code-server/src/node/routes/index.ts

import { logger } from "@coder/logger"
import bodyParser from "body-parser"
import cookieParser from "cookie-parser"
import * as express from "express"
import { promises as fs } from "fs"
import http from "http"
import * as path from "path"
import * as tls from "tls"
import { HttpCode, HttpError } from "../../common/http"
import { plural } from "../../common/util"
import { AuthType, DefaultedArgs } from "../cli"
import { rootPath } from "../constants"
import { Heart } from "../heart"
import { replaceTemplates, redirect } from "../http"
import { PluginAPI } from "../plugin"
import { getMediaMime, paths } from "../util"
import { WebsocketRequest } from "../wsRouter"
import * as apps from "./apps"
import * as domainProxy from "./domainProxy"
import * as health from "./health"
import * as login from "./login"
import * as proxy from "./pathProxy"
// static is a reserved keyword.
import * as _static from "./static"
import * as update from "./update"
import * as vscode from "./vscode"

declare global {
  // eslint-disable-next-line @typescript-eslint/no-namespace
  namespace Express {
    export interface Request {
      args: DefaultedArgs
      heart: Heart
    }
  }
}

/**
 * Register all routes and middleware.
 */
export const register = async (
  app: express.Express,
  wsApp: express.Express,
  server: http.Server,
  args: DefaultedArgs,
): Promise<void> => {
  const heart = new Heart(path.join(paths.data, "heartbeat"), async () => {
    return new Promise((resolve, reject) => {
      server.getConnections((error, count) => {
        if (error) {
          return reject(error)
        }
        logger.trace(plural(count, `${count} active connection`))
        resolve(count > 0)
      })
    })
  })

  app.disable("x-powered-by")
  wsApp.disable("x-powered-by")

  app.use(cookieParser())
  wsApp.use(cookieParser())

  app.use(bodyParser.json())
  app.use(bodyParser.urlencoded({ extended: true }))

  const common: express.RequestHandler = (req, _, next) => {
    // /healthz|/healthz/ needs to be excluded otherwise health checks will make
    // it look like code-server is always in use.
    if (!/^\/healthz\/?$/.test(req.url)) {
      heart.beat()
    }

    // Add common variables routes can use.
    req.args = args
    req.heart = heart

    next()
  }

  app.use(common)
  wsApp.use(common)

  app.use(async (req, res, next) => {
    // If we're handling TLS ensure all requests are redirected to HTTPS.
    // TODO: This does *NOT* work if you have a base path since to specify the
    // protocol we need to specify the whole path.
    if (args.cert && !(req.connection as tls.TLSSocket).encrypted) {
      return res.redirect(`https://${req.headers.host}${req.originalUrl}`)
    }

    // Return robots.txt.
    if (req.originalUrl === "/robots.txt") {
      const resourcePath = path.resolve(rootPath, "src/browser/robots.txt")
      res.set("Content-Type", getMediaMime(resourcePath))
      return res.send(await fs.readFile(resourcePath))
    }

    next()
  })

  app.use("/", domainProxy.router)
  wsApp.use("/", domainProxy.wsRouter.router)

  app.use("/", vscode.router)
  wsApp.use("/", vscode.wsRouter.router)
  app.use("/vscode", vscode.router)
  wsApp.use("/vscode", vscode.wsRouter.router)

  app.use("/healthz", health.router)

  if (args.auth === AuthType.Password) {
    app.use("/login", login.router)
  } else {
    app.all("/login", (req, res) => {
      redirect(req, res, "/", {})
    })
  }

  app.use("/proxy", proxy.router)
  wsApp.use("/proxy", proxy.wsRouter.router)

  app.use("/static", _static.router)
  app.use("/update", update.router)

  const papi = new PluginAPI(logger, process.env.CS_PLUGIN, process.env.CS_PLUGIN_PATH)
  await papi.loadPlugins()
  papi.mount(app)
  app.use("/api/applications", apps.router(papi))

  app.use(() => {
    throw new HttpError("Not Found", HttpCode.NotFound)
  })

  const errorHandler: express.ErrorRequestHandler = async (err, req, res, next) => {
    if (err.code === "ENOENT" || err.code === "EISDIR") {
      err.status = HttpCode.NotFound
    }

    const status = err.status ?? err.statusCode ?? 500
    res.status(status)

