Failing behind http proxy

[mfloriani]

I am trying to use the library from behind a http proxy according to the documentation.
Here the code I used to test the lib (secret key and proxy were hidden on purpose):

const HttpsProxyAgent = require('https-proxy-agent');
const stripe = require("stripe")("sk_test_*********************");

const proxy = 'http://99.999.9.99:80/';
const agent = new HttpsProxyAgent(proxy);
stripe.setHttpAgent(agent);

(async () => {
    try {
        const customer = await stripe.customers.retrieve('cus_EgVAwK8p8Hgi9U');
        console.log(customer.description, customer.email);
    } catch (error) {
        console.log(error);
    }
})();

But running the code above I get the error below:

{ Error: An error occurred with our connection to Stripe.
    at Constructor._Error (/home/mfloria1/workspace/stripe-test/node_modules/stripe/lib/Error.js:12:17)
    at Constructor (/home/mfloria1/workspace/stripe-test/node_modules/stripe/lib/utils.js:138:13)
    at new Constructor (/home/mfloria1/workspace/stripe-test/node_modules/stripe/lib/utils.js:138:13)
    at /home/mfloria1/workspace/stripe-test/node_modules/stripe/lib/StripeResource.js:206:9
    at ClientRequest.<anonymous> (/home/mfloria1/workspace/stripe-test/node_modules/stripe/lib/StripeResource.js:411:67)
    at ClientRequest.emit (events.js:197:13)
    at TLSSocket.socketErrorListener (_http_client.js:397:9)
    at TLSSocket.emit (events.js:197:13)
    at emitErrorNT (internal/streams/destroy.js:82:8)
    at emitErrorAndCloseNT (internal/streams/destroy.js:50:3)
  type: 'StripeConnectionError',
  stack:
   'Error: An error occurred with our connection to Stripe.\n    at Constructor._Error (/home/mfloria1/workspace/stripe-test/node_modules/stripe/lib/Error.js:12:17)\n    at Constructor (/home/mfloria1/workspace/stripe-test/node_modules/stripe/lib/utils.js:138:13)\n    at new Constructor (/home/mfloria1/workspace/stripe-test/node_modules/stripe/lib/utils.js:138:13)\n    at /home/mfloria1/workspace/stripe-test/node_modules/stripe/lib/StripeResource.js:206:9\n    at ClientRequest.<anonymous> (/home/mfloria1/workspace/stripe-test/node_modules/stripe/lib/StripeResource.js:411:67)\n    at ClientRequest.emit (events.js:197:13)\n    at TLSSocket.socketErrorListener (_http_client.js:397:9)\n    at TLSSocket.emit (events.js:197:13)\n    at emitErrorNT (internal/streams/destroy.js:82:8)\n    at emitErrorAndCloseNT (internal/streams/destroy.js:50:3)',
  rawType: undefined,
  code: undefined,
  param: undefined,
  message: 'An error occurred with our connection to Stripe.',
  detail:
   { Error: getaddrinfo ENOTFOUND api.stripe.com api.stripe.com:443
       at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:58:26)
     errno: 'ENOTFOUND',
     code: 'ENOTFOUND',
     syscall: 'getaddrinfo',
     hostname: 'api.stripe.com',
     host: 'api.stripe.com',
     port: '443' },
  raw:
   { message: 'An error occurred with our connection to Stripe.',
     detail:
      { Error: getaddrinfo ENOTFOUND api.stripe.com api.stripe.com:443
          at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:58:26)
        errno: 'ENOTFOUND',
        code: 'ENOTFOUND',
        syscall: 'getaddrinfo',
        hostname: 'api.stripe.com',
        host: 'api.stripe.com',
        port: '443' } },
  headers: undefined,
  requestId: undefined,
  statusCode: undefined }

After some time trying different things I decided to change the following function inside the stripe.js file:

stripe-node/lib/stripe.js

Line 239 in 44fd7d3

setHttpAgent: function(agent) {

The change that I did was basically forcing to use the https_agent once it was always hitting the else
condition. As you can see:

setHttpAgent: function(agent) {
    //if (agent instanceof https.Agent) {
      this._setApiField('https_agent', agent);
    //} else {
    //  this._setApiField('http_agent', agent);
    //}
  },

By doing that I could finally access Stripe using the library.

What would be the best solution?

