Joe Previte
923761cd78
refactor: password logic in http w/ isCookieValid
2021-06-08 14:33:16 -07:00
Joe Previte
6020480b30
feat: add isCookieValid function and tests
2021-06-08 14:33:16 -07:00
Joe Previte
409b473c82
refactor: rewrite password logic at /login
2021-06-08 14:33:15 -07:00
Joe Previte
a14ea39c4a
feat: add handlePasswordValidation + tests
2021-06-08 14:33:15 -07:00
Joe Previte
7ff4117531
feat: add getPasswordMethod & test for it
2021-06-08 14:33:15 -07:00
Joe Previte
ffa5c16e51
feat: update cli and test for hashed-password
2021-06-08 14:33:15 -07:00
Joe Previte
1134780b8b
refactor: make wsProxy async
2021-06-08 14:33:14 -07:00
Joe Previte
91303d4e40
refactor: make ensureAuthenticated async
2021-06-08 14:33:14 -07:00
Joe Previte
0cdbd33b46
refactor: make authenticated async everywhere
...
Since this checks if they are authenticated using the hash/password and it's
async, we need to update authenticated to be async, which means we have to
update it everywhere it's used.
2021-06-08 14:33:14 -07:00
Joe Previte
fcc3f0d951
refactor: update login logic with new async hashing
...
This adds the proper await logic for the hashing of passwords.
2021-06-08 14:33:13 -07:00
Joe Previte
70197bb2a5
refactor: use argon2 instead of bcrypt
...
This uses argon2 instead of bcrypt.
Note: this means the hash functions are now async which means we have to
refactor a lot of other code around auth.
2021-06-08 14:33:13 -07:00
Joe Previte
aaf044728f
refactor: add functions to check hash password
2021-06-08 14:33:12 -07:00
Joe Previte
cac667317e
refactor: use bcrypt in hash function
2021-06-08 14:33:11 -07:00
Joe Previte
46fe77d464
chore: update CHANGELOG
2021-05-13 12:10:22 -07:00
Joe Previte
d7f1415290
refactor: use paths.runtime in socket proxyPipe
2021-05-13 12:10:21 -07:00
Joe Previte
a57ee69822
feat: add runtime to getEnvPaths
2021-05-13 12:10:21 -07:00
Asher
a882be5748
Refactor integration tests to use main entry point
2021-05-05 12:24:41 -05:00
Asher
20e70cfa05
Remove try from main
...
All it does is log and exit which is what the caller will be doing on an
error anyway (see entry).
2021-05-05 12:24:36 -05:00
Asher
c96fb65308
Split some entry methods into main
...
This is so they can be unit tested.
2021-05-05 12:24:35 -05:00
Asher
083400b50a
Add flag to enable permessage-deflate
2021-05-05 12:24:34 -05:00
Asher
92bf2c9760
Add dev mode constant
2021-05-05 10:16:01 -05:00
Asher
a48ac5080b
Share common util code with VS Code
...
This lets us re-use the normalized base path so when we expire/clear the
cookie we use the same base path.
2021-05-04 13:29:40 -05:00
Asher
49c26f70f7
Add logout route
2021-05-04 13:29:39 -05:00
Asher
e7a527514a
Add authed context key
2021-05-03 15:00:54 -05:00
Joe Previte
cb65590b98
refactor: move tmpdir into src/node/constants
2021-04-23 14:35:32 -07:00
Asher
b9c80b8520
Merge pull request #3178 from code-asher/connections
...
Minor connections refactor
2021-04-21 12:22:45 -05:00
Asher
f0bafa387f
Move connection logic into connection class
...
- Moved everything I could into the class itself.
- Improve the logging situation a bit.
- Switch some trace logs to debug.
- Get debug port from message arguments.
2021-04-21 11:48:45 -05:00
Joe Previte
f80d5c3764
refactor: rateLimiter.canTry logic to check >= 1
2021-04-19 13:14:19 -07:00
Joe Previte
7a5042176e
fix: update logic for removing token from limiter
2021-04-19 11:12:43 -07:00
Joe Previte
a3f18d6158
refactor: change limiter.Try() to .removeToken()
2021-04-19 10:57:50 -07:00
Joe Previte
d8e45057c7
refactor: update rateLimiter to check try
...
This changes adds a new method called `.canTry` to the rate limiter to check if
there are tokens remaining in the bucket.
It also adds suggestions from @oxy to make sure the user can brute force past
the rate limiter.
