feat: honor HTTP_PROXY/HTTPS_PROXY env vars in loggedFetch#261
feat: honor HTTP_PROXY/HTTPS_PROXY env vars in loggedFetch#261rafa-thayto wants to merge 2 commits intomainfrom
Conversation
|
!snapshot |
|
ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
✅ Files skipped from review due to trivial changes (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughAdds handling of proxy environment variables for outbound HTTP requests. The fetch wrapper resolves a per-request proxy from curl-style env vars (HTTP_PROXY/HTTPS_PROXY/NO_PROXY, case-insensitive), skips proxying localhost (to avoid the OAuth callback), passes the proxy to Bun's per-request Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Snapshot publishednpm install -g clerk@1.1.2-snapshot.f158c47
|
rafa-thayto
force-pushed
the
feat/fetch-proxy-env
branch
from
f158c47 to
5800ec9
Compare
🦋 Changeset detectedLatest commit: 3dae5b7 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/cli-core/src/lib/fetch.ts`:
- Around line 21-23: The verbose proxy log currently prints the full proxy URL
(via the local variable proxy) which may contain userinfo; update the logging in
the fetch flow (near resolveProxy, fetchInit and the log.debug using tag) to
redact credentials before logging by parsing the proxy string as a URL, clearing
username/password (or reconstructing protocol://host[:port]) and logging that
safe representation instead of the raw proxy; leave fetchInit unchanged and only
modify the value passed to log.debug so credentials are never emitted.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: aeee4b66-78a4-4f50-9e8b-a58389ef50ae
📒 Files selected for processing (2)
.changeset/fetch-proxy-env.mdpackages/cli-core/src/lib/fetch.ts
Bun's fetch() does not auto-read these env vars, so tools like mitmproxy and Charles couldn't intercept CLI traffic. Resolve a proxy per request from curl-style env vars (uppercase or lowercase) and pass it through Bun's `proxy` option. Always skip localhost so the OAuth callback listener is never proxied. Log the chosen proxy under --verbose.
Proxy env vars can include inline credentials (e.g. http://user:pass@proxy:8080). Strip userinfo before passing the URL to log.debug so credentials are never emitted in --verbose output or captured in CI logs.
rafa-thayto
force-pushed
the
feat/fetch-proxy-env
branch
from
7f13c91 to
3dae5b7
Compare
1 participant
Summary
fetch()does not readHTTP_PROXY/HTTPS_PROXYenv vars, so traffic inspectors (mitmproxy, Charles, Proxyman) couldn't intercept the CLI's outbound requests.loggedFetchnow resolves a proxy from curl-style env vars (HTTP_PROXY,HTTPS_PROXY,NO_PROXY— uppercase or lowercase) and passes it through Bun's per-requestproxyoption.localhost,127.0.0.1,::1) is always skipped so the OAuth callback listener is never routed through an external proxy.--verbose, the chosen proxy is logged alongside the request.Test plan
HTTPS_PROXY=http://localhost:8080 clerk apps list --verboseshowsrouting via proxy http://localhost:8080and the request appears in mitmproxy.NO_PROXY=api.clerk.com HTTPS_PROXY=http://localhost:8080 clerk apps list --verbosedoes NOT route through the proxy.clerk auth login) is unaffected whenHTTPS_PROXYis set — the localhost callback skips the proxy.https_proxy,no_proxy) are also honored.