Commit Graph

65 Commits

Author SHA1 Message Date
Asher 49c26f70f7
Add logout route 2021-05-04 13:29:39 -05:00
Asher e7a527514a
Add authed context key 2021-05-03 15:00:54 -05:00
Asher b9c80b8520
Merge pull request #3178 from code-asher/connections
Minor connections refactor
2021-04-21 12:22:45 -05:00
Asher f0bafa387f
Move connection logic into connection class
- Moved everything I could into the class itself.
- Improve the logging situation a bit.
- Switch some trace logs to debug.
- Get debug port from message arguments.
2021-04-21 11:48:45 -05:00
Joe Previte f80d5c3764
refactor: rateLimiter.canTry logic to check >= 1 2021-04-19 13:14:19 -07:00
Joe Previte 7a5042176e
fix: update logic for removing token from limiter 2021-04-19 11:12:43 -07:00
Joe Previte a3f18d6158
refactor: change limiter.Try() to .removeToken() 2021-04-19 10:57:50 -07:00
Joe Previte d8e45057c7
refactor: update rateLimiter to check try
This changes adds a new method called `.canTry` to the rate limiter to check if
there are tokens remaining in the bucket.

It also adds suggestions from @oxy to make sure the user can brute force past
the rate limiter.
2021-04-19 10:40:59 -07:00
Joe Previte 08521077f0
refactor(login): move rate limiter after successful login
Before, we weren't checking if a login was successful before counting it
against the rate limiter.

With this change, we only count unsuccessful logins against the rate limiter.

We did this because this was a bug but also because it caused problems with our
e2e tests hitting the rate limit.
2021-04-19 10:40:59 -07:00
Joe Previte 4683d8a077
fix: update comment and export rateLimiter 2021-04-19 10:40:58 -07:00
Asher 18ace7b906
Don't send permessage-deflate header if not supported (#2993) 2021-03-29 12:59:36 -05:00
Asher 5a1f62a8fb
Support permessage-deflate web socket extension (#2846) 2021-03-10 13:14:24 -06:00
Asher 4d3d1b844d
Handle permessage-deflate on sockets
With this the extension host is working again.
2021-03-02 17:18:49 -06:00
Joe Previte b02d2fb3cc
feat: add cookie utils for e2e tests 2021-02-22 13:41:10 -07:00
Asher 2d8b785fb8
Fix health socket not getting client messages
Forgot to resume. Went ahead and did the same for the test plugin
although it only sends messages and doesn't receive any.
2021-02-16 15:01:46 -06:00
Asher 619934dc29
Authenticate plugin routes (#2720) 2021-02-12 14:56:39 -06:00
Asher e4e0ac43b0
Don't load plugins in tests
This can affect the test behavior and results.
2021-02-09 15:39:57 -06:00
Asher 3226d50747
Rename papi to pluginApi 2021-02-09 13:09:40 -06:00
Asher 2fe3d57df3
Mount plugins before bodyParser
Otherwise it consumes the body and plugins won't be able to do things
like proxy POST requests.
2021-02-09 13:09:39 -06:00
Asher 36aad9bdab
Move global express args definition
This way tests that import the http utilities but not the routes won't
error due to missing types.
2021-02-09 13:09:36 -06:00
Asher b13db3124b
Add health websocket
This is used by some of our services.
2021-02-09 13:09:33 -06:00
Asher 00cfd9bdf1
Add working directory to plugin config 2021-02-09 13:09:31 -06:00
Asher 017b1cc633
Add deinit for plugins 2021-02-09 13:09:29 -06:00
Asher 055e0ef9ec
Provide WsRouter to plugins 2021-02-09 13:09:27 -06:00
Anmol Sethi c08e3bb06d
Add /absproxy to remove --proxy-path-passthrough
See https://github.com/cdr/code-server/issues/2222#issuecomment-765235938

Makes way more sense.
2021-02-05 11:44:34 -05:00
Anmol Sethi 58d72d53a1
routes/index.ts: register proxy routes before body-parser
Any json or urlencoded request bodies were being consumed by body-parser
before they could be proxied. That's why requests without Content-Type
were proxied correctly as body-parser would not consume their body.

This allows the http-proxy package to passthrough the request body correctly
in all instances.

Closes #2377
2021-02-01 11:08:40 -05:00
Anmol Sethi f5cf3fd331
proxy.ts: Do not always rewrite redirects against the base path
This breaks --proxy-path-passthrough

However, we still need this when that code is disabled as many apps will
issue absolute redirects and expect the proxy to rewrite as appropriate.

e.g. Go's http.Redirect will rewrite relative redirects as absolute!
See https://golang.org/pkg/net/http/#Redirect
2021-02-01 11:08:40 -05:00
Anmol Sethi c32d8b155f
heart.ts: Fix leak when server closes
This had me very confused for quite a while until I did a binary search
inspection on route/index.ts. Only with the heart.beat line commented
out did my tests pass without leaking.