2021-04-19 10:40:59 -07:00
Joe Previte
08521077f0
refactor(login): move rate limiter after successful login
...
Before, we weren't checking if a login was successful before counting it
against the rate limiter.
With this change, we only count unsuccessful logins against the rate limiter.
We did this because this was a bug but also because it caused problems with our
e2e tests hitting the rate limit.
2021-04-19 10:40:59 -07:00
Joe Previte
4683d8a077
fix: update comment and export rateLimiter
2021-04-19 10:40:58 -07:00
Asher
101c2a01f1
Fix tsc watch restarting when it shouldn't
...
It seems reaching into lib/vscode for the types caused tsc to establish
watches that caused it to restart over and over while vscode was
building.
The strategy used here is to symlink it instead which is the same thing
we do for the proxy agent.
2021-04-01 10:58:56 -05:00
Joe Previte
df6bfbbeaf
feat: bump ts-node to 9.1.1
2021-03-30 16:46:49 -07:00
Joe Previte
e4db80667e
refactor: use stdio correctly in wrapper
2021-03-29 14:05:59 -07:00
Asher
18ace7b906
Don't send permessage-deflate header if not supported ( #2993 )
2021-03-29 12:59:36 -05:00
Joe Previte
b04104cafe
Merge branch 'main' into jsjoeio/upgrade-vscode-1.54
2021-03-22 10:43:39 -07:00
dependabot[bot]
a8e2ede4f5
chore(deps): bump js-yaml from 3.14.0 to 4.0.0 ( #2920 )
...
* chore(deps): bump js-yaml from 3.14.0 to 4.0.0
Bumps [js-yaml](https://github.com/nodeca/js-yaml ) from 3.14.0 to 4.0.0.
- [Release notes](https://github.com/nodeca/js-yaml/releases )
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nodeca/js-yaml/compare/3.14.0...4.0.0 )
Signed-off-by: dependabot[bot] <support@github.com>
* fix(src/node): replace yaml.safeLoad with load
Also update @types/yaml to ^4.0.0.
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Akash Satheesan <akash@coder.com>
2021-03-18 16:30:10 -05:00
Joe Previte
071c8e15fc
Merge branch 'main' into jsjoeio/upgrade-vscode-1.54
2021-03-17 13:51:27 -07:00
repo-ranger[bot]
45a1713767
Merge pull request #2906 from bpmct/rename-cloud
...
rename references of "coder could"
2021-03-17 18:28:14 +00:00
Ben Potter
a097713829
remove references of coder could
2021-03-16 22:59:30 -04:00
Joe Previte
0c2708302d
refactor: remove --home flag/feature
...
We are removing this because it was removed upstream in PR~115599.
2021-03-16 14:25:28 -07:00
Asher
964ebe8d0a
Replace fs-extra with fs.promises
...
Remove the Mac directory copy instead of refactoring it since we've had
this for a long time now and I think it's safe to assume that users
running code-server on Mac don't have the old directory anymore.
2021-03-16 12:51:08 -05:00
Asher
5a1f62a8fb
Support permessage-deflate web socket extension ( #2846 )
2021-03-10 13:14:24 -06:00
Asher
4d3d1b844d
Handle permessage-deflate on sockets
...
With this the extension host is working again.
2021-03-02 17:18:49 -06:00
Joe Previte
b02d2fb3cc
feat: add cookie utils for e2e tests
2021-02-22 13:41:10 -07:00
Asher
2d8b785fb8
Fix health socket not getting client messages
...
Forgot to resume. Went ahead and did the same for the test plugin
although it only sends messages and doesn't receive any.
2021-02-16 15:01:46 -06:00
Asher
3fc556d4d5
Delegate authentication to plugins
...
Unfortunately since plugins can now override the root this is necessary
or just can't log in.
2021-02-12 16:50:23 -06:00
Asher
0abbc9789e
Allow plugins to register at the root
...
Unfortunately we have existing plugins with routes there which we cannot
move.
2021-02-12 15:19:26 -06:00
Asher
619934dc29
Authenticate plugin routes ( #2720 )
2021-02-12 14:56:39 -06:00
Justin Poehnelt
97c1399401
feat: use compression in express server ( #2680 )
2021-02-12 14:27:33 -06:00
Asher
8344e2062a
Merge pull request #2622 from cdr/plugin-additions
2021-02-10 16:45:00 -06:00
Asher
e4e0ac43b0
Don't load plugins in tests
...
