Archived
1
0
Commit Graph

68 Commits

Author SHA1 Message Date
Joe Previte
aaf044728f
refactor: add functions to check hash password 2021-06-08 14:33:12 -07:00
Asher
083400b50a
Add flag to enable permessage-deflate 2021-05-05 12:24:34 -05:00
Asher
92bf2c9760
Add dev mode constant 2021-05-05 10:16:01 -05:00
Asher
49c26f70f7
Add logout route 2021-05-04 13:29:39 -05:00
Asher
e7a527514a
Add authed context key 2021-05-03 15:00:54 -05:00
Asher
b9c80b8520
Merge pull request #3178 from code-asher/connections
Minor connections refactor
2021-04-21 12:22:45 -05:00
Asher
f0bafa387f
Move connection logic into connection class
- Moved everything I could into the class itself.
- Improve the logging situation a bit.
- Switch some trace logs to debug.
- Get debug port from message arguments.
2021-04-21 11:48:45 -05:00
Joe Previte
f80d5c3764
refactor: rateLimiter.canTry logic to check >= 1 2021-04-19 13:14:19 -07:00
Joe Previte
7a5042176e
fix: update logic for removing token from limiter 2021-04-19 11:12:43 -07:00
Joe Previte
a3f18d6158
refactor: change limiter.Try() to .removeToken() 2021-04-19 10:57:50 -07:00
Joe Previte
d8e45057c7
refactor: update rateLimiter to check try
This changes adds a new method called `.canTry` to the rate limiter to check if
there are tokens remaining in the bucket.

It also adds suggestions from @oxy to make sure the user can brute force past
the rate limiter.
2021-04-19 10:40:59 -07:00
Joe Previte
08521077f0
refactor(login): move rate limiter after successful login
Before, we weren't checking if a login was successful before counting it
against the rate limiter.

With this change, we only count unsuccessful logins against the rate limiter.

We did this because this was a bug but also because it caused problems with our
e2e tests hitting the rate limit.
2021-04-19 10:40:59 -07:00
Joe Previte
4683d8a077
fix: update comment and export rateLimiter 2021-04-19 10:40:58 -07:00
Asher
18ace7b906
Don't send permessage-deflate header if not supported (#2993) 2021-03-29 12:59:36 -05:00
Asher
5a1f62a8fb
Support permessage-deflate web socket extension (#2846) 2021-03-10 13:14:24 -06:00
Asher
4d3d1b844d
Handle permessage-deflate on sockets
With this the extension host is working again.
2021-03-02 17:18:49 -06:00
Joe Previte
b02d2fb3cc
feat: add cookie utils for e2e tests 2021-02-22 13:41:10 -07:00
Asher
2d8b785fb8
Fix health socket not getting client messages
Forgot to resume. Went ahead and did the same for the test plugin
although it only sends messages and doesn't receive any.
2021-02-16 15:01:46 -06:00
Asher
619934dc29
Authenticate plugin routes (#2720) 2021-02-12 14:56:39 -06:00
Asher
e4e0ac43b0
Don't load plugins in tests
This can affect the test behavior and results.
2021-02-09 15:39:57 -06:00
Asher
3226d50747
Rename papi to pluginApi 2021-02-09 13:09:40 -06:00
Asher
2fe3d57df3
Mount plugins before bodyParser
Otherwise it consumes the body and plugins won't be able to do things
like proxy POST requests.
2021-02-09 13:09:39 -06:00
Asher
36aad9bdab
Move global express args definition
This way tests that import the http utilities but not the routes won't
error due to missing types.
2021-02-09 13:09:36 -06:00
Asher
b13db3124b
Add health websocket
This is used by some of our services.
2021-02-09 13:09:33 -06:00
Asher
00cfd9bdf1
Add working directory to plugin config 2021-02-09 13:09:31 -06:00
Asher
017b1cc633
Add deinit for plugins 2021-02-09 13:09:29 -06:00
Asher
055e0ef9ec
Provide WsRouter to plugins 2021-02-09 13:09:27 -06:00
Anmol Sethi
c08e3bb06d
Add /absproxy to remove --proxy-path-passthrough
See https://github.com/cdr/code-server/issues/2222#issuecomment-765235938

Makes way more sense.
2021-02-05 11:44:34 -05:00
Anmol Sethi
58d72d53a1
routes/index.ts: register proxy routes before body-parser
Any json or urlencoded request bodies were being consumed by body-parser
before they could be proxied. That's why requests without Content-Type
were proxied correctly as body-parser would not consume their body.

This allows the http-proxy package to passthrough the request body correctly
in all instances.

