* fix(testing): revert change & fix playwright tests
* fix(constants): add type to import statement
* refactor(e2e): delete browser test
This test was originally added to ensure playwright was working.
At this point, we know it works so removing this test because it doesn't help
with anything specific to code-server and only adds unnecessary code to the
codebase plus increases the e2e test job duration.
* chore(e2e): use 1 worker for e2e test
I don't know if it's a resources issue, playwright, or code-server but it seems
like the e2e tests choke when multiple workers are used.
This change is okay because our CI runner only has 2 cores so it would only use
1 worker anyway, but by specifying it in our playwright config, we ensure more
stability in our e2e tests working correctly.
See these PRs:
- https://github.com/cdr/code-server/pull/3263
- https://github.com/cdr/code-server/pull/4310
* revert(vscode): add missing route with redirect
* chore(vscode): update to latest fork
* Touch up compilation step.
* Bump vendor.
* Fix VS Code minification step
* Move ClientConfiguration to common
Common code must not import Node code as it is imported by the browser.
* Ensure lib directory exists before curling
cURL errors now because VS Code was moved and the directory does not
exist.
* Update incorrect e2e test help output
Revert workers change as well; this can be overridden when desired.
* Add back extension compilation step
* Include missing resources in release
This includes a favicon, for example. I opted to include the entire
directory to make sure we do not miss anything. Some of the other
stuff looks potentially useful (like completions).
* Set quality property in product configuration
When httpWebWorkerExtensionHostIframe.html is fetched it uses the web
endpoint template (in which we do not include the commit) but if the
quality is not set it prepends the commit to the web endpoint instead.
The new static endpoint does not use/handle commits so this 404s.
Long-term we might want to make the new static endpoint use commits like
the old one but we will also need to update the various other static
URLs to include the commit.
For now I just fixed this by adding the quality since:
1. Probably faster than trying to find and update all static uses.
2. VS Code probably expects it anyway.
3. Gives us better control over the endpoint.
* Update VS Code
This fixes several build issues.
* Bump vscode.
* Bump.
* Bump.
* Use CLI directly.
* Update tests to reflect new upstream behavior.
* Move unit tests to after the build
Our code has new dependencies on VS Code that are pulled in when the
unit tests run. Because of this we need to build VS Code before running
the unit tests (as it only pulls built code).
* Upgrade proxy-agent dependencies
This resolves a security report with one of its dependencies (vm2).
* Symlink VS Code output directory before unit tests
This is necessary now that we import from the out directory.
* Fix issues surrounding persistent processes between tests.
* Update VS Code cache directories
These were renamed so the cached paths need to be updated. I changed
the key as well to force a rebuild.
* Move test symlink to script
This way it works for local testing as well.
I had to use out-build instead of out-vscode-server-min because Jest
throws some obscure error about a handlebars haste map.
* Fix listening on a socket
* Update VS Code
It contains fixes for missing files in the build.
* Standardize disposals
* Dispose HTTP server
Shares code with the test HTTP server. For now it is a function but
maybe we should make it a class that is extended by tests.
* Dispose app on exit
* Fix logging link errors
Unfortunately the logger currently chokes when provided with error
objects.
Also for some reason the bracketed text was not displaying...
* Update regex used by e2e to extract address
The address was recently changed to use URL which seems to add a
trailing slash when using toString, causing the regex match to fail.
* Log browser console in e2e tests
* Add base back to login page
This is used to set cookies when using a base path.
* Remove login page test
The file this was testing no longer exists.
* Use path.posix for static base
Since this is a web path and not platform-dependent.
* Add test for invalid password
Co-authored-by: Teffen Ellis <teffen@nirri.us>
Co-authored-by: Asher <ash@coder.com>
CodeQL caught a path where we were passing in req.query.path
to pathToFsPath, which may not have been a string.
So we refactored some things to ensure we only pass it a string
which also let us change the parameter type to string
instead of string | string[].
There's a chance this function can be called with a path that is not a string.
To catch that, we check if path is of a different type and throw an error if it
is.
This also adds a couple tests for this function.
This can be used to escape any special characters in a string with HTML before
sending from the server back to the client. This is important to prevent a
cross-site scripting attack.
Previously, we used argon2 to verify the hash with the password.
If the hash didn't start with a $, then it would enter the catch block.
Now we check the hash before trying to verify it and we also throw an Error if
the verify fails.
This makes the isHashMatch function more robust.
There was a case with the hashed-password which had multiple equal signs in the
value and it wasn't being parsed correctly. This uses a new function and adds a
few tests.
Remove the Mac directory copy instead of refactoring it since we've had
this for a long time now and I think it's safe to assume that users
running code-server on Mac don't have the old directory anymore.
Now we add a subject alt name, set extendedKeyUsage and use the
correct certificate extension.
The above allow it to be properly trusted by iOS.
See https://support.apple.com/en-us/HT210176
*.cert isn't a real extension for certificates, *.crt is correct
for it to be recognized by e.g. keychain or when importing as a profile
into iOS.
Updates #1566
I've been able to successfully connect from my iPad Pro now to my
code-server instance with a self signed certificate! Next commit
will be docs.
I temporarily removed this during the refactor so it needed to be added
back. This time I bundled it with the nbin loader code since it's all
related (will also make it easier to remove).
Fixes issues with unexpected characters breaking things when setting the
cookie (like semicolons).
This change as-is does not affect the security of code-server
itself (we've just replaced the static password with a static hash) but
if we were to add a salt in the future it would let us invalidate keys
by rehashing with a new salt which could be handy.
