yusiboyz/platform
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(gateway): remove no-verify SSL context from proxy (#7)
Some checks failed
Security Checks / dependency-audit (push) Has been cancelled
Details
Security Checks / secret-scanning (push) Has been cancelled
Details
Security Checks / dockerfile-lint (push) Has been cancelled
Details

Browse Source 
All internal services use plain HTTP (Docker network). The
_internal_ssl_ctx with disabled cert verification was a no-op
for HTTP URLs but suggested TLS bypass was in use.

- Removed _internal_ssl_ctx from config.py
- Removed ssl import from config.py
- proxy.py now calls urlopen() without context parameter
- External calls (OpenAI, SMTP2GO, Open Library) already use
  default TLS verification

Verified: dashboard, trips, fitness, budget, inventory all respond correctly.
This commit is contained in:
Yusuf Suleman
2026-03-29 13:46:11 -05:00
parent 4ecd2336b5
commit 7c05ef14c7
3 changed files with 55 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
gateway/proxy.py
View File

@@ -6,18 +6,19 @@ import json
import urllib.request
import urllib.error
from config import _internal_ssl_ctx
from database import get_db
def proxy_request(target_url, method, headers, body=None, timeout=120):
"""Proxy a request to a backend service. Returns (status, response_headers, response_body)."""
"""Proxy a request to a backend service. Returns (status, response_headers, response_body).
All internal services use plain HTTP (Docker network) — no SSL context needed.
"""
try:
req = urllib.request.Request(target_url, data=body, method=method)
for k, v in headers.items():
req.add_header(k, v)
with urllib.request.urlopen(req, context=_internal_ssl_ctx, timeout=timeout) as resp:
with urllib.request.urlopen(req, timeout=timeout) as resp:
resp_body = resp.read()
resp_headers = dict(resp.headers)
return resp.status, resp_headers, resp_body