Jupyterhub Configurable Http Proxy issue

Question

I have been working with Jupyterhub's Configurable Http Proxy and I have been adding the necessary options for the proxy to handle client's ssl certificates without having to use the command line options.

My main goal is that I want to take in a clients request to the proxy and add their certificate information to the header. Once in the header, I will use jupyterhub's authenticator to craft a username.

My issue is that when I use the proxy.on('proxyReq method available for the http-proxy to set the header, I get this error: [Error: Can't set headers after they are sent.]

I have been looking all over the code to see where a response/request is being written or sent, but I cannot find it.

Here is the ConfigurableProxy function code, I can give you more if needed:

function ConfigurableProxy (options) {

var that = this;
this.options = options || {};
this.trie = new trie.URLTrie();
this.auth_token = this.options.auth_token;
this.includePrefix = options.includePrefix === undefined ? true : options.includePrefix;
this.routes = {};
this.host_routing = this.options.host_routing;
this.error_target = options.error_target;
if (this.error_target && this.error_target.slice(-1) !== '/') {
    this.error_target = this.error_target + '/'; // ensure trailing /
}
this.error_path = options.error_path || path.join(__dirname, 'error');

if (this.options.default_target) {
    this.add_route('/', {
        target: this.options.default_target
    });
}

options.ws = true;
options.secure= true;
// These are the ssl options

options.ssl = {
    //Right the key and cert are relative path on my computer
    //but these can be changed.
    key: fs.readFileSync('/Users/grantherman/Desktop/jupyterHubCSProject/ssl/server.key'),
    cert: fs.readFileSync('/Users/grantherman/Desktop/jupyterHubCSProject/ssl/server.crt'),
    requestCert: true,
    //Right now this is set to false, but if we add a CA to these options
    // and set this to true, the proxy will reject all unkown ssl certs
    rejectUnauthorized: false
};
var response = [];
var data = [];
var proxy = this.proxy = httpProxy.createProxyServer(options);

proxy.on('proxyReq', function(proxyReq, req, res, options) {
    console.log("proxy request");
    try{
  proxyReq.setHeader('X-Special-Proxy-Header', req.socket.getPeerCertificate());

  }catch(err){
    console.log(err);
    }

});

 proxy.on('data', function(data, req, res, options) {
  data.push(data);
  });

proxy.on('proxyRes', function(proxyRes, req, res, options) {
  response.push(proxyRes);
  });

proxy.on('error', function(error, req, res, options) {
    log.add(error);

});

proxy.on('close', function (req, socket, head) {
  // view disconnected websocket connections
  console.log('Client disconnected');
});


// tornado-style regex routing,
// because cross-language cargo-culting is always a good idea

this.api_handlers = [
    [ /^\/api\/routes(\/.*)?$/, {
        get : bound(this, authorized(this.get_routes)),
        post : json_handler(bound(this, authorized(this.post_routes))),
        'delete' : bound(this, authorized(this.delete_routes))
    } ]
];

Answer 1

I think this is going to require modifications to configurable-http-proxy itself. The place to add headers is on the original req object prior to initiating the proxied request, here.

It would look something like:

ConfigurableProxy.prototype.handle_proxy = function (kind, req, res) {
    ...
    req.headers['X-My-Header'] = 'My-Value';
    // dispatch the actual method
    this.proxy[kind].apply(this.proxy, args);

Adding a hook to CHP for modifying the request here, on its way through, should make this doable without modifying the CHP source.