From d2b57be9655fecf2460fce871ddd2a9f0d97f44a Mon Sep 17 00:00:00 2001 From: samanhappy Date: Wed, 14 Dec 2022 15:12:33 +0800 Subject: [PATCH 1/9] support https for both client and server --- cmd/client/command/common.go | 24 ++++++++++++++++++++---- cmd/client/main.go | 4 ++++ pkg/api/server.go | 11 ++++++++++- pkg/option/option.go | 6 ++++++ 4 files changed, 40 insertions(+), 5 deletions(-) diff --git a/cmd/client/command/common.go b/cmd/client/command/common.go index 1efadcd654..99ceec073e 100644 --- a/cmd/client/command/common.go +++ b/cmd/client/command/common.go @@ -19,6 +19,7 @@ package command import ( "bytes" + "crypto/tls" "fmt" "io" "net/http" @@ -30,8 +31,10 @@ import ( type ( // GlobalFlags is the global flags for the whole client. GlobalFlags struct { - Server string - OutputFormat string + Server string + Secure bool + InsecureSkipVerify bool + OutputFormat string } // APIErr is the standard return of error. @@ -115,7 +118,13 @@ const ( ) func makeURL(urlTemplate string, a ...interface{}) string { - return "http://" + CommandlineGlobalFlags.Server + fmt.Sprintf(urlTemplate, a...) + var p string + if CommandlineGlobalFlags.Secure { + p = "https://" + } else { + p = "http://" + } + return p + CommandlineGlobalFlags.Server + fmt.Sprintf(urlTemplate, a...) } func successfulStatusCode(code int) bool { @@ -137,7 +146,14 @@ func handleRequest(httpMethod string, url string, yamlBody []byte, cmd *cobra.Co ExitWithError(err) } - resp, err := http.DefaultClient.Do(req) + var tr http.Transport + if CommandlineGlobalFlags.InsecureSkipVerify { + tr = http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + } + } + client := &http.Client{Transport: &tr} + resp, err := client.Do(req) if err != nil { ExitWithErrorf("%s failed: %v", cmd.Short, err) } diff --git a/cmd/client/main.go b/cmd/client/main.go index 99e6fd857d..e49103b91c 100644 --- a/cmd/client/main.go +++ b/cmd/client/main.go @@ -118,6 +118,10 @@ func main() { rootCmd.PersistentFlags().StringVar(&command.CommandlineGlobalFlags.Server, "server", "localhost:2381", "The address of the Easegress endpoint") + rootCmd.PersistentFlags().BoolVar(&command.CommandlineGlobalFlags.Secure, + "secure", false, "Whether to use secure transport protocal(https)") + rootCmd.PersistentFlags().BoolVar(&command.CommandlineGlobalFlags.InsecureSkipVerify, + "insecure-skip-verify", false, "Whether to verify the server's certificate chain and host name") rootCmd.PersistentFlags().StringVarP(&command.CommandlineGlobalFlags.OutputFormat, "output", "o", "yaml", "Output format(json, yaml)") diff --git a/pkg/api/server.go b/pkg/api/server.go index 3d8300f220..5b8a2b0748 100644 --- a/pkg/api/server.go +++ b/pkg/api/server.go @@ -84,7 +84,16 @@ func MustNewServer(opt *option.Options, cls cluster.Cluster, super *supervisor.S go func() { logger.Infof("api server running in %s", opt.APIAddr) - s.server.ListenAndServe() + var err error + if s.opt.Secure { + logger.Infof("api server running in secure model(https)") + err = s.server.ListenAndServeTLS(s.opt.CertFile, s.opt.KeyFile) + } else { + err = s.server.ListenAndServe() + } + if err != nil { + logger.Errorf("start api server failed: %v", err) + } }() return s diff --git a/pkg/option/option.go b/pkg/option/option.go index 36871d6e4f..68bb09f33e 100644 --- a/pkg/option/option.go +++ b/pkg/option/option.go @@ -69,6 +69,9 @@ type Options struct { Name string `yaml:"name" env:"EG_NAME"` Labels map[string]string `yaml:"labels" env:"EG_LABELS"` APIAddr string `yaml:"api-addr"` + Secure bool `yaml:"secure"` + CertFile string `yaml:"cert-file"` + KeyFile string `yaml:"key-file"` Debug bool `yaml:"debug"` DisableAccessLog bool `yaml:"disable-access-log"` InitialObjectConfigFiles []string `yaml:"initial-object-config-files"` @@ -138,6 +141,9 @@ func New() *Options { opt.flags.BoolVar(&opt.UseStandaloneEtcd, "use-standalone-etcd", false, "Use standalone etcd instead of embedded .") addClusterVars(opt) opt.flags.StringVar(&opt.APIAddr, "api-addr", "localhost:2381", "Address([host]:port) to listen on for administration traffic.") + opt.flags.BoolVar(&opt.Secure, "secure", false, "Flag to use secure transport protocol(https).") + opt.flags.StringVar(&opt.CertFile, "cert-file", "", "Flag to set the certificate file for https.") + opt.flags.StringVar(&opt.KeyFile, "key-file", "", "Flag to set the private key file for https.") opt.flags.BoolVar(&opt.Debug, "debug", false, "Flag to set lowest log level from INFO downgrade DEBUG.") opt.flags.StringSliceVar(&opt.InitialObjectConfigFiles, "initial-object-config-files", nil, "List of configuration files for initial objects, these objects will be created at startup if not already exist.") opt.flags.StringVar(&opt.ObjectsDumpInterval, "objects-dump-interval", "", "The time interval to dump running objects config, for example: 30m") From 469851c27dbdf5eb2ce9358796f0f775139bc3ca Mon Sep 17 00:00:00 2001 From: samanhappy Date: Wed, 14 Dec 2022 18:02:56 +0800 Subject: [PATCH 2/9] simplify code --- cmd/client/command/common.go | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/cmd/client/command/common.go b/cmd/client/command/common.go index 99ceec073e..3621c16895 100644 --- a/cmd/client/command/common.go +++ b/cmd/client/command/common.go @@ -146,11 +146,8 @@ func handleRequest(httpMethod string, url string, yamlBody []byte, cmd *cobra.Co ExitWithError(err) } - var tr http.Transport - if CommandlineGlobalFlags.InsecureSkipVerify { - tr = http.Transport{ - TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, - } + tr := http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: CommandlineGlobalFlags.InsecureSkipVerify}, } client := &http.Client{Transport: &tr} resp, err := client.Do(req) From 584943a4bba6b26b8ab42b0e8d1a7de3ee866cb1 Mon Sep 17 00:00:00 2001 From: samanhappy Date: Thu, 15 Dec 2022 09:37:26 +0800 Subject: [PATCH 3/9] Update pkg/api/server.go Co-authored-by: Bomin Zhang --- pkg/api/server.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/api/server.go b/pkg/api/server.go index 5b8a2b0748..e40dfcfb29 100644 --- a/pkg/api/server.go +++ b/pkg/api/server.go @@ -86,9 +86,10 @@ func MustNewServer(opt *option.Options, cls cluster.Cluster, super *supervisor.S logger.Infof("api server running in %s", opt.APIAddr) var err error if s.opt.Secure { - logger.Infof("api server running in secure model(https)") + logger.Infof("api server (https) running in %s", opt.APIAddr) err = s.server.ListenAndServeTLS(s.opt.CertFile, s.opt.KeyFile) } else { + logger.Infof("api server running in %s", opt.APIAddr) err = s.server.ListenAndServe() } if err != nil { From d7078329cf1ecd4d482d94a1bc2b38b7c88be9c6 Mon Sep 17 00:00:00 2001 From: samanhappy Date: Thu, 15 Dec 2022 09:46:49 +0800 Subject: [PATCH 4/9] apply suggestions --- cmd/client/command/common.go | 4 ++-- cmd/client/main.go | 4 ++-- pkg/api/server.go | 9 ++++++--- pkg/option/option.go | 4 ++-- 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/cmd/client/command/common.go b/cmd/client/command/common.go index 3621c16895..44284cb42d 100644 --- a/cmd/client/command/common.go +++ b/cmd/client/command/common.go @@ -32,7 +32,7 @@ type ( // GlobalFlags is the global flags for the whole client. GlobalFlags struct { Server string - Secure bool + SSL bool InsecureSkipVerify bool OutputFormat string } @@ -119,7 +119,7 @@ const ( func