Commita53b8db

authored

feat: add handling for insecure requests (#106)

1 parent9b936cd commita53b8dbCopy full SHA for a53b8db

File tree

7 files changed

+148

-23

lines changed

7 files changed

+148

-23

lines changed

`‎package.json‎`

Lines changed: 6 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,11 @@`
`42`	`42`	`},`
`43`	`43`	`"scope":"machine",`
`44`	`44`	`"default": []`
	`45`	`+ },`
	`46`	`+"coder.insecure": {`
	`47`	`+"markdownDescription":"If true, the extension will not verify the authenticity of the remote host. This is useful for self-signed certificates.",`
	`48`	`+"type":"boolean",`
	`49`	`+"default":false`
`45`	`50`	`}`
`46`	`51`	`}`
`47`	`52`	`},`
`@@ -241,4 +246,4 @@`
`241`	`246`	`"yaml":"^1.10.0",`
`242`	`247`	`"zod":"^3.21.4"`
`243`	`248`	`}`
`244`		`-}`
	`249`	`+}`

`‎src/commands.ts‎`

Lines changed: 13 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@ import { getAuthenticatedUser, getWorkspaces, updateWorkspaceVersion } from "cod`
`3`	`3`	`import{Workspace,WorkspaceAgent}from"coder/site/src/api/typesGenerated"`
`4`	`4`	`import*asvscodefrom"vscode"`
`5`	`5`	`import{extractAgents}from"./api-helper"`
	`6`	`+import{SelfSignedCertificateError}from"./error"`
`6`	`7`	`import{Remote}from"./remote"`
`7`	`8`	`import{Storage}from"./storage"`
`8`	`9`	`import{OpenableTreeItem}from"./workspacesProvider"`
`@@ -61,6 +62,14 @@ export class Commands {`
`61`	`62`	`if(axios.isAxiosError(err)&&err.response?.data){`
`62`	`63`	`message=err.response.data.detail`
`63`	`64`	`}`
	`65`	`+if(errinstanceofSelfSignedCertificateError){`
	`66`	`+err.showInsecureNotification(this.storage)`
	`67`	`+`
	`68`	`+return{`
	`69`	`+message:err.message,`
	`70`	`+severity:vscode.InputBoxValidationSeverity.Error,`
	`71`	`+}`
	`72`	`+}`
`64`	`73`	`return{`
`65`	`74`	`message:"Invalid session token! ("+message+")",`
`66`	`75`	`severity:vscode.InputBoxValidationSeverity.Error,`
`@@ -189,7 +198,10 @@ export class Commands {`
`189`	`198`	`quickPick.items=items`
`190`	`199`	`quickPick.busy=false`
`191`	`200`	`})`
`192`		`-.catch(()=>{`
	`201`	`+.catch((ex)=>{`
	`202`	`+if(exinstanceofSelfSignedCertificateError){`
	`203`	`+ex.showInsecureNotification(this.storage)`
	`204`	`+}`
`193`	`205`	`return`
`194`	`206`	`})`
`195`	`207`	`})`

`‎src/error.ts‎`

Lines changed: 51 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,51 @@`
	`1`	`+import*asfsfrom"fs/promises"`
	`2`	`+import*asjsoncfrom"jsonc-parser"`
	`3`	`+import*asvscodefrom"vscode"`
	`4`	`+import{Storage}from"./storage"`
	`5`	`+`
	`6`	`+exportclassSelfSignedCertificateErrorextendsError{`
	`7`	`+publicstaticNotification=`
	`8`	`+"Your Coder deployment is using a self-signed certificate. VS Code uses a version of Electron that does not support registering self-signed intermediate certificates with extensions."`
	`9`	`+publicstaticActionAllowInsecure="Allow Insecure"`
	`10`	`+publicstaticActionViewMoreDetails="View More Details"`
	`11`	`+`
	`12`	`+constructor(message:string){`
	`13`	+super(`Your Coder deployment is using a self-signed certificate:${message}`)
	`14`	`+}`
	`15`	`+`
	`16`	`+publicviewMoreDetails():Thenable<boolean>{`
	`17`	`+returnvscode.env.openExternal(vscode.Uri.parse("https://github.com/coder/vscode-coder/issues/105"))`
	`18`	`+}`
	`19`	`+`
	`20`	`+// allowInsecure manually reads the settings file and updates the value of the`
	`21`	`+// "coder.insecure" property.`
	`22`	`+publicasyncallowInsecure(storage:Storage):Promise<void>{`
	`23`	`+letsettingsContent="{}"`
	`24`	`+try{`
	`25`	`+settingsContent=awaitfs.readFile(storage.getUserSettingsPath(),"utf8")`
	`26`	`+}catch(ex){`
	`27`	`+// Ignore! It's probably because the file doesn't exist.`
	`28`	`+}`
	`29`	`+constedits=jsonc.modify(settingsContent,["coder.insecure"],true,{})`
	`30`	`+awaitfs.writeFile(storage.getUserSettingsPath(),jsonc.applyEdits(settingsContent,edits))`
	`31`	`+`
	`32`	`+vscode.window.showInformationMessage(`
	`33`	`+'The Coder extension will no longer verify TLS on HTTPS requests. You can change this at any time with the "coder.insecure" property in your VS Code settings.',`
	`34`	`+)`
	`35`	`+}`
	`36`	`+`
	`37`	`+publicasyncshowInsecureNotification(storage:Storage):Promise<void>{`
	`38`	`+constvalue=awaitvscode.window.showErrorMessage(`
	`39`	`+SelfSignedCertificateError.Notification,`
	`40`	`+SelfSignedCertificateError.ActionAllowInsecure,`
	`41`	`+SelfSignedCertificateError.ActionViewMoreDetails,`
	`42`	`+)`
	`43`	`+if(value===SelfSignedCertificateError.ActionViewMoreDetails){`
	`44`	`+awaitthis.viewMoreDetails()`
	`45`	`+return`
	`46`	`+}`
	`47`	`+if(value===SelfSignedCertificateError.ActionAllowInsecure){`
	`48`	`+returnthis.allowInsecure(storage)`
	`49`	`+}`
	`50`	`+}`
	`51`	`+}`