    // Assume anything that explicitly accepts text/html is a user browsing a
    // page (as opposed to an xhr request). Don't use `req.accepts()` since
    // *every* request that I've seen (in Firefox and Chromium at least)
    // includes `*/*` making it always truthy. Even for css/javascript.
    if (req.headers.accept && req.headers.accept.includes("text/html")) {
      const resourcePath = path.resolve(rootPath, "src/browser/pages/error.html")
      res.set("Content-Type", getMediaMime(resourcePath))
      const content = await fs.readFile(resourcePath, "utf8")
      res.send(
        replaceTemplates(req, content)
          .replace(/{{ERROR_TITLE}}/g, status)
          .replace(/{{ERROR_HEADER}}/g, status)
          .replace(/{{ERROR_BODY}}/g, err.message),
      )
    } else {
      res.json({
        error: err.message,
        ...(err.details || {}),
      })
    }
  }

  app.use(errorHandler)

  const wsErrorHandler: express.ErrorRequestHandler = async (err, req) => {
    logger.error(`${err.message} ${err.stack}`)
    ;(req as WebsocketRequest).ws.end()
  }

  wsApp.use(wsErrorHandler)
}
Convert routes to Express 2020-10-21 01:05:58 +02:00			`import { logger } from "@coder/logger"`
			`import bodyParser from "body-parser"`
			`import cookieParser from "cookie-parser"`
Move websocket routes into a separate app This is mostly so we don't have to do any wacky patching but it also makes it so we don't have to keep checking if the request is a web socket request every time we add middleware. 2020-11-05 19:58:37 +01:00			`import * as express from "express"`
Convert routes to Express 2020-10-21 01:05:58 +02:00			`import { promises as fs } from "fs"`
			`import http from "http"`
			`import * as path from "path"`
			`import * as tls from "tls"`
			`import { HttpCode, HttpError } from "../../common/http"`
			`import { plural } from "../../common/util"`
			`import { AuthType, DefaultedArgs } from "../cli"`
			`import { rootPath } from "../constants"`
			`import { Heart } from "../heart"`
routes: Redirect from /login when auth is disabled (#2456) Sometimes I start with auth but then disable. Now I can just reload the login page in my browser to be greeted with code-server. 2020-12-14 18:33:36 +01:00			`import { replaceTemplates, redirect } from "../http"`
src/node/plugin.ts: Implement new plugin API 2020-10-30 08:18:45 +01:00			`import { PluginAPI } from "../plugin"`
Convert routes to Express 2020-10-21 01:05:58 +02:00			`import { getMediaMime, paths } from "../util"`
Move websocket routes into a separate app This is mostly so we don't have to do any wacky patching but it also makes it so we don't have to keep checking if the request is a web socket request every time we add middleware. 2020-11-05 19:58:37 +01:00			`import { WebsocketRequest } from "../wsRouter"`
plugin: Fixes for CI 2020-11-04 03:53:16 +01:00			`import * as apps from "./apps"`
Fix formatting 2020-11-06 20:46:49 +01:00			`import * as domainProxy from "./domainProxy"`
Convert routes to Express 2020-10-21 01:05:58 +02:00			`import * as health from "./health"`
			`import * as login from "./login"`
Move domain proxy to routes This matches better with the other routes. Also add a missing authentication check to the path proxy web socket. 2020-11-05 23:45:58 +01:00			`import * as proxy from "./pathProxy"`
Convert routes to Express 2020-10-21 01:05:58 +02:00			`// static is a reserved keyword.`
			`import * as _static from "./static"`
			`import * as update from "./update"`
			`import * as vscode from "./vscode"`

			`declare global {`
			`// eslint-disable-next-line @typescript-eslint/no-namespace`
			`namespace Express {`
			`export interface Request {`
			`args: DefaultedArgs`
			`heart: Heart`
			`}`
			`}`
			`}`

			`/**`
			`* Register all routes and middleware.`
			`*/`
Move websocket routes into a separate app This is mostly so we don't have to do any wacky patching but it also makes it so we don't have to keep checking if the request is a web socket request every time we add middleware. 2020-11-05 19:58:37 +01:00			`export const register = async (`
			`app: express.Express,`
			`wsApp: express.Express,`
			`server: http.Server,`
			`args: DefaultedArgs,`
			`): Promise<void> => {`
Convert routes to Express 2020-10-21 01:05:58 +02:00			`const heart = new Heart(path.join(paths.data, "heartbeat"), async () => {`
			`return new Promise((resolve, reject) => {`
			`server.getConnections((error, count) => {`
			`if (error) {`
			`return reject(error)`
			`}`
			logger.trace(plural(count, `${count} active connection`))
			`resolve(count > 0)`
			`})`
			`})`
			`})`

