From 58c1be57fa92cbf7ccd002cf04d5cc62b182c481 Mon Sep 17 00:00:00 2001 From: Asher Date: Thu, 10 Dec 2020 15:59:24 -0600 Subject: [PATCH 1/4] Implement callback endpoints VS Code uses these during the authentication flow. --- src/common/util.ts | 11 ++++ src/node/routes/static.ts | 5 +- src/node/routes/vscode.ts | 107 +++++++++++++++++++++++++++++++++++++- 3 files changed, 120 insertions(+), 3 deletions(-) diff --git a/src/common/util.ts b/src/common/util.ts index 7baa355ad..67e182cea 100644 --- a/src/common/util.ts +++ b/src/common/util.ts @@ -101,3 +101,14 @@ export const arrayify = (value?: T | T[]): T[] => { } return [value] } + +/** + * Get the first string. If there's no string return undefined. + */ +export const getFirstString = (value: string | string[] | object | undefined): string | undefined => { + if (Array.isArray(value)) { + return value[0] + } + + return typeof value !== "object" ? value : undefined +} diff --git a/src/node/routes/static.ts b/src/node/routes/static.ts index 22bdd8d24..30eed0316 100644 --- a/src/node/routes/static.ts +++ b/src/node/routes/static.ts @@ -6,6 +6,7 @@ import { Readable } from "stream" import * as tarFs from "tar-fs" import * as zlib from "zlib" import { HttpCode, HttpError } from "../../common/http" +import { getFirstString } from "../../common/util" import { rootPath } from "../constants" import { authenticated, ensureAuthenticated, replaceTemplates } from "../http" import { getMediaMime, pathToFsPath } from "../util" @@ -15,8 +16,8 @@ export const router = Router() // The commit is for caching. router.get("/(:commit)(/*)?", async (req, res) => { // Used by VS Code to load extensions into the web worker. - const tar = Array.isArray(req.query.tar) ? req.query.tar[0] : req.query.tar - if (typeof tar === "string") { + const tar = getFirstString(req.query.tar) + if (tar) { ensureAuthenticated(req) let stream: Readable = tarFs.pack(pathToFsPath(tar)) if (req.headers["accept-encoding"] && req.headers["accept-encoding"].includes("gzip")) { diff --git a/src/node/routes/vscode.ts b/src/node/routes/vscode.ts index 373dd4ce7..85d902d31 100644 --- a/src/node/routes/vscode.ts +++ b/src/node/routes/vscode.ts @@ -1,7 +1,11 @@ import * as crypto from "crypto" -import { Router } from "express" +import { Request, Router } from "express" import { promises as fs } from "fs" import * as path from "path" +import qs from "qs" +import { Emitter } from "../../common/emitter" +import { HttpCode, HttpError } from "../../common/http" +import { getFirstString } from "../../common/util" import { commit, rootPath, version } from "../constants" import { authenticated, ensureAuthenticated, redirect, replaceTemplates } from "../http" import { getMediaMime, pathToFsPath } from "../util" @@ -86,6 +90,107 @@ router.get("/webview/*", ensureAuthenticated, async (req, res) => { ) }) +interface Callback { + uri: { + scheme: string + authority?: string + path?: string + query?: string + fragment?: string + } + timeout: NodeJS.Timeout +} + +const callbacks = new Map() +const callbackEmitter = new Emitter<{ id: string; callback: Callback }>() + +/** + * Get vscode-requestId from the query and throw if it's missing or invalid. + */ +const getRequestId = (req: Request): string => { + if (!req.query["vscode-requestId"]) { + throw new HttpError("vscode-requestId is missing", HttpCode.BadRequest) + } + + if (typeof req.query["vscode-requestId"] !== "string") { + throw new HttpError("vscode-requestId is not a string", HttpCode.BadRequest) + } + + return req.query["vscode-requestId"] +} + +// Matches VS Code's fetch timeout. +const fetchTimeout = 5 * 60 * 1000 + +// The callback endpoints are used during authentication. A URI is stored on +// /callback and then fetched later on /fetch-callback. +// See ../../../lib/vscode/resources/web/code-web.js +router.get("/callback", ensureAuthenticated, async (req, res) => { + const uriKeys = [ + "vscode-requestId", + "vscode-scheme", + "vscode-authority", + "vscode-path", + "vscode-query", + "vscode-fragment", + ] + + const id = getRequestId(req) + + // Move any query variables that aren't URI keys into the URI's query + // (importantly, this will include the code for oauth). + const