code-server/src/node/app/proxy.ts

import { logger } from "@coder/logger"
import * as http from "http"
import proxy from "http-proxy"
import * as net from "net"
import { HttpCode, HttpError } from "../../common/http"
import { HttpProvider, HttpProviderOptions, HttpProxyProvider, HttpResponse, Route } from "../http"

/**
 * Proxy HTTP provider.
 */
export class ProxyHttpProvider extends HttpProvider implements HttpProxyProvider {
  /**
   * Proxy domains are stored here without the leading `*.`
   */
  public readonly proxyDomains: string[]
  private readonly proxy = proxy.createProxyServer({})

  /**
   * Domains can be provided in the form `coder.com` or `*.coder.com`. Either
   * way, `<number>.coder.com` will be proxied to `number`.
   */
  public constructor(options: HttpProviderOptions, proxyDomains: string[] = []) {
    super(options)
    this.proxyDomains = proxyDomains.map((d) => d.replace(/^\*\./, "")).filter((d, i, arr) => arr.indexOf(d) === i)
    this.proxy.on("error", (error) => logger.warn(error.message))
  }

  public async handleRequest(
    route: Route,
    request: http.IncomingMessage,
    response: http.ServerResponse,
  ): Promise<HttpResponse> {
    const isRoot = !route.requestPath || route.requestPath === "/index.html"
    if (!this.authenticated(request)) {
      // Only redirect from the root. Other requests get an unauthorized error.
      if (isRoot) {
        return { redirect: "/login", query: { to: route.fullPath } }
      }
      throw new HttpError("Unauthorized", HttpCode.Unauthorized)
    }

    // Ensure there is a trailing slash so relative paths work correctly.
    const base = route.base.replace(/^\//, "")
    if (isRoot && !route.originalPath.endsWith("/")) {
      return {
        redirect: `/proxy/${base}/`,
      }
    }

    const payload = this.doProxy(route.requestPath, request, response, base)
    if (payload) {
      return payload
    }

    throw new HttpError("Not found", HttpCode.NotFound)
  }

  public async handleWebSocket(
    route: Route,
    request: http.IncomingMessage,
    socket: net.Socket,
    head: Buffer,
  ): Promise<void> {
    this.ensureAuthenticated(request)
    this.doProxy(route.requestPath, request, socket, head, route.base.replace(/^\//, ""))
  }

  public getCookieDomain(host: string): string {
    let current: string | undefined
    this.proxyDomains.forEach((domain) => {
      if (host.endsWith(domain) && (!current || domain.length < current.length)) {
        current = domain
      }
    })
    // Setting the domain to localhost doesn't seem to work for subdomains (for
    // example dev.localhost).
    return current && current !== "localhost" ? current : host
  }

  public maybeProxyRequest(
    route: Route,
    request: http.IncomingMessage,
    response: http.ServerResponse,
  ): HttpResponse | undefined {
    const port = this.getPort(request)
    return port ? this.doProxy(route.fullPath, request, response, port) : undefined
  }

  public maybeProxyWebSocket(
    route: Route,
    request: http.IncomingMessage,
    socket: net.Socket,
    head: Buffer,
  ): HttpResponse | undefined {
    const port = this.getPort(request)
    return port ? this.doProxy(route.fullPath, request, socket, head, port) : undefined
  }

  private getPort(request: http.IncomingMessage): string | undefined {
    // No proxy until we're authenticated. This will cause the login page to
    // show as well as let our assets keep loading normally.
    if (!this.authenticated(request)) {
      return undefined
    }

    // Split into parts.
    const host = request.headers.host || ""
    const idx = host.indexOf(":")
    const domain = idx !== -1 ? host.substring(0, idx) : host
    const parts = domain.split(".")