			`app.disable("x-powered-by")`
Move websocket routes into a separate app This is mostly so we don't have to do any wacky patching but it also makes it so we don't have to keep checking if the request is a web socket request every time we add middleware. 2020-11-05 19:58:37 +01:00			`wsApp.disable("x-powered-by")`
Convert routes to Express 2020-10-21 01:05:58 +02:00
			`app.use(cookieParser())`
Move websocket routes into a separate app This is mostly so we don't have to do any wacky patching but it also makes it so we don't have to keep checking if the request is a web socket request every time we add middleware. 2020-11-05 19:58:37 +01:00			`wsApp.use(cookieParser())`

Convert routes to Express 2020-10-21 01:05:58 +02:00			`app.use(bodyParser.json())`
			`app.use(bodyParser.urlencoded({ extended: true }))`

Move websocket routes into a separate app This is mostly so we don't have to do any wacky patching but it also makes it so we don't have to keep checking if the request is a web socket request every time we add middleware. 2020-11-05 19:58:37 +01:00			`const common: express.RequestHandler = (req, _, next) => {`
Skip heartbeat on /healthz endpoint (#2333) I managed to lose this in the rewrite. Fixes #2327. 2020-11-18 19:19:08 +01:00			`// /healthz\|/healthz/ needs to be excluded otherwise health checks will make`
			`// it look like code-server is always in use.`
			`if (!/^\/healthz\/?$/.test(req.url)) {`
			`heart.beat()`
			`}`
Convert routes to Express 2020-10-21 01:05:58 +02:00
Move websocket routes into a separate app This is mostly so we don't have to do any wacky patching but it also makes it so we don't have to keep checking if the request is a web socket request every time we add middleware. 2020-11-05 19:58:37 +01:00			`// Add common variables routes can use.`
			`req.args = args`
			`req.heart = heart`

			`next()`
			`}`

			`app.use(common)`
			`wsApp.use(common)`

			`app.use(async (req, res, next) => {`
Convert routes to Express 2020-10-21 01:05:58 +02:00			`// If we're handling TLS ensure all requests are redirected to HTTPS.`
			`// TODO: This does NOT work if you have a base path since to specify the`
			`// protocol we need to specify the whole path.`
			`if (args.cert && !(req.connection as tls.TLSSocket).encrypted) {`
			return res.redirect(`https://${req.headers.host}${req.originalUrl}`)
			`}`

			`// Return robots.txt.`
			`if (req.originalUrl === "/robots.txt") {`
			`const resourcePath = path.resolve(rootPath, "src/browser/robots.txt")`
			`res.set("Content-Type", getMediaMime(resourcePath))`
			`return res.send(await fs.readFile(resourcePath))`
			`}`

Move websocket routes into a separate app This is mostly so we don't have to do any wacky patching but it also makes it so we don't have to keep checking if the request is a web socket request every time we add middleware. 2020-11-05 19:58:37 +01:00			`next()`
Convert routes to Express 2020-10-21 01:05:58 +02:00			`})`

			`app.use("/", domainProxy.router)`
Move websocket routes into a separate app This is mostly so we don't have to do any wacky patching but it also makes it so we don't have to keep checking if the request is a web socket request every time we add middleware. 2020-11-05 19:58:37 +01:00			`wsApp.use("/", domainProxy.wsRouter.router)`

Convert routes to Express 2020-10-21 01:05:58 +02:00			`app.use("/", vscode.router)`
Move websocket routes into a separate app This is mostly so we don't have to do any wacky patching but it also makes it so we don't have to keep checking if the request is a web socket request every time we add middleware. 2020-11-05 19:58:37 +01:00			`wsApp.use("/", vscode.wsRouter.router)`
			`app.use("/vscode", vscode.router)`
			`wsApp.use("/vscode", vscode.wsRouter.router)`

Convert routes to Express 2020-10-21 01:05:58 +02:00			`app.use("/healthz", health.router)`
Move websocket routes into a separate app This is mostly so we don't have to do any wacky patching but it also makes it so we don't have to keep checking if the request is a web socket request every time we add middleware. 2020-11-05 19:58:37 +01:00
Convert routes to Express 2020-10-21 01:05:58 +02:00			`if (args.auth === AuthType.Password) {`
			`app.use("/login", login.router)`
routes: Redirect from /login when auth is disabled (#2456) Sometimes I start with auth but then disable. Now I can just reload the login page in my browser to be greeted with code-server. 2020-12-14 18:33:36 +01:00			`} else {`
			`app.all("/login", (req, res) => {`
			`redirect(req, res, "/", {})`
			`})`
Convert routes to Express 2020-10-21 01:05:58 +02:00			`}`
Move websocket routes into a separate app This is mostly so we don't have to do any wacky patching but it also makes it so we don't have to keep checking if the request is a web socket request every time we add middleware. 2020-11-05 19:58:37 +01:00
Convert routes to Express 2020-10-21 01:05:58 +02:00			`app.use("/proxy", proxy.router)`
Move websocket routes into a separate app This is mostly so we don't have to do any wacky patching but it also makes it so we don't have to keep checking if the request is a web socket request every time we add middleware. 2020-11-05 19:58:37 +01:00			`wsApp.use("/proxy", proxy.wsRouter.router)`

