parent
91f49e1efd
commit
e7945bea94
@ -73,9 +73,9 @@ yarn binary ${vscodeVersion} ${codeServerVersion} # Or you can package it into a
|
||||
## Security
|
||||
|
||||
### Authentication
|
||||
To enable built-in password authentication use `code-server --auth password`. By
|
||||
default it will use a randomly generated password but you can set the
|
||||
`$PASSWORD` environment variable to use your own.
|
||||
By default `code-server` enables password authentication using a randomly
|
||||
generated password. You can set the `PASSWORD` environment variable to use your
|
||||
own instead or use `--auth none` to disable password authentication.
|
||||
|
||||
Do not expose `code-server` to the open internet without some form of
|
||||
authentication.
|
||||
|
@ -86,7 +86,7 @@ const startVscode = async (): Promise<void | void[]> => {
|
||||
const args = getArgs();
|
||||
const extra = args["_"] || [];
|
||||
const options = {
|
||||
auth: args.auth,
|
||||
auth: args.auth || AuthType.Password,
|
||||
basePath: args["base-path"],
|
||||
cert: args.cert,
|
||||
certKey: args["cert-key"],
|
||||
@ -95,9 +95,9 @@ const startVscode = async (): Promise<void | void[]> => {
|
||||
password: process.env.PASSWORD,
|
||||
};
|
||||
|
||||
if (options.auth && enumToArray(AuthType).filter((t) => t === options.auth).length === 0) {
|
||||
if (enumToArray(AuthType).filter((t) => t === options.auth).length === 0) {
|
||||
throw new Error(`'${options.auth}' is not a valid authentication type.`);
|
||||
} else if (options.auth && !options.password) {
|
||||
} else if (options.auth === "password" && !options.password) {
|
||||
options.password = await generatePassword();
|
||||
}
|
||||
|
||||
@ -125,10 +125,13 @@ const startVscode = async (): Promise<void | void[]> => {
|
||||
]);
|
||||
logger.info(`Server listening on ${serverAddress}`);
|
||||
|
||||
if (options.auth && !process.env.PASSWORD) {
|
||||
if (options.auth === "password" && !process.env.PASSWORD) {
|
||||
logger.info(` - Password is ${options.password}`);
|
||||
logger.info(" - To use your own password, set the PASSWORD environment variable");
|
||||
} else if (options.auth) {
|
||||
logger.info(" - To use your own password, set the PASSWORD environment variable");
|
||||
if (!args.auth) {
|
||||
logger.info(" - To disable use `--auth none`");
|
||||
}
|
||||
} else if (options.auth === "password") {
|
||||
logger.info(" - Using custom password for authentication");
|
||||
} else {
|
||||
logger.info(" - No authentication");
|
||||
|
@ -110,7 +110,7 @@ export class HttpError extends Error {
|
||||
}
|
||||
|
||||
export interface ServerOptions {
|
||||
readonly auth?: AuthType;
|
||||
readonly auth: AuthType;
|
||||
readonly basePath?: string;
|
||||
readonly connectionToken?: string;
|
||||
readonly cert?: string;
|
||||
@ -133,7 +133,7 @@ export abstract class Server {
|
||||
|
||||
public constructor(options: ServerOptions) {
|
||||
this.options = {
|
||||
host: options.auth && options.cert ? "0.0.0.0" : "localhost",
|
||||
host: options.auth === "password" && options.cert ? "0.0.0.0" : "localhost",
|
||||
...options,
|
||||
basePath: options.basePath ? options.basePath.replace(/\/+$/, "") : "",
|
||||
};
|
||||
@ -269,7 +269,7 @@ export abstract class Server {
|
||||
base = path.normalize(base);
|
||||
requestPath = path.normalize(requestPath || "/index.html");
|
||||
|
||||
if (base !== "/login" || !this.options.auth || requestPath !== "/index.html") {
|
||||
if (base !== "/login" || this.options.auth !== "password" || requestPath !== "/index.html") {
|
||||
this.ensureGet(request);
|
||||
}
|
||||
|
||||
@ -300,7 +300,7 @@ export abstract class Server {
|
||||
response.cache = true;
|
||||
return response;
|
||||
case "/login":
|
||||
if (!this.options.auth || requestPath !== "/index.html") {
|
||||
if (this.options.auth !== "password" || requestPath !== "/index.html") {
|
||||
throw new HttpError("Not found", HttpCode.NotFound);
|
||||
}
|
||||
return this.tryLogin(request);
|
||||
@ -421,7 +421,7 @@ export abstract class Server {
|
||||
}
|
||||
|
||||
private authenticate(request: http.IncomingMessage, payload?: LoginPayload): boolean {
|
||||
if (!this.options.auth) {
|
||||
if (this.options.auth !== "password") {
|
||||
return true;
|
||||
}
|
||||
const safeCompare = localRequire<typeof import("safe-compare")>("safe-compare/index");
|
||||
|
@ -14,6 +14,7 @@ import { mkdirp } from "vs/base/node/pfs";
|
||||
|
||||
export enum AuthType {
|
||||
Password = "password",
|
||||
None = "none",
|
||||
}
|
||||
|
||||
export enum FormatType {
|
||||
@ -127,7 +128,7 @@ export const enumToArray = (t: any): string[] => {
|
||||
|
||||
export const buildAllowedMessage = (t: any): string => {
|
||||
const values = enumToArray(t);
|
||||
return `Allowed value${values.length === 1 ? " is" : "s are"} ${values.map((t) => `'${t}'`).join(",")}`;
|
||||
return `Allowed value${values.length === 1 ? " is" : "s are"} ${values.map((t) => `'${t}'`).join(", ")}`;
|
||||
};
|
||||
|
||||
/**
|
||||
|
Reference in New Issue
Block a user