fix(gateway): remove no-verify SSL context from proxy (#7)
All internal services use plain HTTP (Docker network). The _internal_ssl_ctx with disabled cert verification was a no-op for HTTP URLs but suggested TLS bypass was in use. - Removed _internal_ssl_ctx from config.py - Removed ssl import from config.py - proxy.py now calls urlopen() without context parameter - External calls (OpenAI, SMTP2GO, Open Library) already use default TLS verification Verified: dashboard, trips, fitness, budget, inventory all respond correctly.
This commit is contained in:
Yusuf Suleman
@@ -3,7 +3,6 @@ Platform Gateway — Configuration constants and environment variables.
|
||||
"""
|
||||
|
||||
import os
|
||||
import ssl
|
||||
from pathlib import Path
|
||||
|
||||
# ── Server ──
|
||||
@@ -62,9 +61,7 @@ SESSION_MAX_AGE = int(os.environ.get("SESSION_MAX_AGE", 30 * 86400)) # 30 days
|
||||
# ── Ensure data dir exists ──
|
||||
DATA_DIR.mkdir(parents=True, exist_ok=True)
|
||||
|
||||
# ── SSL contexts ──
|
||||
# Internal: skip verification for Docker-internal services (no valid certs)
|
||||
_internal_ssl_ctx = ssl.create_default_context()
|
||||
_internal_ssl_ctx.check_hostname = False
|
||||
_internal_ssl_ctx.verify_mode = ssl.CERT_NONE
|
||||
# Note: All internal services use plain HTTP (Docker network).
|
||||
# No custom SSL context needed. External calls (OpenAI, SMTP2GO, Open Library)
|
||||
# use default TLS verification.
|
||||
|
||||
|
||||
@@ -6,18 +6,19 @@ import json
|
||||
import urllib.request
|
||||
import urllib.error
|
||||
|
||||
from config import _internal_ssl_ctx
|
||||
from database import get_db
|
||||
|
||||
|
||||
def proxy_request(target_url, method, headers, body=None, timeout=120):
|
||||
"""Proxy a request to a backend service. Returns (status, response_headers, response_body)."""
|
||||
"""Proxy a request to a backend service. Returns (status, response_headers, response_body).
|
||||
All internal services use plain HTTP (Docker network) — no SSL context needed.
|
||||
"""
|
||||
try:
|
||||
req = urllib.request.Request(target_url, data=body, method=method)
|
||||
for k, v in headers.items():
|
||||
req.add_header(k, v)
|
||||
|
||||
with urllib.request.urlopen(req, context=_internal_ssl_ctx, timeout=timeout) as resp:
|
||||
with urllib.request.urlopen(req, timeout=timeout) as resp:
|
||||
resp_body = resp.read()
|
||||
resp_headers = dict(resp.headers)
|
||||
return resp.status, resp_headers, resp_body
|
||||
|
||||
Reference in New Issue
Block a user