    // There must be an exact match.
    const port = parts.shift()
    const proxyDomain = parts.join(".")
    if (!port || !this.proxyDomains.includes(proxyDomain)) {
      return undefined
    }

    return port
  }

  private doProxy(
    path: string,
    request: http.IncomingMessage,
    response: http.ServerResponse,
    portStr: string,
  ): HttpResponse
  private doProxy(
    path: string,
    request: http.IncomingMessage,
    socket: net.Socket,
    head: Buffer,
    portStr: string,
  ): HttpResponse
  private doProxy(
    path: string,
    request: http.IncomingMessage,
    responseOrSocket: http.ServerResponse | net.Socket,
    headOrPortStr: Buffer | string,
    portStr?: string,
  ): HttpResponse {
    const _portStr = typeof headOrPortStr === "string" ? headOrPortStr : portStr
    if (!_portStr) {
      return {
        code: HttpCode.BadRequest,
        content: "Port must be provided",
      }
    }

    const port = parseInt(_portStr, 10)
    if (isNaN(port)) {
      return {
        code: HttpCode.BadRequest,
        content: `"${_portStr}" is not a valid number`,
      }
    }

    const options: proxy.ServerOptions = {
      autoRewrite: true,
      changeOrigin: true,
      ignorePath: true,
      target: `http://127.0.0.1:${port}${path}`,
    }

    if (responseOrSocket instanceof net.Socket) {
      this.proxy.ws(request, responseOrSocket, headOrPortStr, options)
    } else {
      this.proxy.web(request, responseOrSocket, options)
    }

    return { handled: true }
  }
}
Catch proxy errors Otherwise they'll crash code-server. 2020-03-25 04:34:31 +07:00			`import { logger } from "@coder/logger"`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`import * as http from "http"`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			`import proxy from "http-proxy"`
			`import * as net from "net"`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`import { HttpCode, HttpError } from "../../common/http"`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00			`import { HttpProvider, HttpProviderOptions, HttpProxyProvider, HttpResponse, Route } from "../http"`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00
			`/**`
			`* Proxy HTTP provider.`
			`*/`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00			`export class ProxyHttpProvider extends HttpProvider implements HttpProxyProvider {`
Only handle exact domain matches This simplifies the logic a bit. 2020-03-24 02:51:58 +07:00			`/**`
			* Proxy domains are stored here without the leading `*.`
			`*/`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00			`public readonly proxyDomains: string[]`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			`private readonly proxy = proxy.createProxyServer({})`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00
Only handle exact domain matches This simplifies the logic a bit. 2020-03-24 02:51:58 +07:00			`/**`
			* Domains can be provided in the form `coder.com` or `*.coder.com`. Either
			* way, `<number>.coder.com` will be proxied to `number`.
			`*/`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00			`public constructor(options: HttpProviderOptions, proxyDomains: string[] = []) {`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`super(options)`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00			`this.proxyDomains = proxyDomains.map((d) => d.replace(/^\*\./, "")).filter((d, i, arr) => arr.indexOf(d) === i)`
Catch proxy errors Otherwise they'll crash code-server. 2020-03-25 04:34:31 +07:00			`this.proxy.on("error", (error) => logger.warn(error.message))`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`}`

Implement the actual proxy 2020-03-24 06:02:31 +07:00			`public async handleRequest(`
			`route: Route,`
			`request: http.IncomingMessage,`
			`response: http.ServerResponse,`
			`): Promise<HttpResponse> {`
Ensure a trailing slash on subpath proxy 2020-04-01 00:59:07 +07:00			`const isRoot = !route.requestPath \|\| route.requestPath === "/index.html"`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00			`if (!this.authenticated(request)) {`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			`// Only redirect from the root. Other requests get an unauthorized error.`
Ensure a trailing slash on subpath proxy 2020-04-01 00:59:07 +07:00			`if (isRoot) {`
			`return { redirect: "/login", query: { to: route.fullPath } }`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00			`}`
Ensure a trailing slash on subpath proxy 2020-04-01 00:59:07 +07:00			`throw new HttpError("Unauthorized", HttpCode.Unauthorized)`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`}`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00
Ensure a trailing slash on subpath proxy 2020-04-01 00:59:07 +07:00			`// Ensure there is a trailing slash so relative paths work correctly.`
			`const base = route.base.replace(/^\//, "")`
			`if (isRoot && !route.originalPath.endsWith("/")) {`
			`return {`
			redirect: `/proxy/${base}/`,
			`}`
			`}`

			`const payload = this.doProxy(route.requestPath, request, response, base)`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00			`if (payload) {`
			`return payload`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`}`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00
			`throw new HttpError("Not found", HttpCode.NotFound)`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`}`

Implement the actual proxy 2020-03-24 06:02:31 +07:00			`public async handleWebSocket(`
			`route: Route,`
			`request: http.IncomingMessage,`
			`socket: net.Socket,`
			`head: Buffer,`
			`): Promise<void> {`
			`this.ensureAuthenticated(request)`
			`this.doProxy(route.requestPath, request, socket, head, route.base.replace(/^\//, ""))`
			`}`

