Archived
1
0
Commit Graph

113 Commits

Author SHA1 Message Date
Asher
b9c80b8520
Merge pull request #3178 from code-asher/connections
Minor connections refactor
2021-04-21 12:22:45 -05:00
Asher
f0bafa387f
Move connection logic into connection class
- Moved everything I could into the class itself.
- Improve the logging situation a bit.
- Switch some trace logs to debug.
- Get debug port from message arguments.
2021-04-21 11:48:45 -05:00
Joe Previte
f80d5c3764
refactor: rateLimiter.canTry logic to check >= 1 2021-04-19 13:14:19 -07:00
Joe Previte
7a5042176e
fix: update logic for removing token from limiter 2021-04-19 11:12:43 -07:00
Joe Previte
a3f18d6158
refactor: change limiter.Try() to .removeToken() 2021-04-19 10:57:50 -07:00
Joe Previte
d8e45057c7
refactor: update rateLimiter to check try
This changes adds a new method called `.canTry` to the rate limiter to check if
there are tokens remaining in the bucket.

It also adds suggestions from @oxy to make sure the user can brute force past
the rate limiter.
2021-04-19 10:40:59 -07:00
Joe Previte
08521077f0
refactor(login): move rate limiter after successful login
Before, we weren't checking if a login was successful before counting it
against the rate limiter.

With this change, we only count unsuccessful logins against the rate limiter.

We did this because this was a bug but also because it caused problems with our
e2e tests hitting the rate limit.
2021-04-19 10:40:59 -07:00
Joe Previte
4683d8a077
fix: update comment and export rateLimiter 2021-04-19 10:40:58 -07:00
Asher
18ace7b906
Don't send permessage-deflate header if not supported (#2993) 2021-03-29 12:59:36 -05:00
Asher
5a1f62a8fb
Support permessage-deflate web socket extension (#2846) 2021-03-10 13:14:24 -06:00
Asher
4d3d1b844d
Handle permessage-deflate on sockets
With this the extension host is working again.
2021-03-02 17:18:49 -06:00
Joe Previte
b02d2fb3cc
feat: add cookie utils for e2e tests 2021-02-22 13:41:10 -07:00
Asher
2d8b785fb8
Fix health socket not getting client messages
Forgot to resume. Went ahead and did the same for the test plugin
although it only sends messages and doesn't receive any.
2021-02-16 15:01:46 -06:00
Asher
619934dc29
Authenticate plugin routes (#2720) 2021-02-12 14:56:39 -06:00
Asher
e4e0ac43b0
Don't load plugins in tests
This can affect the test behavior and results.
2021-02-09 15:39:57 -06:00
Asher
3226d50747
Rename papi to pluginApi 2021-02-09 13:09:40 -06:00
Asher
2fe3d57df3
Mount plugins before bodyParser
Otherwise it consumes the body and plugins won't be able to do things
like proxy POST requests.
2021-02-09 13:09:39 -06:00
Asher
36aad9bdab
Move global express args definition
This way tests that import the http utilities but not the routes won't
error due to missing types.
2021-02-09 13:09:36 -06:00
Asher
b13db3124b
Add health websocket
This is used by some of our services.
2021-02-09 13:09:33 -06:00
Asher
00cfd9bdf1
Add working directory to plugin config 2021-02-09 13:09:31 -06:00
Asher
017b1cc633
Add deinit for plugins 2021-02-09 13:09:29 -06:00
Asher
055e0ef9ec
Provide WsRouter to plugins 2021-02-09 13:09:27 -06:00
Anmol Sethi
c08e3bb06d
Add /absproxy to remove --proxy-path-passthrough
See https://github.com/cdr/code-server/issues/2222#issuecomment-765235938

Makes way more sense.
2021-02-05 11:44:34 -05:00
Anmol Sethi
58d72d53a1
routes/index.ts: register proxy routes before body-parser
Any json or urlencoded request bodies were being consumed by body-parser
before they could be proxied. That's why requests without Content-Type
were proxied correctly as body-parser would not consume their body.

This allows the http-proxy package to passthrough the request body correctly
in all instances.

Closes #2377
2021-02-01 11:08:40 -05:00
Anmol Sethi
f5cf3fd331
proxy.ts: Do not always rewrite redirects against the base path
This breaks --proxy-path-passthrough

However, we still need this when that code is disabled as many apps will
issue absolute redirects and expect the proxy to rewrite as appropriate.

e.g. Go's http.Redirect will rewrite relative redirects as absolute!
See https://golang.org/pkg/net/http/#Redirect
2021-02-01 11:08:40 -05:00
Anmol Sethi
c32d8b155f
heart.ts: Fix leak when server closes
This had me very confused for quite a while until I did a binary search
inspection on route/index.ts. Only with the heart.beat line commented
out did my tests pass without leaking.

They weren't leaking fds but just this heartbeat timer and node of
course prints just fds that are active when it detects some sort of leak
I guess and that made the whole thing very confusing. These fds are not
leaked and will close when node's event loop detects there are no more
callbacks to run.

no of handles 3

tcp stream {
  fd: 20,
  readable: false,
  writable: true,
  address: {},
  serverAddr: null
}

tcp stream {
  fd: 22,
  readable: false,
  writable: true,
  address: {},
  serverAddr: null
}

tcp stream {
  fd: 23,
  readable: true,
  writable: false,
  address: {},
  serverAddr: null
}

It kept printing the above text again and again for 60s and then the
test binary times out I think. I'm not sure if it was node printing the
stuff above or if it was a mocha thing. But it was really confusing...

cc @code-asher for thoughts on what was going on.

