs from "fs"; | |
import { setGlobalDispatcher, Agent } from "undici"; | |
/** | |
* Load client certificates for mutual TLS authentication. This function must be called before any HTTP requests are made. | |
* This is a global setting that affects all HTTP requests made by the application using the native fetch API. | |
* | |
* @param clientCertPath Path to client certificate | |
* @param clientKeyPath Path to client key | |
* @param caCertPath Path to CA certificate [optional] | |
* @param clientKeyPassword Password for client key [optional] | |
* @param rejectUnauthorized Reject unauthorized certificates. | |
* Only use for testing/development, not recommended in production environments [optional] | |
* | |
* @returns void | |
* | |
* @example | |
* ```typescript | |
* loadClientCertificates("cert.pem", "key.pem", "ca.pem", "password", false); | |
* ``` | |
* | |
* @see | |
* [Undici Agent](https://undici.nodejs.org/#/docs/api/Agent) | |
* @see | |
* [Undici Dispatcher](https://undici.nodejs.org/#/docs/api/Dispatcher) | |
* @see | |
* [NodeJS Native Fetch API](https://nodejs.org/docs/latest-v19.x/api/globals.html#fetch) | |
*/ | |
export function loadClientCertificates( | |
clientCertPath: string, | |
clientKeyPath: string, | |
caCertPath?: string, | |
clientKeyPassword?: string, | |
rejectUnauthorized?: boolean | |
): void { | |
const clientCert = fs.readFileSync(clientCertPath); | |
const clientKey = fs.readFileSync(clientKeyPath); | |
const caCert = caCertPath ? fs.readFileSync(caCertPath) : undefined; | |
const agent = new Agent({ | |
connect: { | |
cert: clientCert, | |
key: clientKey, | |
ca: caCert, | |
passphrase: clientKeyPassword, | |
rejectUnauthorized: rejectUnauthorized, | |
}, | |
}); | |
setGlobalDispatcher(agent); | |
} | |