`‎src/extension.ts‎`

Lines changed: 75 additions & 19 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,13 +1,67 @@`
`1`	`1`	`"use strict"`
	`2`	`+importaxiosfrom"axios"`
`2`	`3`	`import{getAuthenticatedUser}from"coder/site/src/api/api"`
	`4`	`+import*ashttpsfrom"https"`
`3`	`5`	`import*asmodulefrom"module"`
`4`	`6`	`import*asvscodefrom"vscode"`
`5`	`7`	`import{Commands}from"./commands"`
	`8`	`+import{SelfSignedCertificateError}from"./error"`
`6`	`9`	`import{Remote}from"./remote"`
`7`	`10`	`import{Storage}from"./storage"`
`8`	`11`	`import{WorkspaceQuery,WorkspaceProvider}from"./workspacesProvider"`
`9`	`12`
`10`	`13`	`exportasyncfunctionactivate(ctx:vscode.ExtensionContext):Promise<void>{`
	`14`	`+// The Remote SSH extension's proposed APIs are used to override`
	`15`	`+// the SSH host name in VS Code itself. It's visually unappealing`
	`16`	`+// having a lengthy name!`
	`17`	`+//`
	`18`	`+// This is janky, but that's alright since it provides such minimal`
	`19`	`+// functionality to the extension.`
	`20`	`+constremoteSSHExtension=vscode.extensions.getExtension("ms-vscode-remote.remote-ssh")`
	`21`	`+if(!remoteSSHExtension){`
	`22`	`+thrownewError("Remote SSH extension not found")`
	`23`	`+}`
	`24`	`+// eslint-disable-next-line @typescript-eslint/no-explicit-any`
	`25`	`+constvscodeProposed:typeofvscode=(moduleasany)._load(`
	`26`	`+"vscode",`
	`27`	`+{`
	`28`	`+filename:remoteSSHExtension?.extensionPath,`
	`29`	`+},`
	`30`	`+false,`
	`31`	`+)`
	`32`	`+`
	`33`	`+// updateInsecure is called on extension activation and when the insecure`
	`34`	`+// setting is changed. It updates the https agent to allow self-signed`
	`35`	`+// certificates if the insecure setting is true.`
	`36`	`+constapplyInsecure=()=>{`
	`37`	`+constinsecure=Boolean(vscode.workspace.getConfiguration().get("coder.insecure"))`
	`38`	`+`
	`39`	`+axios.defaults.httpsAgent=newhttps.Agent({`
	`40`	`+// rejectUnauthorized defaults to true, so we need to explicitly set it to false`
	`41`	`+// if we want to allow self-signed certificates.`
	`42`	`+rejectUnauthorized:!insecure,`
	`43`	`+})`
	`44`	`+}`
	`45`	`+`
	`46`	`+axios.interceptors.response.use(`
	`47`	`+(r)=>r,`
	`48`	`+(err)=>{`
	`49`	`+if(err){`
	`50`	`+constmsg=err.toString()asstring`
	`51`	`+if(msg.indexOf("unable to verify the first certificate")!==-1){`
	`52`	`+thrownewSelfSignedCertificateError(msg)`
	`53`	`+}`
	`54`	`+}`
	`55`	`+`
	`56`	`+throwerr`
	`57`	`+},`
	`58`	`+)`
	`59`	`+`
	`60`	`+vscode.workspace.onDidChangeConfiguration((e)=>{`
	`61`	`+e.affectsConfiguration("coder.insecure")&&applyInsecure()`
	`62`	`+})`
	`63`	`+applyInsecure()`
	`64`	`+`
`11`	`65`	`constoutput=vscode.window.createOutputChannel("Coder")`
`12`	`66`	`conststorage=newStorage(output,ctx.globalState,ctx.secrets,ctx.globalStorageUri,ctx.logUri)`
`13`	`67`	`awaitstorage.init()`
`@@ -62,25 +116,6 @@ export async function activate(ctx: vscode.ExtensionContext): Promise<void> {`
`62`	`116`	`},`
`63`	`117`	`})`
`64`	`118`
`65`		`-// The Remote SSH extension's proposed APIs are used to override`
`66`		`-// the SSH host name in VS Code itself. It's visually unappealing`
`67`		`-// having a lengthy name!`
`68`		`-//`
`69`		`-// This is janky, but that's alright since it provides such minimal`
`70`		`-// functionality to the extension.`
`71`		`-constremoteSSHExtension=vscode.extensions.getExtension("ms-vscode-remote.remote-ssh")`
`72`		`-if(!remoteSSHExtension){`
`73`		`-thrownewError("Remote SSH extension not found")`
`74`		`-}`
`75`		`-// eslint-disable-next-line @typescript-eslint/no-explicit-any`
`76`		`-constvscodeProposed:typeofvscode=(moduleasany)._load(`
`77`		`-"vscode",`
`78`		`-{`
`79`		`-filename:remoteSSHExtension?.extensionPath,`
`80`		`-},`
`81`		`-false,`
`82`		`-)`
`83`		`-`
`84`	`119`	`constcommands=newCommands(vscodeProposed,storage)`
`85`	`120`
`86`	`121`	`vscode.commands.registerCommand("coder.login",commands.login.bind(commands))`
`@@ -109,6 +144,27 @@ export async function activate(ctx: vscode.ExtensionContext): Promise<void> {`
`109`	`144`	`try{`
`110`	`145`	`awaitremote.setup(vscodeProposed.env.remoteAuthority)`
`111`	`146`	`}catch(ex){`
	`147`	`+if(exinstanceofSelfSignedCertificateError){`
	`148`	`+constprompt=awaitvscodeProposed.window.showErrorMessage(`
	`149`	`+"Failed to open workspace",`
	`150`	`+{`
	`151`	`+detail:SelfSignedCertificateError.Notification,`
	`152`	`+modal:true,`
	`153`	`+useCustom:true,`
	`154`	`+},`
	`155`	`+SelfSignedCertificateError.ActionAllowInsecure,`
	`156`	`+SelfSignedCertificateError.ActionViewMoreDetails,`
	`157`	`+)`
	`158`	`+if(prompt===SelfSignedCertificateError.ActionAllowInsecure){`
	`159`	`+awaitex.allowInsecure(storage)`
	`160`	`+awaitremote.reloadWindow()`
	`161`	`+return`
	`162`	`+}`
	`163`	`+if(prompt===SelfSignedCertificateError.ActionViewMoreDetails){`
	`164`	`+awaitex.viewMoreDetails()`
	`165`	`+return`
	`166`	`+}`
	`167`	`+}`
`112`	`168`	`awaitvscodeProposed.window.showErrorMessage("Failed to open workspace",{`
`113`	`169`	`detail:(exasstring).toString(),`
`114`	`170`	`modal:true,`

