Archived
1
0
Commit Graph

66 Commits

Author SHA1 Message Date
Asher
eb498b0d6d
Remove humanPath (#6404)
The tilde is ambiguous and it can be helpful to know exactly what paths
code-server is trying to use, especially if it is running as a different
user than you expected.
2023-08-29 14:25:24 -08:00
Asher
d477972c68
Add origin checks to web sockets (#6048)
* Move splitOnFirstEquals to util

I will be making use of this to parse the forwarded header.

* Type splitOnFirstEquals with two items

Also add some test cases.

* Check origin header on web sockets

* Update changelog with origin check

* Fix web sockets not closing with error code
2023-03-03 03:12:34 -06:00
Daniil Gentili
b562d4a880
Allow opening files at a specific line and column (fixes #5619) (#5620)
* Allow opening files at a specific line and column (fixes #5619)

* Add isDirectory test
2022-10-06 11:12:21 -07:00
Joe Previte
61138b4a61
refactor: open function (#5257)
* refactor: fix type annotations in open

There was no clear reason as to why we needed to use type assertions
when initializing both `args` and `options` in `open` so I refactored
them both.

* refactor: create constructOpenOptions

* refactor: add urlSearch and remove options

* feat: add tests for constructOpenOptions
2022-06-15 20:53:07 +00:00
Joe Previte
2c1cf0259e
feat: add tests for isWsl (#5251)
* refactor: add docs to isWsl and make easier to test

* feat: add tests for isWsl

* fixup!: refactor isWsl and tests

* Update test/unit/node/util.test.ts

Co-authored-by: Asher <ash@coder.com>

* Update test/unit/node/util.test.ts

Co-authored-by: Asher <ash@coder.com>

Co-authored-by: Asher <ash@coder.com>
2022-06-10 20:00:20 +00:00
Joe Previte
a02f47714e refactor: remove unused code enumToArray 2022-05-10 23:26:04 +00:00
Joe Previte
b13849ded0
refactor: remove dead code (#5188)
* refactor: delete unused code

* refactor: move onLine to test helpers

* Revert "refactor: move onLine to test helpers"

This reverts commit 32cc27b213.

* fixup! refactor: delete unused code
2022-05-10 22:44:54 +00:00
Joe Previte
cd78f32dc0
refactor(util): remove unused isObject function (#5183) 2022-05-10 00:24:25 +00:00
Joe Previte
25b1340771
revert: @node-rs/argon2 -> node-argon2 (#4829)
* revert: partial revert of 723469ab5b

This reverts part of the changes introduced in refactor: migrate from argon2 ->
@node-rs/argon2 (#4733)

Switching to @node-rs/argon2 introduced bugs that we couldn't solve due to
limitations in npm.

see here
https://github.com/coder/code-server/issues/4804#issuecomment-1030338395
2022-02-04 15:52:42 -07:00
Joe Previte
00224fa73a
feat: add test for hash when error (#4814) 2022-02-03 14:22:16 -07:00
Joe Previte
723469ab5b
refactor: migrate from argon2 -> @node-rs/argon2 (#4733)
* chore(deps): replace argon2 w/@node-rs/argon2

* refactor: clean up hashPassword functions

* refactor(util): pass in process.platform

* fix: use correct settings for test-extension

Before, it was running into errors with an @types package.

Now, we're correctly running `tsc` so it picks up our `tsconfig.json` and we're
telling TypeScript to not typecheck our lib and exclude `node_modules`
2022-01-18 16:13:39 -07:00
Asher
c4c480a068
Implement last opened functionality (#4633)
* Implement last opened functionality

Fixes https://github.com/cdr/code-server/issues/4619

* Fix test temp dirs not being cleaned up

* Mock logger everywhere

This suppresses all the error and debug output we generate which makes
it hard to actually find which test has failed.  It also gives us a
standard way to test logging for the few places we do that.

* Use separate data directories for unit test instances

Exactly as we do for the e2e tests.

* Add integration tests for vscode route

* Make settings use --user-data-dir

Without this test instances step on each other feet and they also
clobber your own non-test settings.

* Make redirects consistent

They will preserve the trailing slash if there is one.

* Remove compilation check

If you do a regular non-watch build there are no compilation stats so
this bricks VS Code in CI when running the unit tests.

I am not sure how best to fix this for the case where you have a build
that has not been packaged yet so I just removed it for now and added a
message to check if VS Code is compiling when in dev mode.

* Update code-server update endpoint name
2021-12-17 13:06:52 -06:00
Asher
4b4ec37880
Fix relative paths (#4594)
* Add tests for relativeRoot

* Remove path.posix.join

Since this is for file system paths it feels incorrect to use it on
URL paths as they are different in many ways.

