code-server/src/node/app/proxy.ts

import { logger } from "@coder/logger"
import * as http from "http"
import proxy from "http-proxy"
import * as net from "net"
import * as querystring from "querystring"
import { HttpCode, HttpError } from "../../common/http"
import { HttpProvider, HttpProviderOptions, HttpProxyProvider, HttpResponse, Route } from "../http"

interface Request extends http.IncomingMessage {
  base?: string
}

/**
 * Proxy HTTP provider.
 */
export class ProxyHttpProvider extends HttpProvider implements HttpProxyProvider {
  /**
   * Proxy domains are stored here without the leading `*.`
   */
  public readonly proxyDomains: string[]
  private readonly proxy = proxy.createProxyServer({})

  /**
   * Domains can be provided in the form `coder.com` or `*.coder.com`. Either
   * way, `<number>.coder.com` will be proxied to `number`.
   */
  public constructor(options: HttpProviderOptions, proxyDomains: string[] = []) {
    super(options)
    this.proxyDomains = proxyDomains.map((d) => d.replace(/^\*\./, "")).filter((d, i, arr) => arr.indexOf(d) === i)
    this.proxy.on("error", (error) => logger.warn(error.message))
    // Intercept the response to rewrite absolute redirects against the base path.
    this.proxy.on("proxyRes", (response, request: Request) => {
      if (response.headers.location && response.headers.location.startsWith("/") && request.base) {
        response.headers.location = request.base + response.headers.location
      }
    })
  }

  public async handleRequest(
    route: Route,
    request: http.IncomingMessage,
    response: http.ServerResponse,
  ): Promise<HttpResponse> {
    const isRoot = !route.requestPath || route.requestPath === "/index.html"
    if (!this.authenticated(request)) {
      // Only redirect from the root. Other requests get an unauthorized error.
      if (isRoot) {
        return { redirect: "/login", query: { to: route.fullPath } }
      }
      throw new HttpError("Unauthorized", HttpCode.Unauthorized)
    }

    // Ensure there is a trailing slash so relative paths work correctly.
    const port = route.base.replace(/^\//, "")
    const base = `${this.options.base}/${port}`
    if (isRoot && !route.fullPath.endsWith("/")) {
      return {
        redirect: `${base}/`,
      }
    }

    const payload = this.doProxy(route, request, response, port, base)
    if (payload) {
      return payload
    }

    throw new HttpError("Not found", HttpCode.NotFound)
  }

  public async handleWebSocket(
    route: Route,
    request: http.IncomingMessage,
    socket: net.Socket,
    head: Buffer,
  ): Promise<void> {
    this.ensureAuthenticated(request)
    const port = route.base.replace(/^\//, "")
    const base = `${this.options.base}/${port}`
    this.doProxy(route, request, { socket, head }, port, base)
  }

  public getCookieDomain(host: string): string {
    let current: string | undefined
    this.proxyDomains.forEach((domain) => {
      if (host.endsWith(domain) && (!current || domain.length < current.length)) {
        current = domain
      }
    })
    // Setting the domain to localhost doesn't seem to work for subdomains (for
    // example dev.localhost).
    return current && current !== "localhost" ? current : host
  }

  public maybeProxyRequest(
    route: Route,
    request: http.IncomingMessage,
    response: http.ServerResponse,
  ): HttpResponse | undefined {
    const port = this.getPort(request)
    return port ? this.doProxy(route, request, response, port) : undefined
  }

  public maybeProxyWebSocket(
    route: Route,
    request: http.IncomingMessage,
    socket: net.Socket,
    head: Buffer,
  ): HttpResponse | undefined {
    const port = this.getPort(request)
    return port ? this.doProxy(route, request, { socket, head }, port) : undefined
  }

  private getPort(request: http.IncomingMessage): string | undefined {
    // No proxy until we're authenticated. This will cause the login page to
    // show as well as let our assets keep loading normally.
    if (!this.authenticated(request)) {
      return undefined
    }

    // Split into parts.
    const host = request.headers.host || ""
    const idx = host.indexOf(":")
    const domain = idx !== -1 ? host.substring(0, idx) : host
    const parts = domain.split(".")

    // There must be an exact match.
    const port = parts.shift()
    const proxyDomain = parts.join(".")
    if (!port || !this.proxyDomains.includes(proxyDomain)) {
      return undefined
    }

    return port
  }

  private doProxy(
    route: Route,
    request: http.IncomingMessage,
    response: http.ServerResponse,
    portStr: string,
    base?: string,
  ): HttpResponse
  private doProxy(
    route: Route,
    request: http.IncomingMessage,
    response: { socket: net.Socket; head: Buffer },
    portStr: string,
    base?: string,
  ): HttpResponse
  private doProxy(
    route: Route,
    request: http.IncomingMessage,
    response: http.ServerResponse | { socket: net.Socket; head: Buffer },
    portStr: string,
    base?: string,
  ): HttpResponse {
    const port = parseInt(portStr, 10)
    if (isNaN(port)) {
      return {
        code: HttpCode.BadRequest,
        content: `"${portStr}" is not a valid number`,
      }
    }

