Add origin checks to web sockets (#6048)

* Move splitOnFirstEquals to util I will be making use of this to parse the forwarded header. * Type splitOnFirstEquals with two items Also add some test cases. * Check origin header on web sockets * Update changelog with origin check * Fix web sockets not closing with error code
2023-03-03 09:12:34 +00:00
parent a47cd81d8c
commit d477972c68
17 changed files with 354 additions and 102 deletions
--- a/test/unit/node/routes/health.test.ts
+++ b/test/unit/node/routes/health.test.ts
@ -23,7 +23,9 @@ describe("health", () => {
    codeServer = await integration.setup(["--auth=none"], "")
    const ws = codeServer.ws("/healthz")
    const message = await new Promise((resolve, reject) => {
-      ws.on("error", console.error)
+      ws.on("error", (err) => {
+        console.error("[healthz]", err)
+      })
      ws.on("message", (message) => {
        try {
          const j = JSON.parse(message.toString())
--- a/test/unit/node/routes/vscode.test.ts
+++ b/test/unit/node/routes/vscode.test.ts
@ -0,0 +1,30 @@
+import * as httpserver from "../../../utils/httpserver"
+import * as integration from "../../../utils/integration"
+import { mockLogger } from "../../../utils/helpers"
+
+describe("vscode", () => {
+  let codeServer: httpserver.HttpServer | undefined
+  beforeEach(() => {
+    mockLogger()
+  })
+
+  afterEach(async () => {
+    if (codeServer) {
+      await codeServer.dispose()
+      codeServer = undefined
+    }
+    jest.clearAllMocks()
+  })
+
+  it("should fail origin check", async () => {
+    await expect(async () => {
+      codeServer = await integration.setup(["--auth=none"], "")
+      await codeServer.wsWait("/vscode", {
+        headers: {
+          host: "localhost:8080",
+          origin: "https://evil.org",
+        },
+      })
+    }).rejects.toThrow()
+  })
+})