edit: It was the leaked-handles import in socket.test.ts!!!
Not sure if we should keep it, this was really confusing and misleading.
2021-01-20 02:06:44 -05:00
Anmol Sethi
ba4a24809c
routes/index.ts: Correctly register wsErrorHandler
express requires all 4 arguments to be declared for a error handler.
It's very unfortunate that our types do not handle this.
2021-01-20 02:06:43 -05:00
Anmol Sethi
f169e3ac66
pathProxy.ts: Implement --proxy-path-passthrough
Closes #2222
2021-01-20 02:06:43 -05:00
Asher
f763319bc3
Merge pull request #2160 from cdr/github-auth
Fix GitHub auth
2020-12-18 10:54:51 -08:00
Asher
5f7f7f1a92
Simplify query concatenation in URL callback
Cases in URLs like ?&a=b or ?a=b& appear to be handled just fine.
2020-12-18 11:31:25 -06:00
Anmol Sethi
60c270aef5
cli: hashedPassword -> hashed-password (#2454)
Capital letters in the CLI are evil.

cc @code-asher
2020-12-18 12:20:38 -05:00
Asher
58c1be57fa
Implement callback endpoints
VS Code uses these during the authentication flow.
2020-12-17 15:49:36 -06:00
Anmol Sethi
244afa402e
routes: Redirect from /login when auth is disabled (#2456)
Sometimes I start with auth but then disable. Now I can just reload the
login page in my browser to be greeted with code-server.
2020-12-14 12:33:36 -05:00
SPGoding
1dd7e4b4e1
Add hashedPassword config (#2409)
Resolve #2225.
2020-12-08 14:54:17 -06:00
Anmol Sethi
cc18175ce3
cli: Add --disable-update-check flag
Closes #2361
2020-11-30 15:30:06 -05:00
Anmol Sethi
fb63c0cd22
vscode: Show notification when upgrade is available
And link to the release notes.
2020-11-24 12:13:21 -05:00
Asher
72caafe8b0
Fix service worker not loading (#2335)
I removed this under the impression the default was to allow it anywhere
but that's not the case. Since the service worker was already registered
in my browser I never got the error during testing.
2020-11-19 10:18:15 -06:00
Asher
182791319a
Fix tar authentication
It was checking the request path but for tars the path is in the query
variable so the request path is irrelevant.
2020-11-18 17:15:53 -06:00
Asher
2a3608df53
Skip heartbeat on /healthz endpoint (#2333)
I managed to lose this in the rewrite.

Fixes #2327.
2020-11-18 12:19:08 -06:00
Anmol Sethi
40a7c11ce3
node/routes: Fix error handling
We should always send HTML if the user agent expects it.

If they do not, they should clearly indicate such via the Accept header.

Closes #2297
2020-11-13 18:44:28 -05:00
Asher
5499a3d125
Use baseUrl when redirecting from domain proxy
This will make the route more robust since it'll work under more than
just the root.
2020-11-12 11:23:52 -06:00
Asher
4574593664
Refactor vscode init to use async
Hopefully is a bit easier to read.
2020-11-10 18:21:20 -06:00
Asher
71850e312b
Avoid setting ?to=/
That's the default so it's extra visual noise.
2020-11-10 18:14:18 -06:00
Asher
b8340a2ae9
Close sockets correctly 2020-11-10 17:55:04 -06:00
Anmol Sethi
fe399ff0fe
Fix formatting 2020-11-06 14:47:08 -05:00
Anmol Sethi
706bc23f04
plugin: Fixes for CI 2020-11-06 10:13:01 -05:00
Anmol Sethi
af73b96313
routes/apps.ts: Add example output 2020-11-06 10:12:47 -05:00
Anmol Sethi
139a28e0ea
plugin.ts: Describe private counterpart functions
Addresses Will's comments.
2020-11-06 10:12:46 -05:00
Anmol Sethi
e03bbe3149
routes/apps.ts: Implement /api/applications endpoint 2020-11-06 10:12:46 -05:00
Anmol Sethi
e08a55d44a
src/node/plugin.ts: Implement new plugin API 2020-11-06 10:12:45 -05:00
Asher
f7076247f9
Move domain proxy to routes
This matches better with the other routes.

Also add a missing authentication check to the path proxy web socket.
2020-11-05 17:07:32 -06:00
Asher
cb991a9143
Handle errors for JSON requests
Previously it would have just given them the error HTML.
2020-11-05 15:19:56 -06:00
Asher
7b2752a62c
Move websocket routes into a separate app
This is mostly so we don't have to do any wacky patching but it also
makes it so we don't have to keep checking if the request is a web
socket request every time we add middleware.
2020-11-05 15:08:09 -06:00
Asher
9e09c1f92b
Upgrade to Express 5
Now async routes are handled!
2020-11-05 15:08:08 -06:00
Asher
34225e2bdf
Use ensureAuthenticated as middleware 2020-11-04 17:07:40 -06:00
Asher
210fc049c4
Document VS Code endpoints 2020-11-04 17:07:39 -06:00
Asher
e5c8e0aad1
Remove useless || 2020-11-04 17:07:38 -06:00
Asher
c5ce365482
Use query variable to force update check 2020-11-04 17:07:37 -06:00
Asher
1067507c41
Proxy to 0.0.0.0 instead of localhost 2020-11-03 14:28:48 -06:00
Asher
6ab6cb4f07
Fix error handler types 2020-10-27 17:20:13 -05:00
Asher
6422a8d74b
Fix webview resource path 2020-10-27 17:17:05 -05:00
Asher
112eda4605
Convert routes to Express 2020-10-26 17:56:13 -05:00
Asher
9f25cc6d5d
Move providers from app to routes 2020-10-20 16:18:27 -05:00