zhanj/claude-hud
1
0
Fork 0
mirror of https://github.com/jarrodwatts/claude-hud.git synced 2026-05-21 15:52:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

milestone-3: respect explicit TLS override in proxy tunnel

Browse Source
This commit is contained in:
Jarrod Watts
2026-03-23 12:32:17 +11:00
parent 98d67565ca 1c694a6f8f
commit 0c2c68c04a
2 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/usage-api.ts
View File

@@ -967,7 +967,7 @@ function createProxyTunnelAgent(proxyUrl: URL): https.Agent {
const tlsSocket = tls.connect({
socket: proxySocket,
servername: String(options.servername ?? targetHost),
rejectUnauthorized: options.rejectUnauthorized !== false,
rejectUnauthorized: getProxyTunnelRejectUnauthorized(options.rejectUnauthorized),
}, () => {
settle(null, tlsSocket);
});
@@ -990,6 +990,17 @@ function createProxyTunnelAgent(proxyUrl: URL): https.Agent {
}();
}
export function getProxyTunnelRejectUnauthorized(
rejectUnauthorized: https.RequestOptions['rejectUnauthorized'],
env: NodeJS.ProcessEnv = process.env
): boolean {
if (rejectUnauthorized === false) {
return false;
}
return env.NODE_TLS_REJECT_UNAUTHORIZED !== '0';
}
function fetchUsageApi(accessToken: string): Promise<UsageApiResult> {
return new Promise((resolve) => {
const host = 'api.anthropic.com';

20
tests/usage-api.test.js
View File

@@ -19,6 +19,7 @@ let resolveKeychainCredentials;
let getUsageApiTimeoutMs;
let isNoProxy;
let getProxyUrl;
let getProxyTunnelRejectUnauthorized;
let parseRetryAfterSeconds;
let USAGE_API_USER_AGENT;
@@ -55,6 +56,7 @@ before(async () => {
getUsageApiTimeoutMs,
isNoProxy,
getProxyUrl,
getProxyTunnelRejectUnauthorized,
parseRetryAfterSeconds,
USAGE_API_USER_AGENT,
} = await import(`../dist/usage-api.js?cacheBust=${Date.now()}`));
@@ -1024,6 +1026,24 @@ describe('getUsage', () => {
});
});
describe('getProxyTunnelRejectUnauthorized', () => {
test('defaults to strict TLS when no override is set', () => {
assert.equal(getProxyTunnelRejectUnauthorized(undefined, {}), true);
});
test('respects an explicit request override first', () => {
assert.equal(getProxyTunnelRejectUnauthorized(false, {}), false);
});
test('respects NODE_TLS_REJECT_UNAUTHORIZED=0 for proxy tunnels', () => {
assert.equal(getProxyTunnelRejectUnauthorized(undefined, { NODE_TLS_REJECT_UNAUTHORIZED: '0' }), false);
});
test('keeps TLS verification enabled for non-zero env values', () => {
assert.equal(getProxyTunnelRejectUnauthorized(undefined, { NODE_TLS_REJECT_UNAUTHORIZED: '1' }), true);
});
});
test('usage API user agent uses a non-empty claude-hud identifier', () => {
assert.equal(USAGE_API_USER_AGENT, 'claude-code/2.1');
});