Closes #2377
2021-02-01 11:08:40 -05:00
Anmol Sethi
f5cf3fd331
proxy.ts: Do not always rewrite redirects against the base path
This breaks --proxy-path-passthrough

However, we still need this when that code is disabled as many apps will
issue absolute redirects and expect the proxy to rewrite as appropriate.

e.g. Go's http.Redirect will rewrite relative redirects as absolute!
See https://golang.org/pkg/net/http/#Redirect
2021-02-01 11:08:40 -05:00
Anmol Sethi
c32d8b155f
heart.ts: Fix leak when server closes
This had me very confused for quite a while until I did a binary search
inspection on route/index.ts. Only with the heart.beat line commented
out did my tests pass without leaking.

They weren't leaking fds but just this heartbeat timer and node of
course prints just fds that are active when it detects some sort of leak
I guess and that made the whole thing very confusing. These fds are not
leaked and will close when node's event loop detects there are no more
callbacks to run.

no of handles 3

tcp stream {
  fd: 20,
  readable: false,
  writable: true,
  address: {},
  serverAddr: null
}

tcp stream {
  fd: 22,
  readable: false,
  writable: true,
  address: {},
  serverAddr: null
}

tcp stream {
  fd: 23,
  readable: true,
  writable: false,
  address: {},
  serverAddr: null
}

It kept printing the above text again and again for 60s and then the
test binary times out I think. I'm not sure if it was node printing the
stuff above or if it was a mocha thing. But it was really confusing...

cc @code-asher for thoughts on what was going on.

edit: It was the leaked-handles import in socket.test.ts!!!
Not sure if we should keep it, this was really confusing and misleading.
2021-01-20 02:06:44 -05:00
Anmol Sethi
ba4a24809c
routes/index.ts: Correctly register wsErrorHandler
express requires all 4 arguments to be declared for a error handler.
It's very unfortunate that our types do not handle this.
2021-01-20 02:06:43 -05:00
Anmol Sethi
f169e3ac66
pathProxy.ts: Implement --proxy-path-passthrough
Closes #2222
2021-01-20 02:06:43 -05:00
Asher
f763319bc3
Merge pull request #2160 from cdr/github-auth
Fix GitHub auth
2020-12-18 10:54:51 -08:00
Asher
5f7f7f1a92
Simplify query concatenation in URL callback
Cases in URLs like ?&a=b or ?a=b& appear to be handled just fine.
2020-12-18 11:31:25 -06:00
Anmol Sethi
60c270aef5
cli: hashedPassword -> hashed-password (#2454)
Capital letters in the CLI are evil.

cc @code-asher
2020-12-18 12:20:38 -05:00
Asher
58c1be57fa
Implement callback endpoints
VS Code uses these during the authentication flow.
2020-12-17 15:49:36 -06:00
Anmol Sethi
244afa402e
routes: Redirect from /login when auth is disabled (#2456)
Sometimes I start with auth but then disable. Now I can just reload the
login page in my browser to be greeted with code-server.
2020-12-14 12:33:36 -05:00
SPGoding
1dd7e4b4e1
Add hashedPassword config (#2409)
Resolve #2225.
2020-12-08 14:54:17 -06:00
Anmol Sethi
cc18175ce3
cli: Add --disable-update-check flag
Closes #2361
2020-11-30 15:30:06 -05:00
Anmol Sethi
fb63c0cd22
vscode: Show notification when upgrade is available
And link to the release notes.
2020-11-24 12:13:21 -05:00
Asher
72caafe8b0
Fix service worker not loading (#2335)
I removed this under the impression the default was to allow it anywhere
but that's not the case. Since the service worker was already registered
in my browser I never got the error during testing.
2020-11-19 10:18:15 -06:00
Asher
182791319a
Fix tar authentication
It was checking the request path but for tars the path is in the query
variable so the request path is irrelevant.
2020-11-18 17:15:53 -06:00
Asher
2a3608df53
Skip heartbeat on /healthz endpoint (#2333)
I managed to lose this in the rewrite.

Fixes #2327.
2020-11-18 12:19:08 -06:00
Anmol Sethi
40a7c11ce3
node/routes: Fix error handling
We should always send HTML if the user agent expects it.

If they do not, they should clearly indicate such via the Accept header.

Closes #2297
2020-11-13 18:44:28 -05:00
Asher
5499a3d125
Use baseUrl when redirecting from domain proxy
This will make the route more robust since it'll work under more than
just the root.
2020-11-12 11:23:52 -06:00
Asher
4574593664
Refactor vscode init to use async
Hopefully is a bit easier to read.
2020-11-10 18:21:20 -06:00
Asher
71850e312b
Avoid setting ?to=/
That's the default so it's extra visual noise.
2020-11-10 18:14:18 -06:00
Asher
b8340a2ae9
Close sockets correctly 2020-11-10 17:55:04 -06:00
Anmol Sethi
fe399ff0fe
Fix formatting 2020-11-06 14:47:08 -05:00