Commit Graph

451 Commits

Author SHA1 Message Date
Asher
e5fc63f2c8
Fix accessing manifest behind basic auth
Apparently the manifest spec doesn't include sending credentials in an
attempt to be secure by default.

Fixes #1212.
2019-12-09 11:25:59 -06:00
Asher
e14362f322
Pass along Node options 2019-11-14 17:20:23 -06:00
Asher
2018024810
Hash password
Fixes issues with unexpected characters breaking things when setting the
cookie (like semicolons).

This change as-is does not affect the security of code-server
itself (we've just replaced the static password with a static hash) but
if we were to add a salt in the future it would let us invalidate keys
by rehashing with a new salt which could be handy.
2019-11-07 15:57:57 -06:00
Asher
a1d6bcb8e5
Handle cookies more robustly
If you visit /login/ instead of /login the cookie will be set at /login
instead of / which means the cookie can't be read at the root. It will
redirect to the login page which *can* read the cookie at /login and
redirect back resulting in an infinite loop.

The previous solution relied on setting the cookie at / (any invalid
value works) which then overrode the login page cookie since
parseCookies only kept a single value. So the login page would see the
same cookie the root was seeing and not redirect back. However, that
behavior depends on the cookies being in the right order which I'm not
sure is guaranteed.

This new method tests all available cookies and always sets the cookie
so the root path will be able to read it in case the login page is
seeing a cookie the root can't.

It also goes a step further and explicitly sets the path on the cookie
which fixes the case where there is a permanent misconfiguration
redirecting /login to /login/. Otherwise the cookie would continually be
set on /login only and you'd have another loop. It also means you only
need to delete one cookie to log out.

Lastly add some properties to make the cookies a bit more secure.
2019-11-07 13:36:18 -06:00
ecrode
727ac6483b Clear password when redirecting to login
Should prevent endless redirects when the cookie is set on a different path or domain (like with a dot prefix).
2019-11-07 11:38:10 -06:00
Asher
2c15c09fc0
Add missing telemetry option 2019-11-06 15:47:34 -06:00
Asher
780a673017
Add meta tag to allow full screen app on iOS
Fixes #933.
2019-11-04 16:01:01 -06:00
Asher
af71203955
Fix relaunching during an update 2019-11-01 10:51:23 -05:00
Asher
fc3acfabb2
Fix update check 2019-10-30 17:35:50 -05:00
Asher
73cf8f34e3
Fix outgoing scheme transformation
Accidentally used local instead of remote.

Fixes #1127.
2019-10-30 10:32:57 -05:00
Asher
87485948ad
Kill inner process if parent process dies
Fixes #1076.
2019-10-29 14:43:27 -05:00
Asher
2f0878d9b7
Revert remote scheme change
It doesn't show in the explorer anymore so there's no point. Also remove
the local scheme transform which is no longer required with the latest
client-side extension implementation.
2019-10-29 11:26:50 -05:00
Asher
e22964915a
Support opening workspaces from command line
Partly addresses #1121.
2019-10-28 16:25:51 -05:00
Asher
422503ef98
Proxy child exit code when exiting parent process
This fixes code-server exiting with zero on errors.
2019-10-28 14:57:01 -05:00
Asher
ea36345d2c
Allow fetching any resource
Fixes #1118.
2019-10-28 14:29:51 -05:00
Asher
a89d83cbba
Fix other incorrect usages of split 2019-10-28 14:03:13 -05:00
Asher
83ff31b620
Fix passwords that contain =
Fixes #1119.