They weren't leaking fds but just this heartbeat timer and node of
course prints just fds that are active when it detects some sort of leak
I guess and that made the whole thing very confusing. These fds are not
leaked and will close when node's event loop detects there are no more
callbacks to run.

no of handles 3

tcp stream {
  fd: 20,
  readable: false,
  writable: true,
  address: {},
  serverAddr: null
}

tcp stream {
  fd: 22,
  readable: false,
  writable: true,
  address: {},
  serverAddr: null
}

tcp stream {
  fd: 23,
  readable: true,
  writable: false,
  address: {},
  serverAddr: null
}

It kept printing the above text again and again for 60s and then the
test binary times out I think. I'm not sure if it was node printing the
stuff above or if it was a mocha thing. But it was really confusing...

cc @code-asher for thoughts on what was going on.

edit: It was the leaked-handles import in socket.test.ts!!!
Not sure if we should keep it, this was really confusing and misleading.
2021-01-20 02:06:44 -05:00
Anmol Sethi ba4a24809c
routes/index.ts: Correctly register wsErrorHandler
express requires all 4 arguments to be declared for a error handler.
It's very unfortunate that our types do not handle this.
2021-01-20 02:06:43 -05:00
Anmol Sethi f169e3ac66
pathProxy.ts: Implement --proxy-path-passthrough
Closes #2222
2021-01-20 02:06:43 -05:00
Asher f763319bc3
Merge pull request #2160 from cdr/github-auth
Fix GitHub auth
2020-12-18 10:54:51 -08:00
Asher 5f7f7f1a92
Simplify query concatenation in URL callback
Cases in URLs like ?&a=b or ?a=b& appear to be handled just fine.
2020-12-18 11:31:25 -06:00
Anmol Sethi 60c270aef5
cli: hashedPassword -> hashed-password (#2454)
Capital letters in the CLI are evil.

cc @code-asher
2020-12-18 12:20:38 -05:00
Asher 58c1be57fa
Implement callback endpoints
VS Code uses these during the authentication flow.
2020-12-17 15:49:36 -06:00
Anmol Sethi 244afa402e
routes: Redirect from /login when auth is disabled (#2456)
Sometimes I start with auth but then disable. Now I can just reload the
login page in my browser to be greeted with code-server.
2020-12-14 12:33:36 -05:00
SPGoding 1dd7e4b4e1
Add hashedPassword config (#2409)
Resolve #2225.
2020-12-08 14:54:17 -06:00
Anmol Sethi cc18175ce3
cli: Add --disable-update-check flag
Closes #2361
2020-11-30 15:30:06 -05:00
Anmol Sethi fb63c0cd22
vscode: Show notification when upgrade is available
And link to the release notes.
2020-11-24 12:13:21 -05:00
Asher 72caafe8b0
Fix service worker not loading (#2335)
I removed this under the impression the default was to allow it anywhere
but that's not the case. Since the service worker was already registered
in my browser I never got the error during testing.
2020-11-19 10:18:15 -06:00
Asher 182791319a
Fix tar authentication
It was checking the request path but for tars the path is in the query
variable so the request path is irrelevant.
2020-11-18 17:15:53 -06:00
Asher 2a3608df53
Skip heartbeat on /healthz endpoint (#2333)
I managed to lose this in the rewrite.

Fixes #2327.
2020-11-18 12:19:08 -06:00
Anmol Sethi 40a7c11ce3
node/routes: Fix error handling
We should always send HTML if the user agent expects it.

If they do not, they should clearly indicate such via the Accept header.

Closes #2297
2020-11-13 18:44:28 -05:00
Asher 5499a3d125
Use baseUrl when redirecting from domain proxy
This will make the route more robust since it'll work under more than
just the root.
2020-11-12 11:23:52 -06:00
Asher 4574593664
Refactor vscode init to use async
Hopefully is a bit easier to read.
2020-11-10 18:21:20 -06:00
Asher 71850e312b
Avoid setting ?to=/
That's the default so it's extra visual noise.
2020-11-10 18:14:18 -06:00
Asher b8340a2ae9
Close sockets correctly 2020-11-10 17:55:04 -06:00
Anmol Sethi fe399ff0fe
Fix formatting 2020-11-06 14:47:08 -05:00
Anmol Sethi 706bc23f04
plugin: Fixes for CI 2020-11-06 10:13:01 -05:00
Anmol Sethi af73b96313
routes/apps.ts: Add example output 2020-11-06 10:12:47 -05:00
Anmol Sethi 139a28e0ea
plugin.ts: Describe private counterpart functions
Addresses Will's comments.
2020-11-06 10:12:46 -05:00