diff options
| author | matt korwel <[email protected]> | 2025-07-07 16:36:51 -0700 |
|---|---|---|
| committer | GitHub <[email protected]> | 2025-07-07 23:36:51 +0000 |
| commit | a4097ae6f95afab0005a0f76a9334715f6b3afef (patch) | |
| tree | e05f57f991356c0954a2baf75f3d4bff957a157a /scripts/example-proxy.js | |
| parent | 4e84989d8f6330027327f4fc214055c1cd7bf45b (diff) | |
Release and Packaging: Clean up (#3489)
Diffstat (limited to 'scripts/example-proxy.js')
| -rwxr-xr-x | scripts/example-proxy.js | 75 |
1 files changed, 0 insertions, 75 deletions
diff --git a/scripts/example-proxy.js b/scripts/example-proxy.js deleted file mode 100755 index 576da849..00000000 --- a/scripts/example-proxy.js +++ /dev/null @@ -1,75 +0,0 @@ -#!/usr/bin/env node - -/** - * @license - * Copyright 2025 Google LLC - * SPDX-License-Identifier: Apache-2.0 - */ - -// Example proxy server that listens on :::8877 and only allows HTTPS connections to example.com. -// Set `GEMINI_SANDBOX_PROXY_COMMAND=scripts/example-proxy.js` to run proxy alongside sandbox -// Test via `curl https://example.com` inside sandbox (in shell mode or via shell tool) - -import http from 'http'; -import net from 'net'; -import { URL } from 'url'; -import console from 'console'; - -const PROXY_PORT = 8877; -const ALLOWED_DOMAINS = ['example.com', 'googleapis.com']; -const ALLOWED_PORT = '443'; - -const server = http.createServer((req, res) => { - // Deny all requests other than CONNECT for HTTPS - console.log( - `[PROXY] Denying non-CONNECT request for: ${req.method} ${req.url}`, - ); - res.writeHead(405, { 'Content-Type': 'text/plain' }); - res.end('Method Not Allowed'); -}); - -server.on('connect', (req, clientSocket, head) => { - // req.url will be in the format "hostname:port" for a CONNECT request. - const { port, hostname } = new URL(`http://${req.url}`); - - console.log(`[PROXY] Intercepted CONNECT request for: ${hostname}:${port}`); - - if ( - ALLOWED_DOMAINS.some( - (domain) => hostname == domain || hostname.endsWith(`.${domain}`), - ) && - port === ALLOWED_PORT - ) { - console.log(`[PROXY] Allowing connection to ${hostname}:${port}`); - - // Establish a TCP connection to the original destination. - const serverSocket = net.connect(port, hostname, () => { - clientSocket.write('HTTP/1.1 200 Connection Established\r\n\r\n'); - // Create a tunnel by piping data between the client and the destination server. - serverSocket.write(head); - serverSocket.pipe(clientSocket); - clientSocket.pipe(serverSocket); - }); - - serverSocket.on('error', (err) => { - console.error(`[PROXY] Error connecting to destination: ${err.message}`); - clientSocket.end(`HTTP/1.1 502 Bad Gateway\r\n\r\n`); - }); - } else { - console.log(`[PROXY] Denying connection to ${hostname}:${port}`); - clientSocket.end('HTTP/1.1 403 Forbidden\r\n\r\n'); - } - - clientSocket.on('error', (err) => { - // This can happen if the client hangs up. - console.error(`[PROXY] Client socket error: ${err.message}`); - }); -}); - -server.listen(PROXY_PORT, () => { - const address = server.address(); - console.log(`[PROXY] Proxy listening on ${address.address}:${address.port}`); - console.log( - `[PROXY] Allowing HTTPS connections to domains: ${ALLOWED_DOMAINS.join(', ')}`, - ); -}); |