feat: route plugin HTTP traffic through SOCKS5 proxy

Add PySocks dependency and shared src/derp/http.py module providing proxy-aware urlopen() and build_opener() that route through socks5h://127.0.0.1:1080. Subclassed SocksiPyHandler passes SSL context through to HTTPS connections. Swapped 14 external-facing plugins to use the proxied helpers. Local-only traffic (SearXNG, raw DNS/TLS sockets) stays direct. Updated test mocks in test_twitch and test_alert accordingly.
2026-02-15 15:53:49 +01:00
parent 10f62631be
commit 97bbc6a825
19 changed files with 151 additions and 47 deletions
--- a/tests/test_http.py
+++ b/tests/test_http.py
@@ -0,0 +1,59 @@
+"""Tests for the SOCKS5 proxy HTTP module."""
+
+import ssl
+import urllib.request
+
+from socks import SOCKS5
+
+from derp.http import _PROXY_ADDR, _PROXY_PORT, _ProxyHandler, build_opener
+
+
+class TestProxyHandler:
+    def test_uses_socks5(self):
+        handler = _ProxyHandler()
+        assert handler.args[0] == SOCKS5
+
+    def test_proxy_address(self):
+        handler = _ProxyHandler()
+        assert handler.args[1] == _PROXY_ADDR
+        assert handler.args[2] == _PROXY_PORT
+
+    def test_rdns_enabled(self):
+        handler = _ProxyHandler()
+        assert handler.args[3] is True
+
+    def test_default_ssl_context(self):
+        handler = _ProxyHandler()
+        assert isinstance(handler._ssl_context, ssl.SSLContext)
+
+    def test_custom_ssl_context(self):
+        ctx = ssl.create_default_context()
+        ctx.check_hostname = False
+        handler = _ProxyHandler(context=ctx)
+        assert handler._ssl_context is ctx
+
+    def test_is_https_handler(self):
+        handler = _ProxyHandler()
+        assert isinstance(handler, urllib.request.HTTPSHandler)
+
+
+class TestBuildOpener:
+    def test_includes_proxy_handler(self):
+        opener = build_opener()
+        proxy = [h for h in opener.handlers if isinstance(h, _ProxyHandler)]
+        assert len(proxy) == 1
+
+    def test_passes_extra_handlers(self):
+        class Custom(urllib.request.HTTPRedirectHandler):
+            pass
+
+        opener = build_opener(Custom)
+        custom = [h for h in opener.handlers if isinstance(h, Custom)]
+        assert len(custom) == 1
+
+    def test_passes_ssl_context(self):
+        ctx = ssl.create_default_context()
+        ctx.check_hostname = False
+        opener = build_opener(context=ctx)
+        proxy = [h for h in opener.handlers if isinstance(h, _ProxyHandler)][0]
+        assert proxy._ssl_context is ctx