* Rewrite cookie path logic

Before we relied on the client to resolve the base given to it by the
backend against the path.

Instead have the client pass that information along so we can resolve it
on the backend.  This means the client has to do less work.

* Do not remove out directory before watch

This is re-used for incremental compilation.

Also remove del since that was the only use (and we can use fs.rmdir in
the future if we need something like this).

* Remove unused function resolveBase
2021-12-08 15:52:15 -06:00
Asher
c3eb9b800e
Remove excessive reloading before VS Code is ready (#4589)
The watch script was reloading the web server after every extension
compilation which is not necessary plus VS Code will not even be ready
at that point anyway.

Instead restart when the main compilation is finished.  The string to
match with includes a "with" because otherwise it would match "Finished
compilation extensions" which is not the main compilation task where we
actually need to restart the web server.

I also replaced this.log with console.log because the former does not
include a newline and it appears we want newlines with all
these (otherwise the next log starts on the same line which looks odd).

I removed the cache clean as well because the cache is meant to stay
there to speed up builds.
2021-12-07 17:38:03 -06:00
Teffen
62b3a6fd9f
Proxy path fixes (#4548)
* Fix issue where HTTP error status codes are not read.

* Fix issues surrounding sessions when accessed from a proxy.

- Updated vscode args to match latest upstream.
- Fixed issues surrounding trailing slashes affecting base paths.
- Updated cookie names to better match upstream's usage, debuggability.

* Bump vendor.

* Update tests.

* Fix issue where tests lack cookie key.

Co-authored-by: Asher <ash@coder.com>
2021-12-01 18:21:52 -06:00
Teffen
3157a40044
Fix issues surrounding initial web server load. (#4509)
- Clean up watcher behaviors.
2021-11-19 16:03:40 -05:00
Joe Previte
0a072f7532
feat(testing): refactor humanPath and add tests (#4511)
* feat: add test for humanPath

* refactor: make humanPath pure and pass in homedir
2021-11-15 19:40:34 +00:00
Teffen
1b60ef418c
Use upstream server (#4414)
* Flesh out fixes to align with upstream.

* Update route handlers to better reflect fallback behavior.

* Add platform to vscode-reh-web task

Our strategy has been to build once and then recompile native modules
for individual platforms.  It looks like VS Code builds from scratch for
each platform.

But we can target any platform, grab the pre-packaged folder, then
continue with own packaging.

In the future we may want to rework to match upstream.

* Fix issue where workspace args are not parsed.

* Fix issues surrounding opening files within code-server's terminal.

* Readd parent wrapper for hot reload.

* Allow more errors.

* Fix issues surrounding Coder link.

* Add dir creation and fix cli

It seems VS Code explodes when certain directories do not exist so
import the reh agent instead of the server component since it creates
the directories (require patching thus the VS Code update).

Also the CLI (for installing extensions) did not seem to be working so
point that to the same place since it also exports a function for
running that part of the CLI.

* Remove hardcoded VSCODE_DEV=1

This causes VS Code to use the development HTML file.  Move this to the
watch command instead.

I deleted the other stuff before it as well since in the latest main.js
they do not have this code so I figure we should be safe to omit it.

* Fix mismatching commit between client and server

* Mostly restore command-line parity

Restore most everything and remove the added server arguments.  This
will let us add and remove options after later so we can contain the
number of breaking changes.

To accomplish this a hard separation is added between the CLI arguments
and the server arguments.

The separation between user-provided arguments and arguments with
defaults is also made more clear.

The extra directory flags have been left out as they were buggy and
should be implemented upstream although I think there are better
solutions anyway.  locale and install-source are unsupported with the
web remote and are left removed.  It is unclear whether they were used
before anyway.

Some restored flags still need to have their behavior re-implemented.

* Fix static endpoint not emitting 404s

This fixes the last failing unit test.

Fix a missing dependency, add some generic reverse proxy support for the
protocol, and add back a missing nfpm fix.

* Import missing logError

* Fix 403 errors

* Add code-server version to about dialog

* Use user settings to disable welcome page

The workspace setting seems to be recognized but if so it is having no
effect.

* Update VS Code cache step with new build directories

Co-authored-by: Asher <ash@coder.com>
2021-11-09 23:28:31 -06:00
Joe Previte
946e4e8843
feat(cli): add test for readSocketPath (#4284)
* fix: update isNodeJSErrnoException

* refactor(cli): export and purify readSocketPath

* feat: add tests for readSocketPath

* fix(ci): temporarily disable install deps from cache
2021-10-29 16:03:57 -07:00
Joe Previte
705e821741
fix(testing): revert change & fix playwright tests (#4310)
* fix(testing): revert change & fix playwright tests

* fix(constants): add type to import statement

* refactor(e2e): delete browser test

This test was originally added to ensure playwright was working.

