containerization/Sources/ContainerizationExtras/ProxyUtils.swift at a82357bd8dbb91192ad47e84920af52053340296 · adityaramani/containerization · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
//===----------------------------------------------------------------------===//
// Copyright © 2025-2026 Apple Inc. and the Containerization project authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//   https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//===----------------------------------------------------------------------===//

import ContainerizationError
import Foundation

/// A small utility to resolve proxy settings (HTTP(S)_PROXY / NO_PROXY).
public enum ProxyUtils {
    /// Resolves the proxy URL for a given host based on environment variables.
    /// Malformed http_proxy or https_proxy URLs are ignored.
    /// Uses Go-style handling rules:
    ///   - Uppercase environment variables take priority over lowercase counterparts.
    ///   - Leading dot on no_proxy component implies prefix matching.
    ///
    /// - Parameters:
    ///   - scheme: The request scheme.
    ///   - host: The request hostname.
    ///   - env: Environment variables to check, dafaulting to the process environment.
    ///
    /// - Returns: The proxy URL to use, or `nil` for transparent connection.
    public static func proxyFromEnvironment(
        scheme: String?,
        host: String,
        env: [String: String] = ProcessInfo.processInfo.environment
    ) -> URL? {
        guard let scheme else {
            return nil
        }

        let httpProxy = env["HTTP_PROXY"] ?? env["http_proxy"]
        let httpsProxy = env["HTTPS_PROXY"] ?? env["https_proxy"]
        let noProxy = env["NO_PROXY"] ?? env["no_proxy"]

        // If NO_PROXY matches → skip proxy
        if let noProxy, shouldBypassProxy(host: host, noProxy: noProxy) {
            return nil
        }

        // Select proxy based on scheme, defaulting to http.
        let proxy = scheme == "https" ? httpsProxy : httpProxy
        guard let proxy, let proxyUrl = URL(string: proxy) else {
            return nil
        }

        return proxyUrl
    }

    /// Check if a host should bypass proxy according to NO_PROXY.
    /// - Example: NO_PROXY=".example.com,localhost,127.0.0.1"
    private static func shouldBypassProxy(host: String, noProxy: String) -> Bool {
        let entries = noProxy.split(separator: ",").map { $0.trimmingCharacters(in: .whitespaces) }
        for entry in entries {
            if entry.isEmpty { continue }
            if entry == "*" { return true }
            if host == entry { return true }
            if entry.hasPrefix("*.") {
                let suffix = String(entry.dropFirst())
                if host.hasSuffix(suffix) { return true }
            }
            if entry.hasPrefix(".") && host.hasSuffix(entry) { return true }
        }
        return false
    }
}