webhookx-io
diff --git a/‎app/app.go‎
Lines changed: 20 additions & 1 deletion b/‎app/app.go‎
Lines changed: 20 additions & 1 deletion
diff --git a/‎config.yml‎
Lines changed: 9 additions & 0 deletions b/‎config.yml‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎config/config_test.go‎
Lines changed: 48 additions & 0 deletions b/‎config/config_test.go‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎config/worker.go‎
Lines changed: 21 additions & 2 deletions b/‎config/worker.go‎
Lines changed: 21 additions & 2 deletions
diff --git a/‎go.mod‎
Lines changed: 1 addition & 0 deletions b/‎go.mod‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎go.sum‎
Lines changed: 2 additions & 0 deletions b/‎go.sum‎
Lines changed: 2 additions & 0 deletions
@@ -174,10 +174,29 @@ func (app *Application) initialize() error {
 
 	// worker
 	if cfg.Worker.Enabled {
+		d := deliverer.NewHTTPDeliverer(deliverer.Options{
+			Logger:         log,
+			RequestTimeout: time.Duration(cfg.Worker.Deliverer.Timeout) * time.Millisecond,
+			AccessControlOptions: deliverer.AccessControlOptions{
+				Deny: cfg.Worker.Deliverer.ACL.Deny,
+			},
+		})
+		if cfg.Worker.Deliverer.Proxy != "" {
+			err := d.SetupProxy(deliverer.ProxyOptions{
+				URL:              cfg.Worker.Deliverer.Proxy,
+				TLSCert:          cfg.Worker.Deliverer.ProxyTLSCert,
+				TLSKey:           cfg.Worker.Deliverer.ProxyTLSKey,
+				TLSCaCertificate: cfg.Worker.Deliverer.ProxyTLSCaCert,
+				TLSVerify:        cfg.Worker.Deliverer.ProxyTLSVerify,
+			})
+			if err != nil {
+				return err
+			}
+		}
 		opts := worker.Options{
 			PoolSize:        int(cfg.Worker.Pool.Size),
 			PoolConcurrency: int(cfg.Worker.Pool.Concurrency),
-			Deliverer:       deliverer.NewHTTPDeliverer(&cfg.Worker.Deliverer),
+			Deliverer:       d,
 			DB:              db,
 			Srv:             app.srv,
 			Tracer:          tracer,
 
@@ -91,6 +91,15 @@ worker:
                                     #   - '2606:2800:220:1:248:1893:25c8:1946'
                                     #   - '*.example.com'
                                     #
+    #proxy:                         # Proxy server URL. Supports HTTP and HTTPS.
+                                    # When a proxy is enabled, the ACL is automatically disabled.
+                                    # Example of HTTP: http://<host>:<port>
+                                    # Example of HTTPS: https://<host>:<port>
+    #proxy_tls_cert:                # Path to the client certificate file used for mTLS proxy authentication.
+    #proxy_tls_key:                 # Path to the client private key file used for mTLS proxy authentication.
+    #proxy_tls_ca_cert:             # Path to the CA certificate file used to verify the HTTPS proxy’s certificate.
+    #proxy_tls_verify: true         # Whether to verify the proxy server's TLS certificate.
+
   pool:
     size: 10000                     # pool size, default to 10000.
     concurrency: 0                  # pool concurrency, default to 100 * CPUs
 