Apparently `split` does not work the way I'd expect.
2019-10-28 13:47:31 -05:00
Asher
3a9b032c72
Add heartbeat file (#1115)
Fixes #1050.
2019-10-28 09:59:34 -05:00
Asher
f73e9225b4
Remove directory restrictions for /webview/vscode-resource
This makes viewing images work. Fixes #1111.
2019-10-25 15:52:39 -05:00
Asher
58f7f5b769
Properly fix blank --cert flag
See #1109.
2019-10-25 12:04:43 -05:00
Asher
b8e6369fbe
Fix empty --cert not generating self-signed certificate
Fixes #1101.
2019-10-25 11:01:42 -05:00
Asher
95693fb58e
Handle /webview/vscode-resource/file urls
See #1103.
2019-10-24 14:35:25 -05:00
Asher
e7945bea94
Enable password authentication by default
Fixes #1062.
2019-10-24 12:35:26 -05:00
Asher
eea9c1618c
Move client-side extension code out of patch 2019-10-23 13:12:11 -05:00
Asher
ece840834d
Move login page to browser directory
Fixes it not being included in the optimized build as well as making it
more consistent.
2019-10-21 15:02:41 -05:00
Asher
76f6ff4145
Fix alpine check 2019-10-21 14:09:04 -05:00
Asher
bdd11f741b
Update to 1.39.2
Also too the opportunity to rewrite the build script since there was a
change in the build steps (mainly how the product JSON is inserted) and
to get the build changes out of the patch. It also no longer relies on
external caching (we'll want to do this within CI instead).
2019-10-18 18:20:02 -05:00
Asher
56ce780522
Prevent process.exit() 2019-10-11 17:00:17 -05:00
Asher
567010e163
Cache extension tar requests 2019-10-11 14:28:02 -05:00
Asher
4ae2c81157
Remember last workspace or directory 2019-10-11 14:26:20 -05:00
Asher
ae43e2016f
Handle up/down on server 2019-10-10 17:05:30 -05:00
Asher
3f6cbfa4dd
Handle up/down/close on client 2019-10-10 16:12:38 -05:00
Asher
1c50b5285e
Resolve bundling issues with node-browser 2019-10-10 15:36:56 -05:00
Asher
ea9c511db8
Check major version when getting latest version 2019-10-08 16:23:39 -05:00
Adam Vernon
e1e3f32643 Add missing PWA icon (#1060)
- Copy old icon back into repository
- Update path to icon from manifest file
- Add link metadata tag for iOS PWA icon to workbench.html
- Add link metadata tag for iOS PWA icon to login page
2019-10-07 12:55:02 -05:00
Asher
548d095611
Add support for running extensions in the browser 2019-10-04 18:14:19 -05:00
Asher
65caa26d40
Pass log level to extension host 2019-09-23 16:57:48 -05:00
Asher
7812f6b75a
Fix uncaught errors when extracting zips
Fixes #966.
2019-09-23 16:57:48 -05:00
Asher
637e58f255
Prevent opening invalid paths 2019-09-23 16:57:47 -05:00
Asher
616bdb35f3
Fix using port zero 2019-09-18 11:39:16 -05:00
Asher
6a864f9f47
Make websocket upgrade check case-insensitive
Fixes #925.
2019-09-16 15:05:45 -05:00
Asher
5c16399810
Fix accessing versioned resource using file service
Fixes #986.
2019-09-16 15:05:44 -05:00
Asher
1bd5eca73d
Don't terminate extension host on a timeout
We will clean it up on our end if necessary. This allows reconnections
after any length of time.
2019-09-13 11:24:15 -05:00
Asher
f8635a124f
Add tar endpoint
This will be used to load extensions into the browser using requirefs.
2019-09-12 12:17:16 -05:00
Asher
1164801376
Keep a maximum number of connections instead of a timeout
There's no way to actually know if those clients have gone away, so it
seems it might be better to base it on whether the user has connected
again with new clients to determine if the old clients are now invalid.
2019-09-09 16:41:04 -05:00
Asher
12e608468b
Add caching 2019-09-06 17:46:32 -05:00
Asher
44000459da
Add environment variable for telemetry endpoint 2019-09-05 15:26:35 -05:00
Asher
9d8906d250
Add version format flag 2019-09-04 17:01:06 -05:00
Asher
a26844ea45
Add package.json for publishing API types 2019-09-04 11:47:50 -05:00
Asher
da7d8b04a8
Update VS Code 2019-09-03 17:24:14 -05:00
Asher
12bc26b6b4
Implement status bar API 2019-09-03 16:38:53 -05:00
Asher
b901043bfc
Target a recent commit for VS Code
This is so we can try out the web worker extension host.
2019-08-29 19:11:11 -05:00
Asher
a3ee7c96a0
Don't open cwd by default
Fixes #889. Previous it would use the cwd. In some cases that's the
path of where the binary is located which is a weird place to open.
2019-08-27 14:26:54 -05:00
Asher
d33b2d2af9
Fix web view sometimes not loading correctly
Fixes #929.
2019-08-27 14:03:27 -05:00
Asher
78b6b3afdf
Add check for missing reconnection token
This means something is misconfigured.
2019-08-23 13:44:14 -05:00
Asher
ddd5a9ae79
Update data and extension paths to match version one
To ensure users don't lose their extensions when updating.
2019-08-21 17:02:31 -05:00
Asher
80050d0d9d
Detect target automatically
This removes the potential for a bad build because the native Node
modules currently can only be built on the target system, so specifying
a target for something other than the system your are building on will
not work.
2019-08-21 12:45:09 -05:00
Asher
534600c1ff
Don't error when scanning nonexistent extension dir 2019-08-20 19:16:44 -05:00
Asher
6737384d27
Handle existing query when opening folder 2019-08-15 17:28:02 -05:00
Asher
f61a0ae78a
Set unexpected error handler on startup
Fixes #911.
2019-08-15 16:02:14 -05:00
Asher
a48c2fb119
Handle webview service worker resource requests 2019-08-15 14:30:41 -05:00
Asher
83f86a45b6
Load language bundles on the client 2019-08-14 10:25:31 -05:00
Asher
2470081789
Exit when pipe closes
This allows piping to things like `head` without SIGPIPE errors.
2019-08-12 15:39:04 -05:00
Asher
90e8714e71
Preserve query variables when redirecting 2019-08-12 11:55:33 -05:00
Asher
b566b66590
Fix service worker scope when there is a base path 2019-08-12 11:24:05 -05:00
Asher
7389d9e2cb
Use current URL for webview 2019-08-12 10:23:08 -05:00
Asher
2807ce495e
Add tar-stream dependency
It's no longer included by the remote dependencies.
2019-08-09 19:23:44 -05:00
Asher
ba7285192c
Update VS Code to 1.37.0 2019-08-09 19:23:41 -05:00
Asher
6b579d65ef
Fix webview address when using a proxy 2019-08-08 11:39:06 -05:00
Asher
d4ed2efa71
Change default port to 8080 2019-08-08 11:21:45 -05:00
Asher
f5a6f14ade
Implement update service 2019-08-07 16:18:17 -05:00
Asher
dde683d911
Fix login submission when using a base path 2019-08-05 10:38:55 -05:00
Asher
5b64cb3400
Fix login page 2019-08-02 19:54:56 -05:00
Asher
712274d912
Groundwork for language support
- Implement the localization service.
- Use the proper build process which generates the require JSON files.
- Implement getting the locale and language configuration.
2019-08-02 19:29:00 -05:00
Asher
bd0f1d024b
Support vscode-resource requests in webview 2019-07-31 17:22:18 -05:00
Asher
5944b842de
Make it clearer what the tar code does 2019-07-31 17:22:17 -05:00
Asher
12af311ce7
Use our logger instead of raw console.log 2019-07-31 17:22:16 -05:00
Asher
62719ab544
Clean up client API
- Don't use "any" for the API type.
- Remove everything from the Coder API that can eventually be done
  through the VS Code API.
- Move the event emission to our own client to minimize patching.
2019-07-31 17:22:15 -05:00
Asher
011530e11b
Proxy TLS sockets 2019-07-30 18:16:08 -05:00
Asher
8ded89e8d4
Firefox fixes 2019-07-26 17:33:26 -05:00
Asher
4c4a179bce
TLS socket still doesn't work 2019-07-26 17:26:45 -05:00
Asher
329acbb251
Combine main and webview servers 2019-07-23 19:22:10 -05:00
Asher
fd55139c82
Make flags additive and clean up docs
This means that you have to turn on features now instead of disabling
them like auth and https.