    // REVIEW: Absolute redirects need to be based on the subpath but I'm not
    // sure how best to get this information to the `proxyRes` event handler.
    // For now I'm sticking it on the request object which is passed through to
    // the event.
    ;(request as Request).base = base

    const hxxp = response instanceof http.ServerResponse
    const path = base ? route.fullPath.replace(base, "") : route.fullPath
    const options: proxy.ServerOptions = {
      changeOrigin: true,
      ignorePath: true,
      target: `${hxxp ? "http" : "ws"}://127.0.0.1:${port}${path}${
        Object.keys(route.query).length > 0 ? `?${querystring.stringify(route.query)}` : ""
      }`,
      ws: !hxxp,
    }

    if (response instanceof http.ServerResponse) {
      this.proxy.web(request, response, options)
    } else {
      this.proxy.ws(request, response.socket, response.head, options)
    }

    return { handled: true }
  }
}
Catch proxy errors Otherwise they'll crash code-server. 2020-03-25 04:34:31 +07:00			`import { logger } from "@coder/logger"`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`import * as http from "http"`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			`import proxy from "http-proxy"`
			`import * as net from "net"`
Include query parameters when proxying 2020-04-01 01:11:35 +07:00			`import * as querystring from "querystring"`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`import { HttpCode, HttpError } from "../../common/http"`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00			`import { HttpProvider, HttpProviderOptions, HttpProxyProvider, HttpResponse, Route } from "../http"`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			`interface Request extends http.IncomingMessage {`
			`base?: string`
			`}`

Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`/**`
			`* Proxy HTTP provider.`
			`*/`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00			`export class ProxyHttpProvider extends HttpProvider implements HttpProxyProvider {`
Only handle exact domain matches This simplifies the logic a bit. 2020-03-24 02:51:58 +07:00			`/**`
			* Proxy domains are stored here without the leading `*.`
			`*/`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00			`public readonly proxyDomains: string[]`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			`private readonly proxy = proxy.createProxyServer({})`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00
Only handle exact domain matches This simplifies the logic a bit. 2020-03-24 02:51:58 +07:00			`/**`
			* Domains can be provided in the form `coder.com` or `*.coder.com`. Either
			* way, `<number>.coder.com` will be proxied to `number`.
			`*/`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00			`public constructor(options: HttpProviderOptions, proxyDomains: string[] = []) {`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`super(options)`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00			`this.proxyDomains = proxyDomains.map((d) => d.replace(/^\*\./, "")).filter((d, i, arr) => arr.indexOf(d) === i)`
Catch proxy errors Otherwise they'll crash code-server. 2020-03-25 04:34:31 +07:00			`this.proxy.on("error", (error) => logger.warn(error.message))`
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			`// Intercept the response to rewrite absolute redirects against the base path.`
			`this.proxy.on("proxyRes", (response, request: Request) => {`
			`if (response.headers.location && response.headers.location.startsWith("/") && request.base) {`
			`response.headers.location = request.base + response.headers.location`
			`}`
			`})`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`}`

Implement the actual proxy 2020-03-24 06:02:31 +07:00			`public async handleRequest(`
			`route: Route,`
			`request: http.IncomingMessage,`
			`response: http.ServerResponse,`
			`): Promise<HttpResponse> {`
Ensure a trailing slash on subpath proxy 2020-04-01 00:59:07 +07:00			`const isRoot = !route.requestPath \|\| route.requestPath === "/index.html"`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00			`if (!this.authenticated(request)) {`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			`// Only redirect from the root. Other requests get an unauthorized error.`
Ensure a trailing slash on subpath proxy 2020-04-01 00:59:07 +07:00			`if (isRoot) {`
			`return { redirect: "/login", query: { to: route.fullPath } }`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00			`}`
Ensure a trailing slash on subpath proxy 2020-04-01 00:59:07 +07:00			`throw new HttpError("Unauthorized", HttpCode.Unauthorized)`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`}`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00
Ensure a trailing slash on subpath proxy 2020-04-01 00:59:07 +07:00			`// Ensure there is a trailing slash so relative paths work correctly.`
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			`const port = route.base.replace(/^\//, "")`
			const base = `${this.options.base}/${port}`
			`if (isRoot && !route.fullPath.endsWith("/")) {`
Ensure a trailing slash on subpath proxy 2020-04-01 00:59:07 +07:00			`return {`
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			redirect: `${base}/`,
Ensure a trailing slash on subpath proxy 2020-04-01 00:59:07 +07:00			`}`
			`}`

Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			`const payload = this.doProxy(route, request, response, port, base)`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00			`if (payload) {`
			`return payload`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`}`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00
			`throw new HttpError("Not found", HttpCode.NotFound)`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`}`

Implement the actual proxy 2020-03-24 06:02:31 +07:00			`public async handleWebSocket(`
			`route: Route,`
			`request: http.IncomingMessage,`
			`socket: net.Socket,`
			`head: Buffer,`
			`): Promise<void> {`
			`this.ensureAuthenticated(request)`
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			`const port = route.base.replace(/^\//, "")`
			const base = `${this.options.base}/${port}`
			`this.doProxy(route, request, { socket, head }, port, base)`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			`}`

