Force certificates
This commit is contained in:
parent
e8174095ca
commit
43048c6d12
@ -3,14 +3,14 @@
|
|||||||
|
|
||||||
<head>
|
<head>
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1">
|
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1">
|
||||||
<title>Coder</title>
|
<title>Authenticate: code-server</title>
|
||||||
</head>
|
</head>
|
||||||
|
|
||||||
<body>
|
<body>
|
||||||
<div class="login">
|
<div class="login">
|
||||||
<div class="back">
|
<div class="back">
|
||||||
<- Back </div>
|
<- Back </div>
|
||||||
<!-- <h4 class="title">AWS Cloud</h4> -->
|
<h4 class="title">code-server</h4>
|
||||||
<h2 class="subtitle">
|
<h2 class="subtitle">
|
||||||
Enter server password
|
Enter server password
|
||||||
</h2>
|
</h2>
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
import * as fs from "fs";
|
import * as fs from "fs";
|
||||||
import * as path from "path";
|
import * as path from "path";
|
||||||
|
import * as os from "os";
|
||||||
import { isCli, buildDir } from "./constants";
|
import { isCli, buildDir } from "./constants";
|
||||||
|
|
||||||
declare var __non_webpack_require__: typeof require;
|
declare var __non_webpack_require__: typeof require;
|
||||||
@ -19,7 +20,7 @@ export const setup = (dataDirectory: string): void => {
|
|||||||
}
|
}
|
||||||
|
|
||||||
return currentDir;
|
return currentDir;
|
||||||
}); // Might need path.sep here for linux. Having it for windows causes an error because \C:\Users ...
|
}, os.platform() === "win32" ? undefined! : path.sep); // Might need path.sep here for linux. Having it for windows causes an error because \C:\Users ...
|
||||||
|
|
||||||
const unpackModule = (moduleName: string): void => {
|
const unpackModule = (moduleName: string): void => {
|
||||||
const memFile = path.join(isCli ? buildDir! : path.join(__dirname, ".."), "build/dependencies", moduleName);
|
const memFile = path.join(isCli ? buildDir! : path.join(__dirname, ".."), "build/dependencies", moduleName);
|
||||||
|
@ -86,6 +86,18 @@ export const createApp = async (options: CreateAppOptions): Promise<{
|
|||||||
options.registerMiddleware(app);
|
options.registerMiddleware(app);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
interface CertificateInfo {
|
||||||
|
readonly key: string;
|
||||||
|
// tslint:disable-next-line:no-any
|
||||||
|
readonly cert: any;
|
||||||
|
}
|
||||||
|
|
||||||
|
const certs = await new Promise<CertificateInfo>(async (resolve, reject): Promise<void> => {
|
||||||
|
const selfSignedKeyPath = path.join(options.serverOptions!.dataDirectory, "self-signed.key");
|
||||||
|
const selfSignedCertPath = path.join(options.serverOptions!.dataDirectory, "self-signed.cert");
|
||||||
|
|
||||||
|
if (!fs.existsSync(selfSignedKeyPath) || !fs.existsSync(selfSignedCertPath)) {
|
||||||
|
try {
|
||||||
const certs = await new Promise<pem.CertificateCreationResult>((res, rej): void => {
|
const certs = await new Promise<pem.CertificateCreationResult>((res, rej): void => {
|
||||||
pem.createCertificate({
|
pem.createCertificate({
|
||||||
selfSigned: true,
|
selfSigned: true,
|
||||||
@ -100,10 +112,20 @@ export const createApp = async (options: CreateAppOptions): Promise<{
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
const server = httpolyglot.createServer({
|
fs.writeFileSync(selfSignedKeyPath, certs.serviceKey);
|
||||||
key: certs.serviceKey,
|
fs.writeFileSync(selfSignedCertPath, certs.certificate);
|
||||||
cert: certs.certificate,
|
} catch (ex) {
|
||||||
}, app) as http.Server;
|
return reject(ex);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resolve({
|
||||||
|
cert: fs.readFileSync(selfSignedCertPath).toString(),
|
||||||
|
key: fs.readFileSync(selfSignedKeyPath).toString(),
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
const server = httpolyglot.createServer(options.httpsOptions || certs, app) as http.Server;
|
||||||
const wss = new ws.Server({ server });
|
const wss = new ws.Server({ server });
|
||||||
|
|
||||||
wss.shouldHandle = (req): boolean => {
|
wss.shouldHandle = (req): boolean => {
|
||||||
@ -161,6 +183,10 @@ export const createApp = async (options: CreateAppOptions): Promise<{
|
|||||||
const authStaticFunc = expressStaticGzip(path.join(baseDir, "build/web/auth"));
|
const authStaticFunc = expressStaticGzip(path.join(baseDir, "build/web/auth"));
|
||||||
const unauthStaticFunc = expressStaticGzip(path.join(baseDir, "build/web/unauth"));
|
const unauthStaticFunc = expressStaticGzip(path.join(baseDir, "build/web/unauth"));
|
||||||
app.use((req, res, next) => {
|
app.use((req, res, next) => {
|
||||||
|
if (!isEncrypted(req.socket)) {
|
||||||
|
return res.redirect(301, `https://${req.headers.host!}${req.path}`);
|
||||||
|
}
|
||||||
|
|
||||||
if (isAuthed(req)) {
|
if (isAuthed(req)) {
|
||||||
// We can serve the actual VSCode bin
|
// We can serve the actual VSCode bin
|
||||||
authStaticFunc(req, res, next);
|
authStaticFunc(req, res, next);
|
||||||
|
Reference in New Issue
Block a user