This can affect the test behavior and results.
2021-02-09 15:39:57 -06:00
Asher
e098df0766
Fix code-server module not being provided in Jest
2021-02-09 15:23:08 -06:00
Asher
2879bd4c22
Add type alias for required modules
2021-02-09 13:09:41 -06:00
Asher
3226d50747
Rename papi to pluginApi
2021-02-09 13:09:40 -06:00
Asher
2fe3d57df3
Mount plugins before bodyParser
...
Otherwise it consumes the body and plugins won't be able to do things
like proxy POST requests.
2021-02-09 13:09:39 -06:00
Asher
c78f56b334
Expose HttpError to plugins
...
This will let them throw and show nice errors more easily.
2021-02-09 13:09:38 -06:00
Asher
22d194515a
Expose replaceTemplates to plugins
...
This is mainly so they can get relative paths in their HTML, in
particular code-server's static base so they can use the favicon and
service worker.
2021-02-09 13:09:37 -06:00
Asher
36aad9bdab
Move global express args definition
...
This way tests that import the http utilities but not the routes won't
error due to missing types.
2021-02-09 13:09:36 -06:00
Asher
5505959f7e
Expose websocket server to plugins
...
Same reasoning used when exposing Express.
2021-02-09 13:09:34 -06:00
Asher
b13db3124b
Add health websocket
...
This is used by some of our services.
2021-02-09 13:09:33 -06:00
Asher
f136a60093
Note that we immediately pause websockets
2021-02-09 13:09:32 -06:00
Asher
00cfd9bdf1
Add working directory to plugin config
2021-02-09 13:09:31 -06:00
Asher
3211eb1ce5
Expose log level to plugins
...
In case they need to map it to something else.
2021-02-09 13:09:30 -06:00
Asher
017b1cc633
Add deinit for plugins
2021-02-09 13:09:29 -06:00
Asher
3c6fac9ce4
Wait for inner process to exit
2021-02-09 13:09:28 -06:00
Asher
055e0ef9ec
Provide WsRouter to plugins
2021-02-09 13:09:27 -06:00
Asher
fb37473e72
Load only test plugin during tests
...
The other plugins in my path were causing the tests to fail.
2021-02-09 12:20:30 -06:00
Asher
f6b04c7c29
Expose proxy server to plugins
2021-02-09 12:19:39 -06:00
Asher
a8e928798b
Re-export express for plugins
2021-02-09 12:19:38 -06:00
Asher
5f1fab7d27
Re-export logger field for plugins
2021-02-09 12:19:36 -06:00
Joe Previte
719481e84e
refactor: add getPackageJson fn in constants
2021-02-08 16:21:30 -07:00
Anmol Sethi
05a0f213a7
Update proxy path passthrough documentation
...
Includes updated create-react-app docs.
Closes #2565
2021-02-05 11:44:38 -05:00
Anmol Sethi
c08e3bb06d
Add /absproxy to remove --proxy-path-passthrough
...
See https://github.com/cdr/code-server/issues/2222#issuecomment-765235938
Makes way more sense.
2021-02-05 11:44:34 -05:00
Anmol Sethi
58d72d53a1
routes/index.ts: register proxy routes before body-parser
...
Any json or urlencoded request bodies were being consumed by body-parser
before they could be proxied. That's why requests without Content-Type
were proxied correctly as body-parser would not consume their body.
This allows the http-proxy package to passthrough the request body correctly
in all instances.
Closes #2377
2021-02-01 11:08:40 -05:00
Anmol Sethi
f5cf3fd331
proxy.ts: Do not always rewrite redirects against the base path
...
This breaks --proxy-path-passthrough
However, we still need this when that code is disabled as many apps will
issue absolute redirects and expect the proxy to rewrite as appropriate.
e.g. Go's http.Redirect will rewrite relative redirects as absolute!
See https://golang.org/pkg/net/http/#Redirect
2021-02-01 11:08:40 -05:00
Joe Previte
646ee3ad7f
refactor: correct type signature in app.ts
2021-01-21 10:11:56 -07:00
Joe Previte
6bf51caa17
fix(app.ts): resolve with server
2021-01-21 10:11:10 -07:00
Joe Previte
f13ba9401b
fix(TS error): add void to promise in util
2021-01-21 10:11:10 -07:00
Anmol Sethi
28e98c0ee0
Merge pull request #2563 from cdr/proxy-path-passthrough-0bb9
...
pathProxy.ts: Implement --proxy-path-passthrough
2021-01-20 02:44:29 -05:00
Anmol Sethi
c32d8b155f
heart.ts: Fix leak when server closes
...