[fred-stripe]

Hi there, the error message that was wrapped indicates that your proxy server wasn't able to resolve the DNS for api.stripe.com. I'm not certain why the change you made would cause things to start working, but before we go further can you confirm your proxy's behavior using curl? Running the following command will get you the entire proxy response and also the Stripe response:

curl -iv https://api.stripe.com/v1/account -H "Authorization: Bearer sk_test_BQokikJOvBiI2HlWgH4olfQ2" -x http://{yourproxy.ip}

That's the Stripe default testmode secret key. Your response should look similar to:

server: nginx
date: Wed, 13 Mar 2019 22:57:39 GMT
content-type: application/json
content-length: 735
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, OPTIONS, DELETE
access-control-allow-origin: *
access-control-expose-headers: Request-Id, Stripe-Manage-Version, X-Stripe-External-Auth-Required, X-Stripe-Privileged-Session-Required
access-control-max-age: 300
cache-control: no-cache, no-store
request-id: req_YLIfsStlfCNuBY
stripe-version: 2019-02-19
strict-transport-security: max-age=31556926; includeSubDomains; preload

{
  "id": "acct_1032D82eZvKYlo2C",
…

As well as contain debugging info from curl and your proxy. If you'd prefer to share this information privately, please contact Stripe support and reference this GitHub issue. Thanks!

[mfloriani]

Hi @fred-stripe ,

Here it is the response from the curl you gave me:

*   Trying {MY-PROXY-IP}...
* Connected to {MY-PROXY-IP} (MY-PROXY-IP) port 80 (#0)
* Establish HTTP proxy tunnel to api.stripe.com:443
> CONNECT api.stripe.com:443 HTTP/1.1
> Host: api.stripe.com:443
> User-Agent: curl/7.47.0
> Proxy-Connection: Keep-Alive
> 
< HTTP/1.1 200 Connection Established
HTTP/1.1 200 Connection Established
< Proxy-Agent: Zscaler/5.6
Proxy-Agent: Zscaler/5.6
< 

* Proxy replied OK to CONNECT request
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* 	 server certificate verification OK
* 	 server certificate status verification SKIPPED
* 	 common name: api.stripe.com (matched)
* 	 server certificate expiration date OK
* 	 server certificate activation date OK
* 	 certificate public key: RSA
* 	 certificate version: #3
* 	 subject: businessCategory=Private Organization,jurisdictionOfIncorporationCountryName=US,jurisdictionOfIncorporationStateOrProvinceName=Delaware,serialNumber=4675506,C=US,ST=California,L=San Francisco,O=Stripe\, Inc,CN=api.stripe.com
* 	 start date: Wed, 27 Feb 2019 00:00:00 GMT
* 	 expire date: Tue, 04 Jun 2019 12:00:00 GMT
* 	 issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert SHA2 Extended Validation Server CA
* 	 compression: NULL
* ALPN, server accepted to use http/1.1
> GET /v1/account HTTP/1.1
> Host: api.stripe.com
> User-Agent: curl/7.47.0
> Accept: */*
> Authorization: Bearer sk_test_BQokikJOvBiI2HlWgH4olfQ2
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: nginx
Server: nginx
< Date: Thu, 14 Mar 2019 09:09:44 GMT
Date: Thu, 14 Mar 2019 09:09:44 GMT
< Content-Type: application/json
Content-Type: application/json
< Content-Length: 735
Content-Length: 735
< Connection: keep-alive
Connection: keep-alive
< Access-Control-Allow-Credentials: true
Access-Control-Allow-Credentials: true
< Access-Control-Allow-Methods: GET, POST, HEAD, OPTIONS, DELETE
Access-Control-Allow-Methods: GET, POST, HEAD, OPTIONS, DELETE
< Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: *
< Access-Control-Expose-Headers: Request-Id, Stripe-Manage-Version, X-Stripe-External-Auth-Required, X-Stripe-Privileged-Session-Required
Access-Control-Expose-Headers: Request-Id, Stripe-Manage-Version, X-Stripe-External-Auth-Required, X-Stripe-Privileged-Session-Required
< Access-Control-Max-Age: 300
Access-Control-Max-Age: 300
< Cache-Control: no-cache, no-store
Cache-Control: no-cache, no-store
< Request-Id: req_s6W2HTR6t2cQZi
Request-Id: req_s6W2HTR6t2cQZi
< Stripe-Version: 2019-02-19
Stripe-Version: 2019-02-19
< Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload

< 
{
  "id": "acct_1032D82eZvKYlo2C",
  "object": "account",
  "business_profile": {
    "mcc": null,
    "name": "Stripe.com",
    "support_address": null,
    "support_email": null,
    "support_phone": null,
    "support_url": null,
    "url": null
  },
  "charges_enabled": false,
  "country": "US",
  "default_currency": "usd",
  "details_submitted": false,
  "email": "site@stripe.com",
  "payouts_enabled": false,
  "settings": {
    "branding": {
      "icon": null,
      "logo": null,
      "primary_color": null
    },
    "card_payments": {
    },
    "dashboard": {
      "display_name": "Stripe.com",
      "timezone": "US/Pacific"
    },
    "payments": {
      "statement_descriptor": ""
    }
  },
  "type": "standard"
}
* Connection #0 to host {MY-PROXY-IP} left intact

[ob-stripe]

Hi @mfloriani, thanks for reporting this. We recently broke support for HTTPS proxies when we enabled persistent connections by default in #560. A fix will be released soon. Sorry for the inconvenience!

[ob-stripe]

Fixed in 6.26.1.