check that when used, proxy url starts with http and do proxy hostname dns lookup to confirm connectivity

T0MASD · T0MASD · commit fa622d3ae610 · 2025-08-11T19:07:58.000+01:00
diff --git a/pkg/cli/config/config.go b/pkg/cli/config/config.go
@@ -3,6 +3,7 @@ package config
 import (
 	"context"
 	"fmt"
+	"net"
 	"net/http"
 	"net/url"
 	"os"
@@ -410,6 +411,15 @@ func (config *BackplaneConfiguration) testHTTPRequestToBackplaneAPI() (bool, err
 		if err != nil {
 			return false, err
 		}
+		scheme := proxyURL.Scheme
+		if scheme != "http" && scheme != "https" {
+			return false, fmt.Errorf("proxy URL scheme must be http or https, got: %s", scheme)
+		}
+		hostname := proxyURL.Hostname()
+		_, err = net.LookupHost(hostname)
+		if err != nil {
+			return false, fmt.Errorf("DNS lookup failed for proxy hostname '%s': %v (check network connectivity or VPN if required)", hostname, err)
+		}		
 		http.DefaultTransport = &http.Transport{Proxy: http.ProxyURL(proxyURL)}
 	}
 
diff --git a/pkg/cli/config/config_test.go b/pkg/cli/config/config_test.go
@@ -7,6 +7,7 @@ import (
 	"net/http/httptest"
 	"net/url"
 	"os"
+	"strings"
 	"testing"
 
 	"github.com/spf13/viper"
@@ -85,8 +86,55 @@ func TestGetBackplaneConnection(t *testing.T) {
 			t.Failed()
 		}
 	})
+
+	t.Run("should pass for valid http proxy URL", func(t *testing.T) {
+		proxyURL := "http://www.example.com"
+		config := BackplaneConfiguration{URL: "https://api.example.com", ProxyURL: &proxyURL}
+		_, err := config.testHTTPRequestToBackplaneAPI()
+		
+		// Should not get scheme validation error (DNS lookup error is expected)
+		if err != nil && strings.Contains(err.Error(), "proxy URL scheme must be http or https") {
+			t.Errorf("unexpected scheme validation error: %v", err)
+		}
+	})
+
+	t.Run("should pass for valid https proxy URL", func(t *testing.T) {
+		proxyURL := "https://www.example.com"
+		config := BackplaneConfiguration{URL: "https://api.example.com", ProxyURL: &proxyURL}
+		_, err := config.testHTTPRequestToBackplaneAPI()
+		
+		// Should not get scheme validation error (DNS lookup error is expected)
+		if err != nil && strings.Contains(err.Error(), "proxy URL scheme must be http or https") {
+			t.Errorf("unexpected scheme validation error: %v", err)
+		}
+	})
+
+	t.Run("should fail for proxy URL without scheme", func(t *testing.T) {
+		proxyURL := "www.example.com"
+		config := BackplaneConfiguration{URL: "https://api.example.com", ProxyURL: &proxyURL}
+		_, err := config.testHTTPRequestToBackplaneAPI()
+		
+		if err == nil {
+			t.Errorf("expected error but got none")
+		} else if !strings.Contains(err.Error(), "proxy URL scheme must be http or https, got:") {
+			t.Errorf("expected scheme validation error, got: %s", err.Error())
+		}
+	})
+
+	t.Run("should fail for ftp proxy URL", func(t *testing.T) {
+		proxyURL := "ftp://www.example.com"
+		config := BackplaneConfiguration{URL: "https://api.example.com", ProxyURL: &proxyURL}
+		_, err := config.testHTTPRequestToBackplaneAPI()
+		
+		if err == nil {
+			t.Errorf("expected error but got none")
+		} else if !strings.Contains(err.Error(), "proxy URL scheme must be http or https, got: ftp") {
+			t.Errorf("expected scheme validation error for ftp, got: %s", err.Error())
+		}
+	})
 }
 
+
 func TestBackplaneConfiguration_getFirstWorkingProxyURL(t *testing.T) {
 	tests := []struct {
 		name     string