Only handle exact domain matches This simplifies the logic a bit. 2020-03-24 02:51:58 +07:00			`public getCookieDomain(host: string): string {`
			`let current: string \| undefined`
			`this.proxyDomains.forEach((domain) => {`
			`if (host.endsWith(domain) && (!current \|\| domain.length < current.length)) {`
			`current = domain`
			`}`
			`})`
Fix domains with ports & localhost subdomains 2020-03-25 02:29:48 +07:00			`// Setting the domain to localhost doesn't seem to work for subdomains (for`
			`// example dev.localhost).`
			`return current && current !== "localhost" ? current : host`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`}`

Implement the actual proxy 2020-03-24 06:02:31 +07:00			`public maybeProxyRequest(`
			`route: Route,`
			`request: http.IncomingMessage,`
			`response: http.ServerResponse,`
			`): HttpResponse \| undefined {`
			`const port = this.getPort(request)`
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			`return port ? this.doProxy(route, request, response, port) : undefined`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			`}`

			`public maybeProxyWebSocket(`
			`route: Route,`
			`request: http.IncomingMessage,`
			`socket: net.Socket,`
			`head: Buffer,`
			`): HttpResponse \| undefined {`
			`const port = this.getPort(request)`
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			`return port ? this.doProxy(route, request, { socket, head }, port) : undefined`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			`}`

			`private getPort(request: http.IncomingMessage): string \| undefined {`
Handle authentication with proxy The cookie will be set for the proxy domain so it'll work for all of its subdomains. 2020-03-24 02:26:47 +07:00			`// No proxy until we're authenticated. This will cause the login page to`
			`// show as well as let our assets keep loading normally.`
			`if (!this.authenticated(request)) {`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`return undefined`
			`}`

Fix domains with ports & localhost subdomains 2020-03-25 02:29:48 +07:00			`// Split into parts.`
			`const host = request.headers.host \|\| ""`
			`const idx = host.indexOf(":")`
			`const domain = idx !== -1 ? host.substring(0, idx) : host`
			`const parts = domain.split(".")`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00
Only handle exact domain matches This simplifies the logic a bit. 2020-03-24 02:51:58 +07:00			`// There must be an exact match.`
			`const port = parts.shift()`
			`const proxyDomain = parts.join(".")`
			`if (!port \|\| !this.proxyDomains.includes(proxyDomain)) {`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`return undefined`
			`}`

Implement the actual proxy 2020-03-24 06:02:31 +07:00			`return port`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`}`

Implement the actual proxy 2020-03-24 06:02:31 +07:00			`private doProxy(`
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			`route: Route,`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			`request: http.IncomingMessage,`
			`response: http.ServerResponse,`
			`portStr: string,`
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			`base?: string,`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			`): HttpResponse`
			`private doProxy(`
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			`route: Route,`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			`request: http.IncomingMessage,`
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			`response: { socket: net.Socket; head: Buffer },`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			`portStr: string,`
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			`base?: string,`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			`): HttpResponse`
			`private doProxy(`
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			`route: Route,`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			`request: http.IncomingMessage,`
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			`response: http.ServerResponse \| { socket: net.Socket; head: Buffer },`
			`portStr: string,`
			`base?: string,`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			`): HttpResponse {`
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			`const port = parseInt(portStr, 10)`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`if (isNaN(port)) {`
			`return {`
			`code: HttpCode.BadRequest,`
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			content: `"${portStr}" is not a valid number`,
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`}`
			`}`
Implement the actual proxy 2020-03-24 06:02:31 +07:00
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			`// REVIEW: Absolute redirects need to be based on the subpath but I'm not`
			// sure how best to get this information to the `proxyRes` event handler.
			`// For now I'm sticking it on the request object which is passed through to`
			`// the event.`
			`;(request as Request).base = base`

			`const hxxp = response instanceof http.ServerResponse`
			`const path = base ? route.fullPath.replace(base, "") : route.fullPath`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			`const options: proxy.ServerOptions = {`
			`changeOrigin: true,`
			`ignorePath: true,`
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			target: `${hxxp ? "http" : "ws"}://127.0.0.1:${port}${path}${
			Object.keys(route.query).length > 0 ? `?${querystring.stringify(route.query)}` : ""
Include query parameters when proxying 2020-04-01 01:11:35 +07:00			}`,
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			`ws: !hxxp,`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`}`
Implement the actual proxy 2020-03-24 06:02:31 +07:00
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			`if (response instanceof http.ServerResponse) {`
			`this.proxy.web(request, response, options)`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			`} else {`
Fix redirects through subpath proxy 2020-04-01 02:56:01 +07:00			`this.proxy.ws(request, response.socket, response.head, options)`
Implement the actual proxy 2020-03-24 06:02:31 +07:00			`}`

			`return { handled: true }`
Add proxy provider It'll be able to handle /proxy requests as well as subdomains. 2020-03-24 01:47:01 +07:00			`}`
			`}`