Archived
1
0
Commit Graph

84 Commits

Author SHA1 Message Date
Asher
19bcd043d7
Add debug log for origin check (#6096)
Extracted host detection into a separate function to avoid multiple log
lines on each return and went with a thrown error to consolidate the
common log text.
2023-03-30 12:24:33 -05:00
Asher
d477972c68
Add origin checks to web sockets (#6048)
* Move splitOnFirstEquals to util

I will be making use of this to parse the forwarded header.

* Type splitOnFirstEquals with two items

Also add some test cases.

* Check origin header on web sockets

* Update changelog with origin check

* Fix web sockets not closing with error code
2023-03-03 03:12:34 -06:00
Joe Previte
506d3f43ed
feat(http): keep slashes in queryParams in redirects (#4928)
* refactor(http): extract logic into constructRedirectPath

This allows us to easily test our redirect path construction logic where we get
the relative path, the query string and construct a redirect path.

By extracting this from `redirect`, we can easily test this logic in a unit
test.

I did this so we could test some logic where slashes in query strings should be
made human-friendly for users.

* feat(testing): add tests for constructRedirectPath

Co-authored-by: Asher <ash@coder.com>
2022-03-01 12:11:56 -07:00
Edouard Vincent
b3cf4c32ff
style: cookie doman => cookie domain (#4919)
Co-authored-by: Joe Previte <jjprevite@gmail.com>
2022-03-01 08:43:41 -07:00
Asher
c4c480a068
Implement last opened functionality (#4633)
* Implement last opened functionality

Fixes https://github.com/cdr/code-server/issues/4619

* Fix test temp dirs not being cleaned up

* Mock logger everywhere

This suppresses all the error and debug output we generate which makes
it hard to actually find which test has failed.  It also gives us a
standard way to test logging for the few places we do that.

* Use separate data directories for unit test instances

Exactly as we do for the e2e tests.

* Add integration tests for vscode route

* Make settings use --user-data-dir

Without this test instances step on each other feet and they also
clobber your own non-test settings.

* Make redirects consistent

They will preserve the trailing slash if there is one.

* Remove compilation check

If you do a regular non-watch build there are no compilation stats so
this bricks VS Code in CI when running the unit tests.

I am not sure how best to fix this for the case where you have a build
that has not been packaged yet so I just removed it for now and added a
message to check if VS Code is compiling when in dev mode.

* Update code-server update endpoint name
2021-12-17 13:06:52 -06:00
Asher
4b4ec37880
Fix relative paths (#4594)
* Add tests for relativeRoot

* Remove path.posix.join

Since this is for file system paths it feels incorrect to use it on
URL paths as they are different in many ways.

* Rewrite cookie path logic

Before we relied on the client to resolve the base given to it by the
backend against the path.

Instead have the client pass that information along so we can resolve it
on the backend.  This means the client has to do less work.

* Do not remove out directory before watch

This is re-used for incremental compilation.

Also remove del since that was the only use (and we can use fs.rmdir in
the future if we need something like this).

* Remove unused function resolveBase
2021-12-08 15:52:15 -06:00
JounQin
6c9c84090e
chore: replace eslint-import-resolver-alias with eslint-import-resolver-typescript (#4546)
Co-authored-by: Joe Previte <jjprevite@gmail.com>
2021-12-07 14:39:01 -07:00
Teffen
62b3a6fd9f
Proxy path fixes (#4548)
* Fix issue where HTTP error status codes are not read.

* Fix issues surrounding sessions when accessed from a proxy.

- Updated vscode args to match latest upstream.
- Fixed issues surrounding trailing slashes affecting base paths.
- Updated cookie names to better match upstream's usage, debuggability.

* Bump vendor.

* Update tests.

* Fix issue where tests lack cookie key.

Co-authored-by: Asher <ash@coder.com>
2021-12-01 18:21:52 -06:00
Joe Previte
705e821741
fix(testing): revert change & fix playwright tests (#4310)
* fix(testing): revert change & fix playwright tests

* fix(constants): add type to import statement

* refactor(e2e): delete browser test

This test was originally added to ensure playwright was working.

At this point, we know it works so removing this test because it doesn't help
with anything specific to code-server and only adds unnecessary code to the
codebase plus increases the e2e test job duration.

* chore(e2e): use 1 worker for e2e test

I don't know if it's a resources issue, playwright, or code-server but it seems
like the e2e tests choke when multiple workers are used.

This change is okay because our CI runner only has 2 cores so it would only use
1 worker anyway, but by specifying it in our playwright config, we ensure more
stability in our e2e tests working correctly.

See these PRs:
- https://github.com/cdr/code-server/pull/3263
- https://github.com/cdr/code-server/pull/4310

* revert(vscode): add missing route with redirect

* chore(vscode): update to latest fork

* Touch up compilation step.