makeURL(urlTemplate string, a ...interface{}) string { var p string - if CommandlineGlobalFlags.Secure { + if CommandlineGlobalFlags.SSL { p = "https://" } else { p = "http://" diff --git a/cmd/client/main.go b/cmd/client/main.go index e49103b91c..cd02d3d209 100644 --- a/cmd/client/main.go +++ b/cmd/client/main.go @@ -118,8 +118,8 @@ func main() { rootCmd.PersistentFlags().StringVar(&command.CommandlineGlobalFlags.Server, "server", "localhost:2381", "The address of the Easegress endpoint") - rootCmd.PersistentFlags().BoolVar(&command.CommandlineGlobalFlags.Secure, - "secure", false, "Whether to use secure transport protocal(https)") + rootCmd.PersistentFlags().BoolVar(&command.CommandlineGlobalFlags.SSL, + "ssl", false, "Whether to use secure transport protocal(https)") rootCmd.PersistentFlags().BoolVar(&command.CommandlineGlobalFlags.InsecureSkipVerify, "insecure-skip-verify", false, "Whether to verify the server's certificate chain and host name") rootCmd.PersistentFlags().StringVarP(&command.CommandlineGlobalFlags.OutputFormat, diff --git a/pkg/api/server.go b/pkg/api/server.go index e40dfcfb29..f13c458d33 100644 --- a/pkg/api/server.go +++ b/pkg/api/server.go @@ -83,13 +83,16 @@ func MustNewServer(opt *option.Options, cls cluster.Cluster, super *supervisor.S s.registerAPIs() go func() { - logger.Infof("api server running in %s", opt.APIAddr) var err error - if s.opt.Secure { + if s.opt.SSL { + if s.opt.CertFile == "" || s.opt.KeyFile == "" { + logger.Errorf("cert file and key file must be provided for SSL") + return + } logger.Infof("api server (https) running in %s", opt.APIAddr) err = s.server.ListenAndServeTLS(s.opt.CertFile, s.opt.KeyFile) } else { - logger.Infof("api server running in %s", opt.APIAddr) + logger.Infof("api server running in %s", opt.APIAddr) err = s.server.ListenAndServe() } if err != nil { diff --git a/pkg/option/option.go b/pkg/option/option.go index 68bb09f33e..96ebf7bb22 100644 --- a/pkg/option/option.go +++ b/pkg/option/option.go @@ -69,7 +69,7 @@ type Options struct { Name string `yaml:"name" env:"EG_NAME"` Labels map[string]string `yaml:"labels" env:"EG_LABELS"` APIAddr string `yaml:"api-addr"` - Secure bool `yaml:"secure"` + SSL bool `yaml:"ssl"` CertFile string `yaml:"cert-file"` KeyFile string `yaml:"key-file"` Debug bool `yaml:"debug"` @@ -141,7 +141,7 @@ func New() *Options { opt.flags.BoolVar(&opt.UseStandaloneEtcd, "use-standalone-etcd", false, "Use standalone etcd instead of embedded .") addClusterVars(opt) opt.flags.StringVar(&opt.APIAddr, "api-addr", "localhost:2381", "Address([host]:port) to listen on for administration traffic.") - opt.flags.BoolVar(&opt.Secure, "secure", false, "Flag to use secure transport protocol(https).") + opt.flags.BoolVar(&opt.SSL, "ssl", false, "Flag to use secure transport protocol(https).") opt.flags.StringVar(&opt.CertFile, "cert-file", "", "Flag to set the certificate file for https.") opt.flags.StringVar(&opt.KeyFile, "key-file", "", "Flag to set the private key file for https.") opt.flags.BoolVar(&opt.Debug, "debug", false, "Flag to set lowest log level from INFO downgrade DEBUG.") From 561a59aa435042d1bb0f439fbe95fdfe297bce8d Mon Sep 17 00:00:00 2001 From: samanhappy Date: Fri, 16 Dec 2022 09:12:07 +0800 Subject: [PATCH 5/9] standardize validation --- pkg/api/server.go | 4 ---- pkg/option/option.go | 3 +++ 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/pkg/api/server.go b/pkg/api/server.go index f13c458d33..5be83ef0ff 100644 --- a/pkg/api/server.go +++ b/pkg/api/server.go @@ -85,10 +85,6 @@ func MustNewServer(opt *option.Options, cls cluster.Cluster, super *supervisor.S go func() { var err error if s.opt.SSL { - if s.opt.CertFile == "" || s.opt.KeyFile == "" { - logger.Errorf("cert file and key file must be provided for SSL") - return - } logger.Infof("api server (https) running in %s", opt.APIAddr) err = s.server.ListenAndServeTLS(s.opt.CertFile, s.opt.KeyFile) } else { diff --git a/pkg/option/option.go b/pkg/option/option.go index 96ebf7bb22..40352e7837 100644 --- a/pkg/option/option.go +++ b/pkg/option/option.go @@ -347,6 +347,9 @@ func (opt *Options) validate() error { if !opt.UseInitialCluster() && opt.MemberDir == "" { return fmt.Errorf("empty member-dir") } + if opt.SSL && (opt.CertFile == "" || opt.KeyFile == "") { + return fmt.Errorf("empty cert file or key file") + } // profile: nothing to validate From 684383dc664fa77ab1991e56e9b6ed2c3e319625 Mon Sep 17 00:00:00 2001 From: samanhappy Date: Fri, 16 Dec 2022 15:52:30 +0800 Subject: [PATCH 6/9] auto upgrade to HTTPS --- cmd/client/command/common.go | 54 +++++++++++++++++++++++------------- cmd/client/main.go | 4 +-- pkg/api/server.go | 2 +- pkg/option/option.go | 6 ++-- 4 files changed, 40 insertions(+), 26 deletions(-) diff --git a/cmd/client/command/common.go b/cmd/client/command/common.go index 44284cb42d..acbc4c3efa 100644 --- a/cmd/client/command/common.go +++ b/cmd/client/command/common.go @@ -23,6 +23,7 @@ import ( "fmt" "io" "net/http" + "strings" "github.com/megaease/easegress/pkg/util/codectool" "github.com/spf13/cobra" @@ -32,7 +33,7 @@ type ( // GlobalFlags is the global flags for the whole client. GlobalFlags struct { Server string - SSL bool + ForceTLS bool InsecureSkipVerify bool OutputFormat string } @@ -115,14 +116,17 @@ const ( // MeshIngressURL is the mesh ingress path. MeshIngressURL = apiURL + "/mesh/ingresses/%s" + + // HTTPProtocal is prefix for HTTP protocal + HTTPProtocal = "http://" + // HTTPSProtocal is prefix for HTTPS protocal + HTTPSProtocal = "https://" ) func makeURL(urlTemplate string, a ...interface{}) string { - var p string - if CommandlineGlobalFlags.SSL { - p = "https://" - } else { - p = "http://" + p := HTTPProtocal + if CommandlineGlobalFlags.ForceTLS { + p = HTTPSProtocal } return p + CommandlineGlobalFlags.Server + fmt.Sprintf(urlTemplate, a...) } @@ -141,30 +145,22 @@ func handleRequest(httpMethod string, url string, yamlBody []byte, cmd *cobra.Co } } - req, err := http.NewRequest(httpMethod, url, bytes.NewReader(jsonBody)) - if err != nil { - ExitWithError(err) - } - tr := http.Transport{ TLSClientConfig: &tls.Config{InsecureSkipVerify: CommandlineGlobalFlags.InsecureSkipVerify}, } client := &http.Client{Transport: &tr} - resp, err := client.Do(req) - if err != nil { - ExitWithErrorf("%s failed: %v", cmd.Short, err) - } - defer resp.Body.Close() + resp, body := doRequest(httpMethod, url, jsonBody, client, cmd) - body, err := io.ReadAll(resp.Body) - if err != nil { - ExitWithErrorf("%s failed: %v", cmd.Short, err) + if resp.StatusCode == 400 && strings.Contains(string(body), "Client sent an HTTP request to an HTTPS server") { + fmt.Println("Warning: upgraded to HTTPS, it's better to turn on option --force-tls") + url = strings.ReplaceAll(url, HTTPProtocal, HTTPSProtocal) + resp, body = doRequest(httpMethod, url, jsonBody, client, cmd) } if !successfulStatusCode(resp.StatusCode) { msg := string(body) apiErr := &APIErr{} - err = codectool.Unmarshal(body, apiErr) + err := codectool.Unmarshal(body, apiErr) if err == nil { msg = apiErr.Message } @@ -176,6 +172,24 @@ func handleRequest(httpMethod string, url string, yamlBody []byte, cmd *cobra.Co } } +func doRequest(httpMethod string, url string, jsonBody []byte, client *http.Client, cmd *cobra.Command) (*http.Response, []byte) { + req, err := http.NewRequest(httpMethod, url, bytes.NewReader(jsonBody)) + if err != nil { + ExitWithError(err) + } + resp, err := client.Do(req) + if err != nil { + ExitWithErrorf("%s failed: %v", cmd.Short, err) + } + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + ExitWithErrorf("%s failed: %v", cmd.Short, err) + } + return resp, body +} + func printBody(body []byte) { var output []byte switch CommandlineGlobalFlags.OutputFormat { diff --git a/cmd/client/main.go b/cmd/client/main.go index cd02d3d209..bd40c40e07 100644 --- a/cmd/client/main.go +++ b/cmd/client/main.go @@ -118,8 +118,8 @@ func main() { rootCmd.PersistentFlags().StringVar(&command.CommandlineGlobalFlags.Server, "server", "localhost:2381", "The address of the Easegress endpoint") - rootCmd.PersistentFlags().BoolVar(&command.CommandlineGlobalFlags.SSL, - "ssl", false, "Whether to use secure transport protocal(https)") + rootCmd.PersistentFlags().BoolVar(&command.CommandlineGlobalFlags.ForceTLS, + "force-tls", false, "Whether to forcibly use secure transport protocal(https), if not, client will auto upgraded to HTTPS on-demand") rootCmd.PersistentFlags().BoolVar(&command.CommandlineGlobalFlags.InsecureSkipVerify, "insecure-skip-verify", false, "Whether to verify the server's certificate chain and host name") rootCmd.PersistentFlags().StringVarP(&command.CommandlineGlobalFlags.OutputFormat, diff --git a/pkg/api/server.go b/pkg/api/server.go index 5be83ef0ff..4563e2b5c7 100644 --- a/pkg/api/server.go +++ b/pkg/api/server.go @@ -84,7 +84,7 @@ func MustNewServer(opt *option.Options, cls cluster.Cluster, super *supervisor.S go func() { var err error - if s.opt.SSL { + if s.opt.TLS { logger.Infof("api server (https) running in %s", opt.APIAddr) err = s.server.ListenAndServeTLS(s.opt.CertFile, s.opt.KeyFile) } else { diff --git a/pkg/option/option.go b/pkg/option/option.go index 40352e7837..562356009c 100644 --- a/pkg/option/option.go +++ b/pkg/option/option.go @@ -69,7 +69,7 @@ type Options struct { Name string `yaml:"name" env:"EG_NAME"` Labels map[string]string `yaml:"labels" env:"EG_LABELS"` APIAddr string `yaml:"api-addr"` - SSL bool `yaml:"ssl"` + TLS bool `yaml:"tls"` CertFile string `yaml:"cert-file"` KeyFile string `yaml:"key-file"` Debug bool `yaml:"debug"` @@ -141,7 +141,7 @@ func New() *Options { opt.flags.BoolVar(&opt.UseStandaloneEtcd, "use-standalone-etcd", false, "Use standalone etcd instead of embedded .") addClusterVars(opt) opt.flags.StringVar(&opt.APIAddr, "api-addr", "localhost:2381", "Address([host]:port) to listen on for administration traffic.") - opt.flags.BoolVar(&opt.SSL, "ssl", false, "Flag to use secure transport protocol(https).") + opt.flags.BoolVar(&opt.TLS, "tls", false, "Flag to use secure transport protocol(https).") opt.flags.StringVar(&opt.CertFile, "cert-file", "", "Flag to set the certificate file for https.") opt.flags.StringVar(&opt.KeyFile, "key-file", "", "Flag to set the private key file for https.") opt.flags.BoolVar(&opt.Debug, "debug", false, "Flag to set lowest log level from INFO downgrade DEBUG.") @@ -347,7 +347,7 @@ func (opt *Options) validate() error { if !opt.UseInitialCluster() && opt.MemberDir == "" { return fmt.Errorf("empty member-dir") } - if opt.SSL && (opt.CertFile == "" || opt.KeyFile == "") { + if opt.TLS && (opt.CertFile == "" || opt.KeyFile == "") { return fmt.Errorf("empty cert file or key file") } From 5f94caacfe3efb72079319725be71a653f3a63ed Mon Sep 17 00:00:00 2001 From: samanhappy Date: Fri, 16 Dec 2022 15:58:41 +0800 Subject: [PATCH 7/9] fix typo --- cmd/client/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/client/main.go b/cmd/client/main.go index bd40c40e07..404ceeb312 