`‎src/remote.ts‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -696,7 +696,7 @@ export class Remote {`
`696`	`696`	`}`
`697`	`697`
`698`	`698`	`// reloadWindow reloads the current window.`
`699`		`-privateasyncreloadWindow(){`
	`699`	`+publicasyncreloadWindow(){`
`700`	`700`	`awaitvscode.commands.executeCommand("workbench.action.reloadWindow")`
`701`	`701`	`}`
`702`	`702`

`‎src/sshSupport.test.ts‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@ import { computeSSHProperties, sshSupportsSetEnv, sshVersionSupportsSetEnv } fro`
`3`	`3`
`4`	`4`	`constsupports={`
`5`	`5`	`"OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022":true,`
	`6`	`+"OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2":true,`
`6`	`7`	`"OpenSSH_9.0p1, LibreSSL 3.3.6":true,`
`7`	`8`	`"OpenSSH_7.6p1 Ubuntu-4ubuntu0.7, OpenSSL 1.0.2n 7 Dec 2017":false,`
`8`	`9`	`"OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017":false,`

`‎src/sshSupport.ts‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@ export function sshSupportsSetEnv(): boolean {`
`16`	`16`	`//`
`17`	`17`	`// It was introduced in SSH 7.8 and not all versions support it.`
`18`	`18`	`exportfunctionsshVersionSupportsSetEnv(sshVersionString:string):boolean{`
`19`		`-constmatch=sshVersionString.match(/OpenSSH_([\d.]+)[^,]*/)`
	`19`	`+constmatch=sshVersionString.match(/OpenSSH._([\d.]+)[^,]/)`
`20`	`20`	`if(match&&match[1]){`
`21`	`21`	`constinstalledVersion=match[1]`
`22`	`22`	`constparts=installedVersion.split(".")`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commita53b8db

File tree

7 files changed

7 files changed

`‎package.json‎`

`‎src/commands.ts‎`

`‎src/error.ts‎`

`‎src/extension.ts‎`

`‎src/remote.ts‎`

`‎src/sshSupport.test.ts‎`

`‎src/sshSupport.ts‎`

0 commit comments