* Bump vendor.

* Fix VS Code minification step

* Move ClientConfiguration to common

Common code must not import Node code as it is imported by the browser.

* Ensure lib directory exists before curling

cURL errors now because VS Code was moved and the directory does not
exist.

* Update incorrect e2e test help output

Revert workers change as well; this can be overridden when desired.

* Add back extension compilation step

* Include missing resources in release

This includes a favicon, for example.  I opted to include the entire
directory to make sure we do not miss anything.  Some of the other
stuff looks potentially useful (like completions).

* Set quality property in product configuration

When httpWebWorkerExtensionHostIframe.html is fetched it uses the web
endpoint template (in which we do not include the commit) but if the
quality is not set it prepends the commit to the web endpoint instead.
The new static endpoint does not use/handle commits so this 404s.

Long-term we might want to make the new static endpoint use commits like
the old one but we will also need to update the various other static
URLs to include the commit.

For now I just fixed this by adding the quality since:
  1. Probably faster than trying to find and update all static uses.
  2. VS Code probably expects it anyway.
  3. Gives us better control over the endpoint.

* Update VS Code

This fixes several build issues.

* Bump vscode.

* Bump.

* Bump.

* Use CLI directly.

* Update tests to reflect new upstream behavior.

* Move unit tests to after the build

Our code has new dependencies on VS Code that are pulled in when the
unit tests run.  Because of this we need to build VS Code before running
the unit tests (as it only pulls built code).

* Upgrade proxy-agent dependencies

This resolves a security report with one of its dependencies (vm2).

* Symlink VS Code output directory before unit tests

This is necessary now that we import from the out directory.

* Fix issues surrounding persistent processes between tests.

* Update VS Code cache directories

These were renamed so the cached paths need to be updated.  I changed
the key as well to force a rebuild.

* Move test symlink to script

This way it works for local testing as well.

I had to use out-build instead of out-vscode-server-min because Jest
throws some obscure error about a handlebars haste map.

* Fix listening on a socket

* Update VS Code

It contains fixes for missing files in the build.

* Standardize disposals

* Dispose HTTP server

Shares code with the test HTTP server.  For now it is a function but
maybe we should make it a class that is extended by tests.

* Dispose app on exit

* Fix logging link errors

Unfortunately the logger currently chokes when provided with error
objects.

Also for some reason the bracketed text was not displaying...

* Update regex used by e2e to extract address

The address was recently changed to use URL which seems to add a
trailing slash when using toString, causing the regex match to fail.

* Log browser console in e2e tests

* Add base back to login page

This is used to set cookies when using a base path.

* Remove login page test

The file this was testing no longer exists.

* Use path.posix for static base

Since this is a web path and not platform-dependent.

* Add test for invalid password

Co-authored-by: Teffen Ellis <teffen@nirri.us>
Co-authored-by: Asher <ash@coder.com>
2021-10-28 15:27:17 -05:00
Teffen Ellis
d8c344beda Refactor vscode endpoints to use fork directly. 2021-09-30 19:14:17 -04:00
Joe Previte
c0e123a801
fix(http): escape req.query.to in replaceTemplates 2021-07-01 10:43:37 -07:00
Joe Previte
2ba03c3424
docs: clarify redirect function in http.ts usage 2021-07-01 10:43:37 -07:00
Joe Previte
3b50bfc17d
fix: sanitize password and cookie key 2021-06-08 14:33:17 -07:00
Joe Previte
8c2bb61af9
refactor: parse options with multiple = in cli
There was a case with the hashed-password which had multiple equal signs in the
value and it wasn't being parsed correctly. This uses a new function and adds a
few tests.
2021-06-08 14:33:17 -07:00
Joe Previte
517aaf71c5
docs: update FAQ with new hashing instructions 2021-06-08 14:33:16 -07:00
Joe Previte
923761cd78
refactor: password logic in http w/ isCookieValid 2021-06-08 14:33:16 -07:00
Joe Previte
0cdbd33b46
refactor: make authenticated async everywhere
Since this checks if they are authenticated using the hash/password and it's
async, we need to update authenticated to be async, which means we have to
update it everywhere it's used.
2021-06-08 14:33:14 -07:00
Joe Previte
aaf044728f
refactor: add functions to check hash password 2021-06-08 14:33:12 -07:00
Asher
36aad9bdab
Move global express args definition
This way tests that import the http utilities but not the routes won't
error due to missing types.
2021-02-09 13:09:36 -06:00
Anmol Sethi
60c270aef5
cli: hashedPassword -> hashed-password (#2454)
Capital letters in the CLI are evil.

