Remove directory restrictions for /webview/vscode-resource

This makes viewing images work. Fixes #1111.

.travis.yml

@@ -30,7 +30,7 @@ jobs:
     - name: "MacOS build"
       os: osx
       if: tag IS blank
-      script: travis_wait 40 scripts/ci.bash
+      script: travis_wait 60 scripts/ci.bash
 
 git:
   depth: 3

README.md

@@ -73,9 +73,9 @@ yarn binary ${vscodeVersion} ${codeServerVersion} # Or you can package it into a
 ## Security
 
 ### Authentication
-To enable built-in password authentication use `code-server --auth password`. By
+By default `code-server` enables password authentication using a randomly
-default it will use a randomly generated password but you can set the
+generated password. You can set the `PASSWORD` environment variable to use your
-`$PASSWORD` environment variable to use your own.
+own instead or use `--auth none` to disable password authentication.
 
 Do not expose `code-server` to the open internet without some form of
 authentication.

scripts/build.ts

@@ -303,14 +303,16 @@ class Builder {
 			]);
 		});
 
-		// This is so it doesn't get cached along with VS Code. There's no point
+		// Prevent needless cache changes.
-		// since there isn't anything like an incremental build.
+		await this.task("Cleaning for smaller cache", () => {
-		await this.task("Removing build files for smaller cache", () => {
 			return Promise.all([
 				fs.remove(serverPath),
 				fs.remove(path.join(vscodeSourcePath, "out-vscode")),
 				fs.remove(path.join(vscodeSourcePath, "out-vscode-min")),
 				fs.remove(path.join(vscodeSourcePath, "out-build")),
+				util.promisify(cp.exec)("git reset --hard", { cwd: vscodeSourcePath }).then(() => {
+					return util.promisify(cp.exec)("git clean -fd", { cwd: vscodeSourcePath });
+				}),
 			]);
 		});
 

scripts/vscode.patch

@@ -87,7 +87,7 @@ index 990755c4f3..06449bb9cb 100644
 +	extraBuiltinExtensionPaths: string[];
  }
 diff --git a/src/vs/platform/environment/node/argv.ts b/src/vs/platform/environment/node/argv.ts
-index 3e48fe4ddd..e0962b8736 100644
+index 3e48fe4ddd..2212ff5471 100644
 --- a/src/vs/platform/environment/node/argv.ts
 +++ b/src/vs/platform/environment/node/argv.ts
 @@ -58,6 +58,8 @@ export const OPTIONS: OptionDescriptions<Required<ParsedArgs>> = {
@@ -99,6 +99,15 @@ index 3e48fe4ddd..e0962b8736 100644
  	'list-extensions': { type: 'boolean', cat: 'e', description: localize('listExtensions', "List the installed extensions.") },
  	'show-versions': { type: 'boolean', cat: 'e', description: localize('showVersions', "Show versions of installed extensions, when using --list-extension.") },
  	'category': { type: 'string', cat: 'e', description: localize('category', "Filters installed extensions by provided category, when using --list-extension.") },
+@@ -185,7 +187,7 @@ export function parseArgs<T>(args: string[], options: OptionDescriptions<T>, err
+ 			delete parsedArgs[o.deprecates];
+ 		}
+ 
+-		if (val) {
++		if (typeof val !== 'undefined') {
+ 			if (o.type === 'string[]') {
+ 				if (val && !Array.isArray(val)) {
+ 					val = [val];
 diff --git a/src/vs/platform/environment/node/environmentService.ts b/src/vs/platform/environment/node/environmentService.ts
 index f7d207009d..5c37b52dab 100644
 --- a/src/vs/platform/environment/node/environmentService.ts

src/node/cli.ts

@@ -86,7 +86,7 @@ const startVscode = async (): Promise<void | void[]> => {
 	const args = getArgs();
 	const extra = args["_"] || [];
 	const options = {
-		auth: args.auth,
+		auth: args.auth || AuthType.Password,
 		basePath: args["base-path"],
 		cert: args.cert,
 		certKey: args["cert-key"],
@@ -95,9 +95,9 @@ const startVscode = async (): Promise<void | void[]> => {
 		password: process.env.PASSWORD,
 	};
 
-	if (options.auth && enumToArray(AuthType).filter((t) => t === options.auth).length === 0) {
+	if (enumToArray(AuthType).filter((t) => t === options.auth).length === 0) {
 		throw new Error(`'${options.auth}' is not a valid authentication type.`);
-	} else if (options.auth && !options.password) {
+	} else if (options.auth === "password" && !options.password) {
 		options.password = await generatePassword();
 	}
 
