Support for proxy and custom certificate configuration

ricOC3 commented 1 month ago

Motivation

When using the TinyMist Typst VSCode extension in a proxy environment, I encountered an issue where document preview fails with the following error:

typst_ts_compiler error: failed to download package: error trying to connect: invalid peer certificate: UnknownIssuer

This issue hinders the use of the extension in environments with strict network security, such as corporate networks.

Description

The issue appears to be related to certificate verification in a proxy environment. A similar problem has been reported in the Typst repository (see Typst Issue #1678), where the solution involved allowing environment variables or CLI arguments to bypass the certificate verification.

It would be beneficial if the TinyMist Typst extension could also support similar options, enabling users to configure the extension for proxy environments where certificate verification might fail.

Examples/Questions

Is it possible to implement the support for environment variables or CLI arguments in TinyMist Typst to handle certificate verification issues in proxy environments?
Would this feature allow users to set specific proxy-related configurations that could resolve this error?

Finally, this is my first time posting an issue, so I apologize if there are any mistakes or if I've overlooked anything.

Thank you for your time and for developing such a helpful tool!

Myriad-Dreamin commented 1 month ago

This is not supported yet.

Workaround

As a workaround, please use typst compile ${CERT_ARGS} to compile your document first to download them manually.

Implementation guide

Add config

Every typst-cli compatible arguments can be copied from typst-cli to this struct.

https://github.com/Myriad-Dreamin/tinymist/blob/98570a00f00b575ef02c00b34bc200d67d935e97/crates/tinymist/src/world.rs#L43-L45

Support http connection with certificate configurations

Implement a HttpRegistry supporting certificate configuration, and change the compiler feature here:

https://github.com/Myriad-Dreamin/tinymist/blob/98570a00f00b575ef02c00b34bc200d67d935e97/crates/tinymist/src/world.rs#L80-L81

The current feature is:

/// type trait of [`TypstSystemWorld`].
#[derive(Debug, Clone, Copy)]
pub struct SystemCompilerFeat;

impl crate::CompilerFeat for SystemCompilerFeat {

    type Registry = HttpRegistry;
    //              ^^^^^^^^^^^^ replace me.
}

https://github.com/Myriad-Dreamin/typst.ts/blob/5cc1c4238dbd365dcb63c2420f49b4283f58cf30/crates/reflexo-world/src/system.rs#L13-L24

Validate implementation

Add a config:

{
  "tinymist.typstExtraArgs": ["--certificate-path", "path/to/certificates"]
}

And bootstrap it by F5. See CONTRIBUTING.md.

ricOC3 commented 1 month ago

@Myriad-Dreamin

Thank you for the quick response and for providing the workaround! Unfortunately, due to personal commitments, I’ll be away from my proxy environment for about a week, so it might take some time before I can report back on whether it works. I apologize for the delay.

The implementation guide is very helpful as well. Although I haven't worked with Rust before, I hope to explore it during this break. Thank you again for your assistance and for such a detailed response!

ricOC3 commented 2 weeks ago

@Myriad-Dreamin

I apologize for the delayed response.

Workaround

As a workaround, please use typst compile ${CERT_ARGS} to compile your document first to download them manually.

The workaround worked well, thank you!

I've also started exploring the implementation, but a couple of questions have come up. If you don't mind, could you please provide some guidance?

The current feature is:
/// type trait of [`TypstSystemWorld`].
#[derive(Debug, Clone, Copy)]
pub struct SystemCompilerFeat;

impl crate::CompilerFeat for SystemCompilerFeat {

    type Registry = HttpRegistry;
    //              ^^^^^^^^^^^^ replace me.
}
https://github.com/Myriad-Dreamin/typst.ts/blob/5cc1c4238dbd365dcb63c2420f49b4283f58cf30/crates/reflexo-world/src/system.rs#L13-L24

Since this change will involve modifying a part of typst.ts, should I first submit a pull request to that repository?

Add config

Every typst-cli compatible arguments can be copied from typst-cli to this struct.

https://github.com/Myriad-Dreamin/tinymist/blob/98570a00f00b575ef02c00b34bc200d67d935e97/crates/tinymist/src/world.rs#L43-L45

Validate implementation

Add a config:
{
  "tinymist.typstExtraArgs": ["--certificate-path", "path/to/certificates"]
}
And bootstrap it by F5. See CONTRIBUTING.md.

When checking the task output, I noticed that the options weren't reflected in CompileOnceArgs within PreviewCliArgs. I wasn't sure how to correctly implement it. Is it okay if they aren't reflected, or is there something specific I need to do?

Thank you again for your continued support!

Myriad-Dreamin commented 2 weeks ago

Thank you for looking into this feature.

Since this change will involve modifying a part of typst.ts, should I first submit a pull request to that repository?

You could change the LspCompilerFeat to so that we can work on solely tinymist without having to change typst.ts:

/// type trait of [`LspWorld`].
#[derive(Debug, Clone, Copy)]
pub struct LspCompilerFeat;

impl crate::CompilerFeat for LspCompilerFeat {

    type Registry = HttpRegistry;
    //              ^^^^^^^^^^^^ replace me.
}

This means that we don't share compiler features with typst.ts to implement more for tinymist.

I noticed that the options weren't reflected in CompileOnceArgs within PreviewCliArgs.

It sounds like some misunderstanding on some details, and not very related to just make our minimum viable product, to make it just work on your PC. I can point out the error if we start to finally polish the feature PR. What's more, I believe both preview and lsp shares a same world implementation and there is no problem.

Myriad-Dreamin / tinymist