This had me very confused for quite a while until I did a binary search
inspection on route/index.ts. Only with the heart.beat line commented
out did my tests pass without leaking.
They weren't leaking fds but just this heartbeat timer and node of
course prints just fds that are active when it detects some sort of leak
I guess and that made the whole thing very confusing. These fds are not
leaked and will close when node's event loop detects there are no more
callbacks to run.
no of handles 3
tcp stream {
fd: 20,
readable: false,
writable: true,
address: {},
serverAddr: null
}
tcp stream {
fd: 22,
readable: false,
writable: true,
address: {},
serverAddr: null
}
tcp stream {
fd: 23,
readable: true,
writable: false,
address: {},
serverAddr: null
}
It kept printing the above text again and again for 60s and then the
test binary times out I think. I'm not sure if it was node printing the
stuff above or if it was a mocha thing. But it was really confusing...
cc @code-asher for thoughts on what was going on.
edit: It was the leaked-handles import in socket.test.ts!!!
Not sure if we should keep it, this was really confusing and misleading.
2021-01-20 02:06:44 -05:00
Anmol Sethi
5c06646f58
Formatting and linting fixes
2021-01-20 02:06:44 -05:00
Anmol Sethi
240c8e266e
test: Implement integration.ts for near full stack integration testing
2021-01-20 02:06:44 -05:00
Anmol Sethi
d3074278ca
app.ts: Fix createApp to log all http server errors
...
cc @code-asher
2021-01-20 02:06:43 -05:00
Anmol Sethi
ba4a24809c
routes/index.ts: Correctly register wsErrorHandler
...
express requires all 4 arguments to be declared for a error handler.
It's very unfortunate that our types do not handle this.
2021-01-20 02:06:43 -05:00
Anmol Sethi
f169e3ac66
pathProxy.ts: Implement --proxy-path-passthrough
...
Closes #2222
2021-01-20 02:06:43 -05:00
Anmol Sethi
d234ddc1e1
vscode.ts: Fix close current folder
...
Fixes VscodeProvider to correctly obey the ew parameter.
Based on changes by @rdbeach. See the previous commit.
2021-01-18 11:29:18 -05:00
Robert Beach
28c7340608
Fix Close Folder/Workspace ( #2532 )
...
When you choose to close the current folder, it doesn't close properly
because the lastVisiited setting is still use. This fixes that.
2021-01-18 11:28:29 -05:00
Asher
f763319bc3
Merge pull request #2160 from cdr/github-auth
...
Fix GitHub auth
2020-12-18 10:54:51 -08:00
Anmol Sethi
cb446666fa
Merge pull request #2487 from cdr/proxy-docs-86d4
...
proxy-agent: Use proxy-from-env and add docs
2020-12-18 13:06:47 -05:00
Asher
5f7f7f1a92
Simplify query concatenation in URL callback
...
Cases in URLs like ?&a=b or ?a=b& appear to be handled just fine.
2020-12-18 11:31:25 -06:00
Anmol Sethi
60c270aef5
cli: hashedPassword -> hashed-password ( #2454 )
...
Capital letters in the CLI are evil.
cc @code-asher
2020-12-18 12:20:38 -05:00
Anmol Sethi
ae902b9dd1
proxy_agent: Use proxy-from-env for robustness
...
Now we support pretty much every variable under the sun along with
$NO_PROXY all correctly and with minimal code on our end.
2020-12-18 11:10:07 -05:00
Anmol Sethi
94b4ba131e
proxy_agent: Implement $HTTPS_PROXY
...
Just convention, see https://golang.org/pkg/net/http/#ProxyFromEnvironment
2020-12-18 10:39:31 -05:00
Anmol Sethi
ecb4d07364
proxy_agent: Improve documentation
2020-12-18 10:38:46 -05:00
Anmol Sethi
3efd515cdf
proxy_agent: Fix very embarrassing mistake
2020-12-18 04:24:27 -05:00
Asher
58c1be57fa
Implement callback endpoints
...
VS Code uses these during the authentication flow.
2020-12-17 15:49:36 -06:00
Asher
f8b782bd68
Move ignore-last-opened to ipc.d.ts
...
This is so it can be used in VS Code. Don't tell anyone but I forgot to
run `yarn ci`.
2020-12-15 11:14:21 -06:00