cc @code-asher
2020-12-18 12:20:38 -05:00
SPGoding
1dd7e4b4e1
Add hashedPassword config (#2409)
Resolve #2225.
2020-12-08 14:54:17 -06:00
Asher
79478eb89f
Clarify some points around the cookie domain
Also add a check that the domain has a dot. This covers the localhost
case as well, so remove that.
2020-11-10 18:53:38 -06:00
Asher
7b2752a62c
Move websocket routes into a separate app
This is mostly so we don't have to do any wacky patching but it also
makes it so we don't have to keep checking if the request is a web
socket request every time we add middleware.
2020-11-05 15:08:09 -06:00
Asher
9e09c1f92b
Upgrade to Express 5
Now async routes are handled!
2020-11-05 15:08:08 -06:00
Asher
34225e2bdf
Use ensureAuthenticated as middleware 2020-11-04 17:07:40 -06:00
Asher
476379a77e
Fix cookie domain
Had double Domain=
2020-11-04 17:07:39 -06:00
Asher
8066da12fe
Remove unused Locals interface 2020-11-03 15:37:22 -06:00
Asher
112eda4605
Convert routes to Express 2020-10-26 17:56:13 -05:00
Asher
2928d362fa
Move heart and AuthType out of http
This file is going to get blasted in favor of Express.
2020-10-20 16:18:24 -05:00
Asher
dcb303a437
Move argument defaults into setDefaults 2020-10-20 16:15:13 -05:00
Anmol Sethi
2d1de749f4
Unlink socket before using (#2181)
See https://stackoverflow.com/a/34881585/4283659

Closes #1538
2020-10-09 12:34:52 -04:00
Asher
11eaf0b470
Fix being unable to use [::] for the host
Fixes #1582.
2020-09-30 12:49:36 -05:00
Asher
9d87c5328c
Add robots.txt (#2080)
Closes #1886.
2020-09-14 17:34:48 -05:00
Jacob Goldman
75c8fdeed2
Added /healthz JSON response for heartbeat data. #1940 (#1984) 2020-08-31 10:29:12 -05:00
Asher
de568d446b
Add cookie domain debug logs
To help debug login issues.
2020-08-13 17:06:32 -05:00
Asher
7d02f34f71
Merge pull request #1934 from cdr/plugin
Add plugin system for adding http endpoints
2020-08-13 16:59:44 -05:00
G r e y
6e27869c09
Add str param to plural util
Adds a str param to common/util::plural for pluralizing a string.
Applies plural to entry.ts.
2020-08-09 00:06:18 -05:00
Asher
361e7103ea
Enable loading external plugins 2020-07-31 17:42:48 -05:00
Asher
bac948ea6f
Add plugin system 2020-07-31 15:08:02 -05:00
Asher
e86c066438
Add helper functions to make some code clearer 2020-07-30 12:14:31 -05:00
Asher
7c2ca7d03e
Add the ability to prepend to the proxy path
This is for applications like Jupyter that aren't base path agnostic.
2020-07-29 18:48:06 -05:00
Asher
c67d31580f
Include details if any in JSON requests 2020-07-29 18:48:05 -05:00
Asher
58bd7008b4
Make dispose async 2020-07-29 18:48:04 -05:00
Asher
e8f6d30055
Make providers endpoint-agnostic
A provider can now be registered on multiple endpoints (or potentially
moved if needed).
2020-07-27 12:00:48 -05:00
Anmol Sethi
00d164b67f
Add default config file and improve config/data directory detection 2020-05-12 19:59:54 -04:00
Asher
27ba64c7e4
Improve request error handling
See #1532 for more context.

- Errored JSON requests will get back the error in JSON instead of using
  the status text. This seems better to me because it seems more correct
  to utilize the response body over hijacking the status text. The
  caller is expecting JSON anyway. Worst of all I never actually set the
  status text like I thought I did so it wasn't working to begin with.
- Allow the update error to propagate for JSON update requests. It was
  caught to show the error inline instead of an error page when using
  the update page but for JSON requests it meant there was no error and
  no error code so it looked like it succeeded.
- Make errors for failed requests to GitHub less incomprehensible.
  Previously they would just be the code which is no context at all.
2020-04-17 15:16:10 -05:00
Asher
28e91ba70c
Fix domain issues when setting the cookie
Fixes #1507.
2020-04-13 16:14:40 -05:00
Asher
a288351ad4
Respond when proxy errors
Otherwise the request will just hang.
2020-04-08 11:54:18 -05:00
Asher
a5d1d3b90e
Move proxy logic into main HTTP server
This makes the code much more internally consistent (providers just
return payloads, include the proxy provider).
2020-04-02 13:40:29 -05:00
Asher
411c61fb02
Create helper for determining if route is the root 2020-04-02 13:40:26 -05:00