In addition:
- Allow multiple options for auth (only password for now).
- Combine the install docs since they had many commonalities and
- generally simplified them (hopefully not too much).
- Move all example configs into docs/examples.
2019-07-23 18:59:39 -05:00
Asher
7b7f5b542e
Add base path argument
It's only used for the login redirect.
2019-07-23 15:17:25 -05:00
Asher
09cd1e8540
Make sub-paths work 2019-07-22 18:01:03 -05:00
Asher
cd54aec2f9
Fix login redirect when not using https 2019-07-22 11:09:26 -05:00
Asher
9fdfacb314
Quality check 2019-07-19 17:43:54 -05:00
Asher
e8cb6ffaa0
Implement file uploads 2019-07-19 15:45:12 -05:00
Asher
2be452d83e
Fix rg extraction in Docker build 2019-07-18 18:09:24 -05:00
Asher
b0e6c1cc4e
Fix favicon 2019-07-18 18:09:23 -05:00
Asher
45d348b03d
Expose API on the client 2019-07-18 18:09:22 -05:00
Asher
4b0cceb91a
Extract ripgrep when inside binary 2019-07-18 18:09:21 -05:00
Asher
db41f106bc
Fix open flag when using 0.0.0.0 2019-07-18 18:09:20 -05:00
Asher
b6fdb7d0e7
Telemetry 2019-07-18 18:09:20 -05:00
Asher
1a3fc86894
Reconnection works 2019-07-18 18:09:19 -05:00
Asher
9b0b337dc0
Implement open flag 2019-07-18 18:09:16 -05:00
Asher
8dcc1e3567
Accept argument to change initial working directory 2019-07-18 18:09:13 -05:00
Asher
e22791ec88
Fix interactive playground 2019-07-18 18:09:12 -05:00
Asher
286f9a8978
Implement multiple extension directories 2019-07-18 18:09:12 -05:00
Asher
97167e75ff
Add authentication 2019-07-18 18:09:11 -05:00
Asher
2b2aa9a211
Add https server 2019-07-18 18:09:09 -05:00