Only handle exact domain matches This simplifies the logic a bit. 2020-03-24 02:51:58 +07:00			`public getCookieDomain(host: string): string {`
			`let current: string \| undefined`
			`this.proxyDomains.forEach((domain) => {`
			`if (host.endsWith(domain) && (!current \|\| domain.length < current.length)) {`
			`current = domain`
			`}`
			`})`
Fix domains with ports & localhost subdomains 2020-03-25 02:29:48 +07:00			`// Setting the domain to localhost doesn't seem to work for subdomains (for`
			`// example dev.localhost).`
			`return current && current !== "localhost" ? current : host`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`}`

Implement the actual proxy 2020-03-24 06:02:31 +07:00			`public maybeProxyRequest(`
			`route: Route,`
			`request: http.IncomingMessage,`
			`response: http.ServerResponse,`
			`): HttpResponse \| undefined {`
			`const port = this.getPort(request)`
			`return port ? this.doProxy(route.fullPath, request, response, port) : undefined`
			`}`

			`public maybeProxyWebSocket(`
			`route: Route,`
			`request: http.IncomingMessage,`
			`socket: net.Socket,`
			`head: Buffer,`
			`): HttpResponse \| undefined {`
			`const port = this.getPort(request)`
			`return port ? this.doProxy(route.fullPath, request, socket, head, port) : undefined`
			`}`

			`private getPort(request: http.IncomingMessage): string \| undefined {`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00			`// No proxy until we're authenticated. This will cause the login page to`
			`// show as well as let our assets keep loading normally.`
			`if (!this.authenticated(request)) {`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`return undefined`
			`}`

Fix domains with ports & localhost subdomains 2020-03-25 02:29:48 +07:00			`// Split into parts.`
			`const host = request.headers.host \|\| ""`
			`const idx = host.indexOf(":")`
			`const domain = idx !== -1 ? host.substring(0, idx) : host`
			`const parts = domain.split(".")`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00
Only handle exact domain matches This simplifies the logic a bit. 2020-03-24 02:51:58 +07:00			`// There must be an exact match.`
			`const port = parts.shift()`
			`const proxyDomain = parts.join(".")`
			`if (!port \|\| !this.proxyDomains.includes(proxyDomain)) {`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`return undefined`
			`}`

Implement the actual proxy 2020-03-24 06:02:31 +07:00			`return port`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`}`

Implement the actual proxy 2020-03-24 06:02:31 +07:00			`private doProxy(`
			`path: string,`
			`request: http.IncomingMessage,`
			`response: http.ServerResponse,`
			`portStr: string,`
			`): HttpResponse`
			`private doProxy(`
			`path: string,`
			`request: http.IncomingMessage,`
			`socket: net.Socket,`
			`head: Buffer,`
			`portStr: string,`
			`): HttpResponse`
			`private doProxy(`
			`path: string,`
			`request: http.IncomingMessage,`
			`responseOrSocket: http.ServerResponse \| net.Socket,`
			`headOrPortStr: Buffer \| string,`
			`portStr?: string,`
			`): HttpResponse {`
			`const _portStr = typeof headOrPortStr === "string" ? headOrPortStr : portStr`
			`if (!_portStr) {`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`return {`
			`code: HttpCode.BadRequest,`
			`content: "Port must be provided",`
			`}`
			`}`
Implement the actual proxy 2020-03-24 06:02:31 +07:00
			`const port = parseInt(_portStr, 10)`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`if (isNaN(port)) {`
			`return {`
			`code: HttpCode.BadRequest,`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			content: `"${_portStr}" is not a valid number`,
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`}`
			`}`
Implement the actual proxy 2020-03-24 06:02:31 +07:00
			`const options: proxy.ServerOptions = {`
			`autoRewrite: true,`
			`changeOrigin: true,`
			`ignorePath: true,`
			target: `http://127.0.0.1:${port}${path}`,
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`}`
Implement the actual proxy 2020-03-24 06:02:31 +07:00
			`if (responseOrSocket instanceof net.Socket) {`
			`this.proxy.ws(request, responseOrSocket, headOrPortStr, options)`
			`} else {`
			`this.proxy.web(request, responseOrSocket, options)`
			`}`

			`return { handled: true }`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`}`
			`}`