At this point, we know it works so removing this test because it doesn't help
with anything specific to code-server and only adds unnecessary code to the
codebase plus increases the e2e test job duration.

* chore(e2e): use 1 worker for e2e test

I don't know if it's a resources issue, playwright, or code-server but it seems
like the e2e tests choke when multiple workers are used.

This change is okay because our CI runner only has 2 cores so it would only use
1 worker anyway, but by specifying it in our playwright config, we ensure more
stability in our e2e tests working correctly.

See these PRs:
- https://github.com/cdr/code-server/pull/3263
- https://github.com/cdr/code-server/pull/4310

* revert(vscode): add missing route with redirect

* chore(vscode): update to latest fork

* Touch up compilation step.

* Bump vendor.

* Fix VS Code minification step

* Move ClientConfiguration to common

Common code must not import Node code as it is imported by the browser.

* Ensure lib directory exists before curling

cURL errors now because VS Code was moved and the directory does not
exist.

* Update incorrect e2e test help output

Revert workers change as well; this can be overridden when desired.

* Add back extension compilation step

* Include missing resources in release

This includes a favicon, for example.  I opted to include the entire
directory to make sure we do not miss anything.  Some of the other
stuff looks potentially useful (like completions).

* Set quality property in product configuration

When httpWebWorkerExtensionHostIframe.html is fetched it uses the web
endpoint template (in which we do not include the commit) but if the
quality is not set it prepends the commit to the web endpoint instead.
The new static endpoint does not use/handle commits so this 404s.

Long-term we might want to make the new static endpoint use commits like
the old one but we will also need to update the various other static
URLs to include the commit.

For now I just fixed this by adding the quality since:
  1. Probably faster than trying to find and update all static uses.
  2. VS Code probably expects it anyway.
  3. Gives us better control over the endpoint.

* Update VS Code

This fixes several build issues.

* Bump vscode.

* Bump.

* Bump.

* Use CLI directly.

* Update tests to reflect new upstream behavior.

* Move unit tests to after the build

Our code has new dependencies on VS Code that are pulled in when the
unit tests run.  Because of this we need to build VS Code before running
the unit tests (as it only pulls built code).

* Upgrade proxy-agent dependencies

This resolves a security report with one of its dependencies (vm2).

* Symlink VS Code output directory before unit tests

This is necessary now that we import from the out directory.

* Fix issues surrounding persistent processes between tests.

* Update VS Code cache directories

These were renamed so the cached paths need to be updated.  I changed
the key as well to force a rebuild.

* Move test symlink to script

This way it works for local testing as well.

I had to use out-build instead of out-vscode-server-min because Jest
throws some obscure error about a handlebars haste map.

* Fix listening on a socket

* Update VS Code

It contains fixes for missing files in the build.

* Standardize disposals

* Dispose HTTP server

Shares code with the test HTTP server.  For now it is a function but
maybe we should make it a class that is extended by tests.

* Dispose app on exit

* Fix logging link errors

Unfortunately the logger currently chokes when provided with error
objects.

Also for some reason the bracketed text was not displaying...

* Update regex used by e2e to extract address

The address was recently changed to use URL which seems to add a
trailing slash when using toString, causing the regex match to fail.

* Log browser console in e2e tests

* Add base back to login page

This is used to set cookies when using a base path.

* Remove login page test

The file this was testing no longer exists.

* Use path.posix for static base

Since this is a web path and not platform-dependent.

* Add test for invalid password

Co-authored-by: Teffen Ellis <teffen@nirri.us>
Co-authored-by: Asher <ash@coder.com>
2021-10-28 15:27:17 -05:00
Teffen Ellis
d8c344beda Refactor vscode endpoints to use fork directly. 2021-09-30 19:14:17 -04:00
Joe Previte
a3cea88f51
feat: add tests for src/node/app.ts 2021-09-20 10:57:31 -07:00
ready-research
ca617df135
[Security] Fix ReDoS
Fix potential ReDoS
2021-09-11 18:40:47 +05:30
Joe Previte
5c61318592
refactor: only accept string in pathToFsPath
CodeQL caught a path where we were passing in req.query.path
to pathToFsPath, which may not have been a string.

So we refactored some things to ensure we only pass it a string
which also let us change the parameter type to string
instead of string | string[].
2021-07-21 11:11:59 -07:00
Joe Previte
7ce9ee0db6
fix: check path is string in pathToFsPath
There's a chance this function can be called with a path that is not a string.

