Force certificates
This commit is contained in:
parent
e8174095ca
commit
43048c6d12
|
@ -3,14 +3,14 @@
|
|||
|
||||
<head>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1">
|
||||
<title>Coder</title>
|
||||
<title>Authenticate: code-server</title>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="login">
|
||||
<div class="back">
|
||||
<- Back </div>
|
||||
<!-- <h4 class="title">AWS Cloud</h4> -->
|
||||
<h4 class="title">code-server</h4>
|
||||
<h2 class="subtitle">
|
||||
Enter server password
|
||||
</h2>
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
import * as fs from "fs";
|
||||
import * as path from "path";
|
||||
import * as os from "os";
|
||||
import { isCli, buildDir } from "./constants";
|
||||
|
||||
declare var __non_webpack_require__: typeof require;
|
||||
|
@ -19,7 +20,7 @@ export const setup = (dataDirectory: string): void => {
|
|||
}
|
||||
|
||||
return currentDir;
|
||||
}); // Might need path.sep here for linux. Having it for windows causes an error because \C:\Users ...
|
||||
}, os.platform() === "win32" ? undefined! : path.sep); // Might need path.sep here for linux. Having it for windows causes an error because \C:\Users ...
|
||||
|
||||
const unpackModule = (moduleName: string): void => {
|
||||
const memFile = path.join(isCli ? buildDir! : path.join(__dirname, ".."), "build/dependencies", moduleName);
|
||||
|
|
|
@ -86,6 +86,18 @@ export const createApp = async (options: CreateAppOptions): Promise<{
|
|||
options.registerMiddleware(app);
|
||||
}
|
||||
|
||||
interface CertificateInfo {
|
||||
readonly key: string;
|
||||
// tslint:disable-next-line:no-any
|
||||
readonly cert: any;
|
||||
}
|
||||
|
||||
const certs = await new Promise<CertificateInfo>(async (resolve, reject): Promise<void> => {
|
||||
const selfSignedKeyPath = path.join(options.serverOptions!.dataDirectory, "self-signed.key");
|
||||
const selfSignedCertPath = path.join(options.serverOptions!.dataDirectory, "self-signed.cert");
|
||||
|
||||
if (!fs.existsSync(selfSignedKeyPath) || !fs.existsSync(selfSignedCertPath)) {
|
||||
try {
|
||||
const certs = await new Promise<pem.CertificateCreationResult>((res, rej): void => {
|
||||
pem.createCertificate({
|
||||
selfSigned: true,
|
||||
|
@ -100,10 +112,20 @@ export const createApp = async (options: CreateAppOptions): Promise<{
|
|||
});
|
||||
});
|
||||
|
||||
const server = httpolyglot.createServer({
|
||||
key: certs.serviceKey,
|
||||
cert: certs.certificate,
|
||||
}, app) as http.Server;
|
||||
fs.writeFileSync(selfSignedKeyPath, certs.serviceKey);
|
||||
fs.writeFileSync(selfSignedCertPath, certs.certificate);
|
||||
} catch (ex) {
|
||||
return reject(ex);
|
||||
}
|
||||
}
|
||||
|
||||
resolve({
|
||||
cert: fs.readFileSync(selfSignedCertPath).toString(),
|
||||
key: fs.readFileSync(selfSignedKeyPath).toString(),
|
||||
});
|
||||
});
|
||||
|
||||
const server = httpolyglot.createServer(options.httpsOptions || certs, app) as http.Server;
|
||||
const wss = new ws.Server({ server });
|
||||
|
||||
wss.shouldHandle = (req): boolean => {
|
||||
|
@ -161,6 +183,10 @@ export const createApp = async (options: CreateAppOptions): Promise<{
|
|||
const authStaticFunc = expressStaticGzip(path.join(baseDir, "build/web/auth"));
|
||||
const unauthStaticFunc = expressStaticGzip(path.join(baseDir, "build/web/unauth"));
|
||||
app.use((req, res, next) => {
|
||||
if (!isEncrypted(req.socket)) {
|
||||
return res.redirect(301, `https://${req.headers.host!}${req.path}`);
|
||||
}
|
||||
|
||||
if (isAuthed(req)) {
|
||||
// We can serve the actual VSCode bin
|
||||
authStaticFunc(req, res, next);
|
||||
|
|
Loading…
Reference in New Issue