Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Support HTTP BasicAuth for authentication with auth-user argument, password or hashedPassword#7173

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
gaberudy wants to merge2 commits intocoder:main
base:main
Choose a base branch
Loading
fromgoldenhelix:basic-auth-with-hash
Open
Show file tree
Hide file tree
Changes from1 commit
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
NextNext commit
Support HTTP BasicAuth for authentication if $AUTH_USER is set
  • Loading branch information
@gaberudy
gaberudy committedDec 22, 2024
commitd911eac5f26130158ef1e3e1acf2003c23e8e13f
10 changes: 10 additions & 0 deletionssrc/node/cli.ts
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -12,6 +12,7 @@ export enum Feature {

export enum AuthType {
Password = "password",
HttpBasic = "http-basic",
None = "none",
}

Expand DownExpand Up@@ -65,6 +66,7 @@ export interface UserProvidedCodeArgs {
export interface UserProvidedArgs extends UserProvidedCodeArgs {
config?: string
auth?: AuthType
"auth-user"?: string
password?: string
"hashed-password"?: string
cert?: OptionalString
Expand DownExpand Up@@ -137,6 +139,10 @@ export type Options<T> = {

export const options: Options<Required<UserProvidedArgs>> = {
auth: { type: AuthType, description: "The type of authentication to use." },
"auth-user": {
type: "string",
description: "The username for http-basic authentication."
},
password: {
type: "string",
description: "The password for password authentication (can only be passed in via $PASSWORD or the config file).",
Expand DownExpand Up@@ -569,6 +575,10 @@ export async function setDefaults(cliArgs: UserProvidedArgs, configArgs?: Config
if (process.env.PASSWORD) {
args.password = process.env.PASSWORD
}
if (process.env.AUTH_USER) {
args["auth"] = AuthType.HttpBasic
args["auth-user"] = process.env.AUTH_USER
}

if (process.env.CS_DISABLE_FILE_DOWNLOADS?.match(/^(1|true)$/)) {
args["disable-file-downloads"] = true
Expand Down
22 changes: 22 additions & 0 deletionssrc/node/http.ts
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -111,6 +111,25 @@ export const ensureAuthenticated = async (
}
}

/**
* Validate basic auth credentials.
*/
const validateBasicAuth = (authHeader: string | undefined, authUser: string | undefined, authPassword: string | undefined): boolean => {
if (!authHeader?.startsWith('Basic ')) {
return false;
}

try {
const base64Credentials = authHeader.split(' ')[1];
const credentials = Buffer.from(base64Credentials, 'base64').toString('utf-8');
const [username, password] = credentials.split(':');
return username === authUser && password === authPassword;
} catch (error) {
logger.error('Error validating basic auth:' + error);
return false;
}
};

/**
* Return true if authenticated via cookies.
*/
Expand All@@ -132,6 +151,9 @@ export const authenticated = async (req: express.Request): Promise<boolean> => {

return await isCookieValid(isCookieValidArgs)
}
case AuthType.HttpBasic: {
return validateBasicAuth(req.headers.authorization, req.args["auth-user"], req.args.password);
}
default: {
throw new Error(`Unsupported auth type ${req.args.auth}`)
}
Expand Down
4 changes: 4 additions & 0 deletionssrc/node/main.ts
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -142,6 +142,10 @@ export const runCodeServer = async (
} else {
logger.info(` - Using password from ${args.config}`)
}
} else if (args.auth === AuthType.HttpBasic) {
logger.info(" - HTTP basic authentication is enabled")
logger.info(" - Using user from $AUTH_USER")
logger.info(" - Using password from $PASSWORD")
} else {
logger.info(" - Authentication is disabled")
}
Expand Down
5 changes: 5 additions & 0 deletionssrc/node/routes/domainProxy.ts
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -3,6 +3,7 @@ import { HttpCode, HttpError } from "../../common/http"
import { getHost, ensureProxyEnabled, authenticated, ensureAuthenticated, ensureOrigin, redirect, self } from "../http"
import { proxy } from "../proxy"
import { Router as WsRouter } from "../wsRouter"
import { AuthType } from "../cli"

export const router = Router()

Expand DownExpand Up@@ -78,6 +79,10 @@ router.all(/.*/, async (req, res, next) => {
if (/\/login\/?/.test(req.path)) {
return next()
}
// If auth is HttpBasic, return a 401.
if (req.args.auth === AuthType.HttpBasic) {
throw new HttpError("Unauthorized", HttpCode.Unauthorized)
}
// Redirect all other pages to the login.
const to = self(req)
return redirect(req, res, "login", {
Expand Down
3 changes: 2 additions & 1 deletionsrc/node/routes/pathProxy.ts
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -4,6 +4,7 @@ import * as pluginapi from "../../../typings/pluginapi"
import { HttpCode, HttpError } from "../../common/http"
import { ensureProxyEnabled, authenticated, ensureAuthenticated, ensureOrigin, redirect, self } from "../http"
import { proxy as _proxy } from "../proxy"
import { AuthType } from "../cli"

const getProxyTarget = (
req: Request,
Expand All@@ -28,7 +29,7 @@ export async function proxy(

if (!(await authenticated(req))) {
// If visiting the root (/:port only) redirect to the login page.
if (!req.params.path || req.params.path === "/") {
if ((!req.params.path || req.params.path === "/") && req.args.auth !== AuthType.HttpBasic) {
const to = self(req)
return redirect(req, res, "login", {
to: to !== "/" ? to : undefined,
Expand Down
8 changes: 7 additions & 1 deletionsrc/node/routes/vscode.ts
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -7,12 +7,13 @@ import * as net from "net"
import * as path from "path"
import { WebsocketRequest } from "../../../typings/pluginapi"
import { logError } from "../../common/util"
import { CodeArgs, toCodeArgs } from "../cli"
import {AuthType,CodeArgs, toCodeArgs } from "../cli"
import { isDevMode, vsRootPath } from "../constants"
import { authenticated, ensureAuthenticated, ensureOrigin, redirect, replaceTemplates, self } from "../http"
import { SocketProxyProvider } from "../socket"
import { isFile } from "../util"
import { Router as WsRouter } from "../wsRouter"
import { HttpCode, HttpError } from "../../common/http"

export const router = express.Router()

Expand DownExpand Up@@ -118,6 +119,11 @@ router.get("/", ensureVSCodeLoaded, async (req, res, next) => {
const FOLDER_OR_WORKSPACE_WAS_CLOSED = req.query.ew

if (!isAuthenticated) {
// If auth is HttpBasic, return a 401.
if (req.args.auth === AuthType.HttpBasic) {
res.setHeader('WWW-Authenticate', 'Basic realm="Access to the site"')
throw new HttpError("Unauthorized", HttpCode.Unauthorized)
};
const to = self(req)
return redirect(req, res, "login", {
to: to !== "/" ? to : undefined,
Expand Down
[8]ページ先頭
©2009-2025 Movatter.jp