@@ -125,10 +125,13 @@ const startVscode = async (): Promise<void | void[]> => {
 	]);
 	logger.info(`Server listening on ${serverAddress}`);
 
-	if (options.auth && !process.env.PASSWORD) {
+	if (options.auth === "password" && !process.env.PASSWORD) {
 		logger.info(`  - Password is ${options.password}`);
-		logger.info("  - To use your own password, set the PASSWORD environment variable");
+		logger.info("    - To use your own password, set the PASSWORD environment variable");
-	} else if (options.auth) {
+		if (!args.auth) {
+			logger.info("    - To disable use `--auth none`");
+		}
+	} else if (options.auth === "password") {
 		logger.info("  - Using custom password for authentication");
 	} else {
 		logger.info("  - No authentication");

src/node/server.ts

@@ -110,7 +110,7 @@ export class HttpError extends Error {
 }
 
 export interface ServerOptions {
-	readonly auth?: AuthType;
+	readonly auth: AuthType;
 	readonly basePath?: string;
 	readonly connectionToken?: string;
 	readonly cert?: string;
@@ -133,7 +133,7 @@ export abstract class Server {
 
 	public constructor(options: ServerOptions) {
 		this.options = {
-			host: options.auth && options.cert ? "0.0.0.0" : "localhost",
+			host: options.auth === "password" && options.cert ? "0.0.0.0" : "localhost",
 			...options,
 			basePath: options.basePath ? options.basePath.replace(/\/+$/, "") : "",
 		};
@@ -193,6 +193,11 @@ export abstract class Server {
 		return { content: await util.promisify(fs.readFile)(filePath), filePath };
 	}
 
+	protected async getAnyResource(...parts: string[]): Promise<Response> {
+		const filePath = path.join(...parts);
+		return { content: await util.promisify(fs.readFile)(filePath), filePath };
+	}
+
 	protected async getTarredResource(...parts: string[]): Promise<Response> {
 		const filePath = this.ensureAuthorizedFilePath(...parts);
 		return { stream: tarFs.pack(filePath), filePath, mime: "application/tar", cache: true };
@@ -269,7 +274,7 @@ export abstract class Server {
 		base = path.normalize(base);
 		requestPath = path.normalize(requestPath || "/index.html");
 
-		if (base !== "/login" || !this.options.auth || requestPath !== "/index.html") {
+		if (base !== "/login" || this.options.auth !== "password" || requestPath !== "/index.html") {
 			this.ensureGet(request);
 		}
 
@@ -300,7 +305,7 @@ export abstract class Server {
 				response.cache = true;
 				return response;
 			case "/login":
-				if (!this.options.auth || requestPath !== "/index.html") {
+				if (this.options.auth !== "password" || requestPath !== "/index.html") {
 					throw new HttpError("Not found", HttpCode.NotFound);
 				}
 				return this.tryLogin(request);
@@ -421,7 +426,7 @@ export abstract class Server {
 	}
 
 	private authenticate(request: http.IncomingMessage, payload?: LoginPayload): boolean {
-		if (!this.options.auth) {
+		if (this.options.auth !== "password") {
 			return true;
 		}
 		const safeCompare = localRequire<typeof import("safe-compare")>("safe-compare/index");
@@ -523,8 +528,8 @@ export class MainServer extends Server {
 				}
 				break;
 			case "/webview":
-				if (requestPath.indexOf("/vscode-resource") === 0) {
+				if (/^\/vscode-resource/.test(requestPath)) {
-					return this.getResource(requestPath.replace(/^\/vscode-resource/, ""));
+					return this.getAnyResource(requestPath.replace(/^\/vscode-resource(\/file)?/, ""));
 				}
 				return this.getResource(
 					this.rootPath,

src/node/util.ts

@@ -14,6 +14,7 @@ import { mkdirp } from "vs/base/node/pfs";
 
 export enum AuthType {
 	Password = "password",
+	None = "none",
 }
 
 export enum FormatType {
@@ -127,7 +128,7 @@ export const enumToArray = (t: any): string[] => {
 
 export const buildAllowedMessage = (t: any): string => {
 	const values = enumToArray(t);
-	return `Allowed value${values.length === 1 ? " is" : "s are"} ${values.map((t) => `'${t}'`).join(",")}`;
+	return `Allowed value${values.length === 1 ? " is" : "s are"} ${values.map((t) => `'${t}'`).join(", ")}`;
 };
 
 /**