feat(proxy): add proxy support to AmazonCreatorsApi#150
Open
mekarpeles wants to merge 2 commits into
Open
Conversation
Fixes two independent gaps that prevented routing traffic through an HTTP proxy: 1. AmazonCreatorsApi.__init__ now accepts a `proxy` URL parameter and passes it to ApiClient via a Configuration object. RESTClientObject already used urllib3.ProxyManager when configuration.proxy was set; this just wires the public API through to it. 2. OAuth2TokenManager.refresh_token() previously called requests.post() directly, bypassing any proxy configuration. It now creates a requests.Session and sets .proxies when a proxy URL is provided, ensuring token refresh on cold cache also routes through the proxy. Closes sergioteula#149 Co-authored-by: Claude (claude-sonnet-4-6) <claude[bot]@users.noreply.github.com>
mekarpeles
force-pushed
the
proxy-support
branch
from
cf9a50f to
9f9aa4f
Compare
urllib3.ProxyManager ignores userinfo embedded in the proxy URL when establishing HTTPS CONNECT tunnels — it only reads the netloc for the tunnel destination, not the proxy auth headers. The result is a 407 Proxy Authentication Required on every HTTPS API call through an authenticated Squid proxy (e.g. IA's http-proxy.us.archive.org). Fix: before handing the URL to ProxyManager, check whether configuration.proxy_headers is already set (caller-supplied). If not, parse the URL, extract username:password, build the Proxy-Authorization header via urllib3.make_headers(proxy_basic_auth=) and strip the credentials from the URL. The full credentialed URL is preserved in configuration.proxy so the requests-based OAuth2 token leg (api_client.py) continues to work unchanged. Confirmed via proxy_test.py on ol-home0: Approach A (URL-only): 407 Proxy Authentication Required Approach B (proxy_headers): 400 from creatorsapi.amazon (connected)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes two independent gaps that prevented
AmazonCreatorsApifrom routing traffic through an HTTP proxy. Closes #149.Problem 1 — no proxy parameter:
AmazonCreatorsApi.__init__createdApiClientwithout aConfiguration, soconfiguration.proxywas alwaysNone.RESTClientObjectalready handledurllib3.ProxyManagerwhenconfiguration.proxywas set — it just wasn't reachable from the public API.Problem 2 — token refresh bypassed proxy:
OAuth2TokenManager.refresh_token()calledrequests.post()directly. Even with proxy config wired, token refresh on cold cache (worker restart, token expiry) still went direct.Changes
amazon_creatorsapi/api.py— addsproxy: str | None = NonetoAmazonCreatorsApi.__init__; builds aConfigurationwith it and passes toApiClientcreatorsapi_python_sdk/api_client.py— extractsconfiguration.proxywhen lazily initialising_token_managerand passes it as aproxiesdictcreatorsapi_python_sdk/auth/oauth2_token_manager.py— acceptsproxiesin__init__;refresh_token()usesrequests.Sessionwith.proxiesset. Applies to both LWA (v3.x) and Cognito (v2.x) flowsUsage
Tests
tests/amazon_creatorsapi/api_test.py— 2 new tests verifyingconfiguration.proxyis set (orNone) onApiClientbased on theproxyparamtests/amazon_creatorsapi/oauth2_token_manager_test.py— new file, 3 tests: proxy applied on Cognito refresh, proxy applied on LWA refresh, no proxy → session not configured39 tests passing, no regressions.
Known limitations
proxy_headers(for cases where credentials cannot be embedded in the URL) is not yet exposed. The current interface covers the common case of credential-bearing proxy URLs.Real-world context
This unblocks Internet Archive / Open Library, which runs behind an authenticated Squid proxy and currently carries two workarounds:
This PR was developed with Claude (claude-sonnet-4-6) as co-author.