query: qs.ParsedQs = {} + for (const key in req.query) { + if (!uriKeys.includes(key)) { + query[key] = req.query[key] + } + } + + const callback = { + uri: { + scheme: getFirstString(req.query["vscode-scheme"]) || "code-oss", + authority: getFirstString(req.query["vscode-authority"]), + path: getFirstString(req.query["vscode-path"]), + query: (getFirstString(req.query.query) ? getFirstString(req.query.query) + "&" : "") + qs.stringify(query), + fragment: getFirstString(req.query["vscode-fragment"]), + }, + // Make sure the map doesn't leak if nothing fetches this URI. + timeout: setTimeout(() => callbacks.delete(id), fetchTimeout), + } + + callbacks.set(id, callback) + callbackEmitter.emit({ id, callback }) + + res.sendFile(path.join(rootPath, "lib/vscode/resources/web/callback.html")) +}) + +router.get("/fetch-callback", ensureAuthenticated, async (req, res) => { + const id = getRequestId(req) + + const send = (callback: Callback) => { + clearTimeout(callback.timeout) + callbacks.delete(id) + res.json(callback.uri) + } + + const callback = callbacks.get(id) + if (callback) { + return send(callback) + } + + // VS Code will try again if the route returns no content but it seems more + // efficient to just wait on this request for as long as possible? + const handler = callbackEmitter.event(({ id: emitId, callback }) => { + if (id === emitId) { + handler.dispose() + send(callback) + } + }) + + // If the client closes the connection. + req.on("close", () => handler.dispose()) +}) + export const wsRouter = WsRouter() wsRouter.ws("/", ensureAuthenticated, async (req) => { From 3cc74ccd799ebc484fc7f04ab0b4d33de99ea0b2 Mon Sep 17 00:00:00 2001 From: Asher Date: Wed, 16 Dec 2020 13:43:42 -0600 Subject: [PATCH 2/4] Point to our auth relay --- lib/vscode/extensions/github-authentication/src/githubServer.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/vscode/extensions/github-authentication/src/githubServer.ts b/lib/vscode/extensions/github-authentication/src/githubServer.ts index 55c0e4ef4..421bb7dea 100644 --- a/lib/vscode/extensions/github-authentication/src/githubServer.ts +++ b/lib/vscode/extensions/github-authentication/src/githubServer.ts @@ -13,7 +13,7 @@ import Logger from './common/logger'; const localize = nls.loadMessageBundle(); export const NETWORK_ERROR = 'network error'; -const AUTH_RELAY_SERVER = 'vscode-auth.github.com'; +const AUTH_RELAY_SERVER = 'auth.code-server.dev'; class UriEventHandler extends vscode.EventEmitter implements vscode.UriHandler { public handleUri(uri: vscode.Uri) { From d14c2e5bb7f1e3b1df1eed26e6c95eac7e4a13d9 Mon Sep 17 00:00:00 2001 From: Asher Date: Fri, 18 Dec 2020 11:21:06 -0600 Subject: [PATCH 3/4] Swap negative check for positive check --- src/common/util.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/util.ts b/src/common/util.ts index 67e182cea..b4f66be24 100644 --- a/src/common/util.ts +++ b/src/common/util.ts @@ -110,5 +110,5 @@ export const getFirstString = (value: string | string[] | object | undefined): s return value[0] } - return typeof value !== "object" ? value : undefined + return typeof value === "string" ? value : undefined } From 5f7f7f1a92b9c2a006fb3a695ff4c51c26bc0015 Mon Sep 17 00:00:00 2001 From: Asher Date: Fri, 18 Dec 2020 11:21:32 -0600 Subject: [PATCH 4/4] Simplify query concatenation in URL callback Cases in URLs like ?&a=b or ?a=b& appear to be handled just fine. --- src/node/routes/vscode.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/node/routes/vscode.ts b/src/node/routes/vscode.ts index 85d902d31..38ac42bb1 100644 --- a/src/node/routes/vscode.ts +++ b/src/node/routes/vscode.ts @@ -151,7 +151,7 @@ router.get("/callback", ensureAuthenticated, async (req, res) => { scheme: getFirstString(req.query["vscode-scheme"]) || "code-oss", authority: getFirstString(req.query["vscode-authority"]), path: getFirstString(req.query["vscode-path"]), - query: (getFirstString(req.query.query) ? getFirstString(req.query.query) + "&" : "") + qs.stringify(query), + query: (getFirstString(req.query.query) || "") + "&" + qs.stringify(query), fragment: getFirstString(req.query["vscode-fragment"]), }, // Make sure the map doesn't leak if nothing fetches this URI.