100644 --- a/cmd/client/main.go +++ b/cmd/client/main.go @@ -119,7 +119,7 @@ func main() { rootCmd.PersistentFlags().StringVar(&command.CommandlineGlobalFlags.Server, "server", "localhost:2381", "The address of the Easegress endpoint") rootCmd.PersistentFlags().BoolVar(&command.CommandlineGlobalFlags.ForceTLS, - "force-tls", false, "Whether to forcibly use secure transport protocal(https), if not, client will auto upgraded to HTTPS on-demand") + "force-tls", false, "Whether to forcibly use HTTPS, if not, client will auto upgrade to HTTPS on-demand") rootCmd.PersistentFlags().BoolVar(&command.CommandlineGlobalFlags.InsecureSkipVerify, "insecure-skip-verify", false, "Whether to verify the server's certificate chain and host name") rootCmd.PersistentFlags().StringVarP(&command.CommandlineGlobalFlags.OutputFormat, From 91426a802705d2390a7fc441f07cc16381f59689 Mon Sep 17 00:00:00 2001 From: samanhappy Date: Mon, 19 Dec 2022 11:25:37 +0800 Subject: [PATCH 8/9] refactor https upgrade --- cmd/client/command/common.go | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/cmd/client/command/common.go b/cmd/client/command/common.go index acbc4c3efa..514fd1e7fe 100644 --- a/cmd/client/command/common.go +++ b/cmd/client/command/common.go @@ -124,11 +124,7 @@ const ( ) func makeURL(urlTemplate string, a ...interface{}) string { - p := HTTPProtocal - if CommandlineGlobalFlags.ForceTLS { - p = HTTPSProtocal - } - return p + CommandlineGlobalFlags.Server + fmt.Sprintf(urlTemplate, a...) + return CommandlineGlobalFlags.Server + fmt.Sprintf(urlTemplate, a...) } func successfulStatusCode(code int) bool { @@ -145,20 +141,22 @@ func handleRequest(httpMethod string, url string, yamlBody []byte, cmd *cobra.Co } } + p := HTTPProtocal + if CommandlineGlobalFlags.ForceTLS { + p = HTTPSProtocal + } tr := http.Transport{ TLSClientConfig: &tls.Config{InsecureSkipVerify: CommandlineGlobalFlags.InsecureSkipVerify}, } client := &http.Client{Transport: &tr} - resp, body := doRequest(httpMethod, url, jsonBody, client, cmd) + resp, body := doRequest(httpMethod, p+url, jsonBody, client, cmd) - if resp.StatusCode == 400 && strings.Contains(string(body), "Client sent an HTTP request to an HTTPS server") { - fmt.Println("Warning: upgraded to HTTPS, it's better to turn on option --force-tls") - url = strings.ReplaceAll(url, HTTPProtocal, HTTPSProtocal) - resp, body = doRequest(httpMethod, url, jsonBody, client, cmd) + msg := string(body) + if resp.StatusCode == 400 && strings.Contains(msg, "HTTP") && strings.Contains(msg, "HTTPS") { + resp, body = doRequest(httpMethod, HTTPSProtocal+url, jsonBody, client, cmd) } if !successfulStatusCode(resp.StatusCode) { - msg := string(body) apiErr := &APIErr{} err := codectool.Unmarshal(body, apiErr) if err == nil { From 7fe89df903b424388facc93466f3d465e636316e Mon Sep 17 00:00:00 2001 From: samanhappy Date: Mon, 19 Dec 2022 15:46:38 +0800 Subject: [PATCH 9/9] optimize HTTPS checking --- cmd/client/command/common.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/client/command/common.go b/cmd/client/command/common.go index 514fd1e7fe..c4d9e29e4b 100644 --- a/cmd/client/command/common.go +++ b/cmd/client/command/common.go @@ -152,7 +152,7 @@ func handleRequest(httpMethod string, url string, yamlBody []byte, cmd *cobra.Co resp, body := doRequest(httpMethod, p+url, jsonBody, client, cmd) msg := string(body) - if resp.StatusCode == 400 && strings.Contains(msg, "HTTP") && strings.Contains(msg, "HTTPS") { + if p == HTTPProtocal && resp.StatusCode == http.StatusBadRequest && strings.Contains(strings.ToUpper(msg), "HTTPS") { resp, body = doRequest(httpMethod, HTTPSProtocal+url, jsonBody, client, cmd) }