@@ -431,6 +431,54 @@ func TestWorkerConfig(t *testing.T) {
 	}
 }
 
+func TestWorkerProxyConfig(t *testing.T) {
+	tests := []struct {
+		desc        string
+		cfg         WorkerDeliverer
+		validateErr error
+	}{
+		{
+			desc: "sanity",
+			cfg: WorkerDeliverer{
+				Proxy: "http://example.com:8080",
+			},
+			validateErr: nil,
+		},
+		{
+			desc: "invalid proxy url: missing schema",
+			cfg: WorkerDeliverer{
+				Proxy: "example.com",
+			},
+			validateErr: errors.New("invalid proxy url: 'example.com'"),
+		},
+		{
+			desc: "invalid proxy url: invalid schema ",
+			cfg: WorkerDeliverer{
+				Proxy: "ftp://example.com",
+			},
+			validateErr: errors.New("proxy schema must be http or https"),
+		},
+		{
+			desc: "invalid proxy url: missing host ",
+			cfg: WorkerDeliverer{
+				Proxy: "http://",
+			},
+			validateErr: errors.New("invalid proxy url: 'http://'"),
+		},
+		{
+			desc: "invalid proxy url: missing host ",
+			cfg: WorkerDeliverer{
+				Proxy: "http ://",
+			},
+			validateErr: errors.New("invalid proxy url: parse \"http ://\": first path segment in URL cannot contain colon"),
+		},
+	}
+	for _, test := range tests {
+		actual := test.cfg.Validate()
+		assert.Equal(t, test.validateErr, actual, "expected %v got %v", test.validateErr, actual)
+	}
+}
+
 func TestConfig(t *testing.T) {
 	cfg, err := Init()
 	assert.Nil(t, err)
 
@@ -3,13 +3,19 @@ package config
 import (
 	"fmt"
 	"net/netip"
+	"net/url"
 	"regexp"
 	"slices"
 )
 
 type WorkerDeliverer struct {
-	Timeout int64     `yaml:"timeout" json:"timeout" default:"60000"`
-	ACL     ACLConfig `yaml:"acl" json:"acl"`
+	Timeout        int64     `yaml:"timeout" json:"timeout" default:"60000"`
+	ACL            ACLConfig `yaml:"acl" json:"acl"`
+	Proxy          string    `yaml:"proxy" json:"proxy"`
+	ProxyTLSCert   string    `yaml:"proxy_tls_cert" json:"proxy_tls_cert" envconfig:"PROXY_TLS_CERT"`
+	ProxyTLSKey    string    `yaml:"proxy_tls_key" json:"proxy_tls_key" envconfig:"PROXY_TLS_KEY"`
+	ProxyTLSCaCert string    `yaml:"proxy_tls_ca_cert" json:"proxy_tls_ca_cert" envconfig:"PROXY_TLS_CA_CERT"`
+	ProxyTLSVerify bool      `yaml:"proxy_tls_verify" json:"proxy_tls_verify" envconfig:"PROXY_TLS_VERIFY"`
 }
 
 func (cfg *WorkerDeliverer) Validate() error {
@@ -19,6 +25,19 @@ func (cfg *WorkerDeliverer) Validate() error {
 	if err := cfg.ACL.Validate(); err != nil {
 		return err
 	}
+	if cfg.Proxy != "" {
+		u, err := url.Parse(cfg.Proxy)
+		if err != nil {
+			return fmt.Errorf("invalid proxy url: %s", err)
+		}
+		if u.Scheme == "" || u.Host == "" {
+			return fmt.Errorf("invalid proxy url: '%s'", cfg.Proxy)
+		}
+		if u.Scheme != "http" && u.Scheme != "https" {
+			return fmt.Errorf("proxy schema must be http or https")
+		}
+	}
+
 	return nil
 }
 
 
@@ -7,6 +7,7 @@ require (
 	github.com/asaskevich/EventBus v0.0.0-20200907212545-49d423059eef
 	github.com/creasty/defaults v1.8.0
 	github.com/dop251/goja v0.0.0-20250309171923-bcd7cc6bf64c
+	github.com/elazarl/goproxy v1.7.2
 	github.com/getkin/kin-openapi v0.132.0
 	github.com/go-kit/kit v0.13.0
 	github.com/go-playground/validator/v10 v10.26.0
 
@@ -48,6 +48,8 @@ github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/dop251/goja v0.0.0-20250309171923-bcd7cc6bf64c h1:mxWGS0YyquJ/ikZOjSrRjjFIbUqIP9ojyYQ+QZTU3Rg=
 github.com/dop251/goja v0.0.0-20250309171923-bcd7cc6bf64c/go.mod h1:MxLav0peU43GgvwVgNbLAj1s/bSGboKkhuULvq/7hx4=
+github.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o=
+github.com/elazarl/goproxy v1.7.2/go.mod h1:82vkLNir0ALaW14Rc399OTTjyNREgmdL2cVoIbS6XaE=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=