Convert routes to Express 2020-10-21 01:05:58 +02:00			`app.use("/static", _static.router)`
			`app.use("/update", update.router)`

src/node/plugin.ts: Implement new plugin API 2020-10-30 08:18:45 +01:00			`const papi = new PluginAPI(logger, process.env.CS_PLUGIN, process.env.CS_PLUGIN_PATH)`
			`await papi.loadPlugins()`
			`papi.mount(app)`
routes/apps.ts: Implement /api/applications endpoint 2020-11-04 03:14:14 +01:00			`app.use("/api/applications", apps.router(papi))`
Convert routes to Express 2020-10-21 01:05:58 +02:00
			`app.use(() => {`
			`throw new HttpError("Not Found", HttpCode.NotFound)`
			`})`

node/routes: Fix error handling We should always send HTML if the user agent expects it. If they do not, they should clearly indicate such via the Accept header. Closes #2297 2020-11-13 21:32:47 +01:00			`const errorHandler: express.ErrorRequestHandler = async (err, req, res, next) => {`
Handle errors for JSON requests Previously it would have just given them the error HTML. 2020-11-05 22:19:15 +01:00			`if (err.code === "ENOENT" \|\| err.code === "EISDIR") {`
			`err.status = HttpCode.NotFound`
			`}`

			`const status = err.status ?? err.statusCode ?? 500`
			`res.status(status)`

node/routes: Fix error handling We should always send HTML if the user agent expects it. If they do not, they should clearly indicate such via the Accept header. Closes #2297 2020-11-13 21:32:47 +01:00			`// Assume anything that explicitly accepts text/html is a user browsing a`
			// page (as opposed to an xhr request). Don't use `req.accepts()` since
			`// every request that I've seen (in Firefox and Chromium at least)`
			// includes `/` making it always truthy. Even for css/javascript.
			`if (req.headers.accept && req.headers.accept.includes("text/html")) {`
Handle errors for JSON requests Previously it would have just given them the error HTML. 2020-11-05 22:19:15 +01:00			`const resourcePath = path.resolve(rootPath, "src/browser/pages/error.html")`
			`res.set("Content-Type", getMediaMime(resourcePath))`
Convert routes to Express 2020-10-21 01:05:58 +02:00			`const content = await fs.readFile(resourcePath, "utf8")`
Handle errors for JSON requests Previously it would have just given them the error HTML. 2020-11-05 22:19:15 +01:00			`res.send(`
Convert routes to Express 2020-10-21 01:05:58 +02:00			`replaceTemplates(req, content)`
Fix error handler types 2020-10-27 23:18:44 +01:00			`.replace(/{{ERROR_TITLE}}/g, status)`
			`.replace(/{{ERROR_HEADER}}/g, status)`
Convert routes to Express 2020-10-21 01:05:58 +02:00			`.replace(/{{ERROR_BODY}}/g, err.message),`
			`)`
node/routes: Fix error handling We should always send HTML if the user agent expects it. If they do not, they should clearly indicate such via the Accept header. Closes #2297 2020-11-13 21:32:47 +01:00			`} else {`
			`res.json({`
			`error: err.message,`
			`...(err.details \|\| {}),`
			`})`
Convert routes to Express 2020-10-21 01:05:58 +02:00			`}`
Fix error handler types 2020-10-27 23:18:44 +01:00			`}`

			`app.use(errorHandler)`
Move websocket routes into a separate app This is mostly so we don't have to do any wacky patching but it also makes it so we don't have to keep checking if the request is a web socket request every time we add middleware. 2020-11-05 19:58:37 +01:00
			`const wsErrorHandler: express.ErrorRequestHandler = async (err, req) => {`
			logger.error(`${err.message} ${err.stack}`)
Close sockets correctly 2020-11-11 00:52:02 +01:00			`;(req as WebsocketRequest).ws.end()`
Move websocket routes into a separate app This is mostly so we don't have to do any wacky patching but it also makes it so we don't have to keep checking if the request is a web socket request every time we add middleware. 2020-11-05 19:58:37 +01:00			`}`

			`wsApp.use(wsErrorHandler)`
Convert routes to Express 2020-10-21 01:05:58 +02:00			`}`