To catch that, we check if path is of a different type and throw an error if it
is.

This also adds a couple tests for this function.
2021-07-12 16:39:42 -07:00
Joe Previte
2092f82270
fixup! fix: escape error.message on login failure 2021-07-01 10:43:37 -07:00
Joe Previte
c505fc45a8
feat: add escapeHtml function
This can be used to escape any special characters in a string with HTML before
sending from the server back to the client. This is important to prevent a
cross-site scripting attack.
2021-07-01 10:43:36 -07:00
Joe Previte
7f12fab3ca
fix(isHashMatch): check that hash starts with $
Previously, we used argon2 to verify the hash with the password.

If the hash didn't start with a $, then it would enter the catch block.

Now we check the hash before trying to verify it and we also throw an Error if
the verify fails.

This makes the isHashMatch function more robust.
2021-06-30 15:00:21 -07:00
Asher
49c44818d9
Move onLine to utilities
This way it can be used by the tests when spawning code-server on a
random port to look for the address.
2021-06-29 12:04:31 -05:00
Max Schmitt
dbb34ad710 chore: upgrade to Playwright 1.12 with its new test-runner 2021-06-10 15:09:38 +02:00
Joe Previte
1e55a648a5
feat: check for empty str in isHashMatch 2021-06-08 15:10:59 -07:00
Joe Previte
3b50bfc17d
fix: sanitize password and cookie key 2021-06-08 14:33:17 -07:00
Joe Previte
8c2bb61af9
refactor: parse options with multiple = in cli
There was a case with the hashed-password which had multiple equal signs in the
value and it wasn't being parsed correctly. This uses a new function and adds a
few tests.
2021-06-08 14:33:17 -07:00
Joe Previte
6020480b30
feat: add isCookieValid function and tests 2021-06-08 14:33:16 -07:00
Joe Previte
a14ea39c4a
feat: add handlePasswordValidation + tests 2021-06-08 14:33:15 -07:00
Joe Previte
7ff4117531
feat: add getPasswordMethod & test for it 2021-06-08 14:33:15 -07:00
Joe Previte
70197bb2a5
refactor: use argon2 instead of bcrypt
This uses argon2 instead of bcrypt.

Note: this means the hash functions are now async which means we have to
refactor a lot of other code around auth.
2021-06-08 14:33:13 -07:00
Joe Previte
aaf044728f
refactor: add functions to check hash password 2021-06-08 14:33:12 -07:00
Joe Previte
cac667317e
refactor: use bcrypt in hash function 2021-06-08 14:33:11 -07:00
Joe Previte
46fe77d464
chore: update CHANGELOG 2021-05-13 12:10:22 -07:00
Joe Previte
a57ee69822
feat: add runtime to getEnvPaths 2021-05-13 12:10:21 -07:00
Joe Previte
cb65590b98
refactor: move tmpdir into src/node/constants 2021-04-23 14:35:32 -07:00
Asher
964ebe8d0a
Replace fs-extra with fs.promises
Remove the Mac directory copy instead of refactoring it since we've had
this for a long time now and I think it's safe to assume that users
running code-server on Mac don't have the old directory anymore.
2021-03-16 12:51:08 -05:00
Joe Previte
f13ba9401b
fix(TS error): add void to promise in util 2021-01-21 10:11:10 -07:00
Asher
e1702a1d21
Merge branch master into code-asher/ch1385 2020-11-12 11:52:02 -06:00
Asher
c10450c4c5
Move isFile into util
That allows its use in entry.ts as well.
2020-11-03 15:27:20 -06:00
Anmol Sethi
a1b61d1659
src/node/util.ts: Mark generated certificates as CA
Required for access under iPad.
2020-10-30 13:36:53 -04:00
Anmol Sethi
bae28727bd
src/node/cli.ts: Add --cert-host to configure generated certificate hostname 2020-10-30 13:36:53 -04:00
Anmol Sethi
8b85006996
src/node/util.ts: Make certificate generation "modern"
Now we add a subject alt name, set extendedKeyUsage and use the
correct certificate extension.

The above allow it to be properly trusted by iOS.

See https://support.apple.com/en-us/HT210176

*.cert isn't a real extension for certificates, *.crt is correct
for it to be recognized by e.g. keychain or when importing as a profile
into iOS.

Updates #1566

I've been able to successfully connect from my iPad Pro now to my
code-server instance with a self signed certificate! Next commit
will be docs.
2020-10-30 13:36:53 -04:00
Anmol Sethi
10b3028196
util: Generate self signed certificate into data directory
Closes #1778
2020-10-30 13:36:53 -04:00