better we.bslty & deveop integration

back/src/Enum/EnvironmentVariable.ts

@@ -14,6 +14,8 @@ export const MAX_PER_GROUP = parseInt(process.env.MAX_PER_GROUP || "4");
 export const REDIS_HOST = process.env.REDIS_HOST || undefined;
 export const REDIS_PORT = parseInt(process.env.REDIS_PORT || "6379") || 6379;
 export const REDIS_PASSWORD = process.env.REDIS_PASSWORD || undefined;
+export const DEBUG_IGNORE_SSL = process.env.DEBUG_IGNORE_SSL ? process.env.DEBUG_IGNORE_SSL == "true" : false;
+export const DEBUG_BACK_IGNORE_LOCAL = process.env.DEBUG_BACK_IGNORE_LOCAL ? process.env.DEBUG_BACK_IGNORE_LOCAL == "true" : false;
 
 export {
     MINIMUM_DISTANCE,

back/src/Services/MapFetcher.ts

@@ -1,19 +1,34 @@
 import Axios from "axios";
+import { AxiosRequestConfig } from "axios";
+import https from "https";
 import ipaddr from "ipaddr.js";
 import { Resolver } from "dns";
 import { promisify } from "util";
 import { LocalUrlError } from "./LocalUrlError";
 import { ITiledMap } from "@workadventure/tiled-map-type-guard";
 import { isTiledMap } from "@workadventure/tiled-map-type-guard/dist";
+import { DEBUG_IGNORE_SSL, DEBUG_BACK_IGNORE_LOCAL } from "../Enum/EnvironmentVariable";
 
 class MapFetcher {
     async fetchMap(mapUrl: string): Promise<ITiledMap> {
         // Before trying to make the query, let's verify the map is actually on the open internet (and not a local test map)
 
-        if (await this.isLocalUrl(mapUrl)) {
+        if (!DEBUG_BACK_IGNORE_LOCAL && await this.isLocalUrl(mapUrl)) {
             throw new LocalUrlError('URL for map "' + mapUrl + '" targets a local map');
         }
 
+        const axiosConfig: AxiosRequestConfig = {
+            maxContentLength: 50 * 1024 * 1024, // Max content length: 50MB. Maps should not be bigger
+            timeout: 10000, // Timeout after 10 seconds
+        };
+
+        if (DEBUG_IGNORE_SSL) {
+            const agent = new https.Agent({
+                rejectUnauthorized: false,
+            });
+            axiosConfig.httpsAgent = agent;
+        }
+
         // Note: mapUrl is provided by the client. A possible attack vector would be to use a rogue DNS server that
         // returns local URLs. Alas, Axios cannot pin a URL to a given IP. So "isLocalUrl" and Axios.get could potentially
         // target to different servers (and one could trick Axios.get into loading resources on the internal network
@@ -21,16 +36,18 @@ class MapFetcher {
         // We can deem this problem not that important because:
         // - We make sure we are only passing "GET" requests
         // - The result of the query is never displayed to the end user
-        const res = await Axios.get(mapUrl, {
-            maxContentLength: 50 * 1024 * 1024, // Max content length: 50MB. Maps should not be bigger
-            timeout: 10000, // Timeout after 10 seconds
-        });
+        const res = await Axios.get(mapUrl, axiosConfig);
 
-        if (!isTiledMap(res.data)) {
-            //TODO fixme
-            //throw new Error("Invalid map format for map " + mapUrl);
+        try {
+            if (!isTiledMap(res.data)) {
+                //TODO fixme
+                //throw new Error("Invalid map format for map " + mapUrl);
+                console.error("Invalid map format for map " + mapUrl);
+            }
+        } catch (e)  {
             console.error("Invalid map format for map " + mapUrl);
         }
+        
 
         return res.data;
     }
@@ -52,7 +69,7 @@ class MapFetcher {
             const resolver = new Resolver();
             addresses = await promisify(resolver.resolve).bind(resolver)(urlObj.hostname);
         } else {
-            addresses = [urlObj.hostname];
+            addresses = [ urlObj.hostname ];
         }
 
         for (const address of addresses) {