Skip to content

File shutdown enabled with allow-shutdown configuation, adding File > Exit menu option #7175

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions patches/series
Original file line number Diff line number Diff line change
@@ -20,3 +20,4 @@ getting-started.diff
keepalive.diff
clipboard.diff
display-language.diff
shutdown.diff
114 changes: 114 additions & 0 deletions patches/shutdown.diff
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
Add a File > Exit menu item and a command to shutdown the server.

Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
===================================================================
--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
+++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
@@ -316,7 +316,8 @@ export class WebClientServer {
codeServerVersion: this._productService.codeServerVersion,
rootEndpoint: base,
updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
- logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? base + '/logout' : undefined,
+ logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" && this._environmentService.args['auth'] !== "http-basic" ? base + '/logout' : undefined,
+ shutdownEndpoint: this._environmentService.args['allow-shutdown'] ? base + '/shutdown' : undefined,
proxyEndpointTemplate: process.env.VSCODE_PROXY_URI ?? base + '/proxy/{{port}}/',
serviceWorker: {
scope: vscodeBase + '/',
Index: code-server/lib/vscode/src/vs/base/common/product.ts
===================================================================
--- code-server.orig/lib/vscode/src/vs/base/common/product.ts
+++ code-server/lib/vscode/src/vs/base/common/product.ts
@@ -59,6 +59,7 @@ export interface IProductConfiguration {
readonly rootEndpoint?: string
readonly updateEndpoint?: string
readonly logoutEndpoint?: string
+ readonly shutdownEndpoint?: string
readonly proxyEndpointTemplate?: string
readonly serviceWorker?: {
readonly path: string;
Index: code-server/lib/vscode/src/vs/workbench/browser/client.ts
===================================================================
--- code-server.orig/lib/vscode/src/vs/workbench/browser/client.ts
+++ code-server/lib/vscode/src/vs/workbench/browser/client.ts
@@ -9,6 +9,7 @@ import { IStorageService, StorageScope,

export class CodeServerClient extends Disposable {
static LOGOUT_COMMAND_ID = 'code-server.logout';
+ static SHUTDOWN_COMMAND_ID = 'code-server.shutdown';

constructor (
@ILogService private logService: ILogService,
@@ -90,6 +91,10 @@ export class CodeServerClient extends Di
this.addLogoutCommand(this.productService.logoutEndpoint);
}

+ if (this.productService.shutdownEndpoint) {
+ this.addShutdownCommand(this.productService.shutdownEndpoint);
+ }
+
if (this.productService.serviceWorker) {
await this.registerServiceWorker(this.productService.serviceWorker);
}
@@ -164,6 +169,22 @@ export class CodeServerClient extends Di
},
});
}
+ }
+
+ private addShutdownCommand(shutdownEndpoint: string) {
+ CommandsRegistry.registerCommand(CodeServerClient.SHUTDOWN_COMMAND_ID, () => {
+ const shutdownUrl = new URL(shutdownEndpoint, window.location.href);
+ window.location.assign(shutdownUrl);
+ });
+
+ for (const menuId of [MenuId.CommandPalette, MenuId.MenubarHomeMenu]) {
+ MenuRegistry.appendMenuItem(menuId, {
+ command: {
+ id: CodeServerClient.SHUTDOWN_COMMAND_ID,
+ title: localize('exit', "Exit"),
+ },
+ });
+ }
}

private async registerServiceWorker(serviceWorker: { path: string; scope: string }) {
Index: code-server/src/node/routes/index.ts
===================================================================
--- code-server.orig/src/node/routes/index.ts
+++ code-server/src/node/routes/index.ts
@@ -170,6 +170,15 @@ export const register = async (app: App,
app.router.all("/logout", (req, res) => redirect(req, res, "/", {}))
}

+ if (args["allow-shutdown"] ) {
+ app.router.use("/shutdown", async (req, res) => {
+ res.send("Shutting down...")
+ process.exit(0)
+ })
+ } else {
+ app.router.use("/shutdown", (req, res) => redirect(req, res, "/", {}))
+ }
+
app.router.use("/update", update.router)

// Note that the root route is replaced in Coder Enterprise by the plugin API.
Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
===================================================================
--- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
@@ -16,6 +16,8 @@ export const serverOptions: OptionDescri
/* ----- code-server ----- */
'disable-update-check': { type: 'boolean' },
'auth': { type: 'string' },
+ 'allow-shutdown': { type: 'boolean' },
'disable-file-downloads': { type: 'boolean' },
'disable-file-uploads': { type: 'boolean' },
'disable-getting-started-override': { type: 'boolean' },
@@ -103,6 +105,8 @@ export interface ServerParsedArgs {
/* ----- code-server ----- */
'disable-update-check'?: boolean;
'auth'?: string;
+ 'allow-shutdown'?: boolean;
'disable-file-downloads'?: boolean;
'disable-file-uploads'?: boolean;
'disable-getting-started-override'?: boolean,
21 changes: 21 additions & 0 deletions src/node/cli.ts
Original file line number Diff line number Diff line change
@@ -12,6 +12,7 @@ export enum Feature {

export enum AuthType {
Password = "password",
HttpBasic = "http-basic",
None = "none",
}

@@ -34,6 +35,7 @@ export class OptionalString extends Optional<string> {}
*/
export interface UserProvidedCodeArgs {
"disable-telemetry"?: boolean
"allow-shutdown"?: boolean
force?: boolean
"user-data-dir"?: string
"enable-proposed-api"?: string[]
@@ -65,6 +67,7 @@ export interface UserProvidedCodeArgs {
export interface UserProvidedArgs extends UserProvidedCodeArgs {
config?: string
auth?: AuthType
"auth-user"?: string
password?: string
"hashed-password"?: string
cert?: OptionalString
@@ -137,6 +140,10 @@ export type Options<T> = {

export const options: Options<Required<UserProvidedArgs>> = {
auth: { type: AuthType, description: "The type of authentication to use." },
"auth-user": {
type: "string",
description: "The username for http-basic authentication.",
},
password: {
type: "string",
description: "The password for password authentication (can only be passed in via $PASSWORD or the config file).",
@@ -158,6 +165,10 @@ export const options: Options<Required<UserProvidedArgs>> = {
},
"cert-key": { type: "string", path: true, description: "Path to certificate key when using non-generated cert." },
"disable-telemetry": { type: "boolean", description: "Disable telemetry." },
"allow-shutdown": {
type: "boolean",
description: "Allow the server to be shut down remotely.",
},
"disable-update-check": {
type: "boolean",
description:
@@ -480,6 +491,7 @@ export interface DefaultedArgs extends ConfigArgs {
"proxy-domain": string[]
verbose: boolean
usingEnvPassword: boolean
usingEnvAuthUser: boolean
usingEnvHashedPassword: boolean
"extensions-dir": string
"user-data-dir": string
@@ -570,6 +582,14 @@ export async function setDefaults(cliArgs: UserProvidedArgs, configArgs?: Config
args.password = process.env.PASSWORD
}

const usingEnvAuthUser = !!process.env.AUTH_USER
if (process.env.AUTH_USER) {
args["auth"] = AuthType.HttpBasic
args["auth-user"] = process.env.AUTH_USER
} else if (args["auth-user"]) {
args["auth"] = AuthType.HttpBasic
}

if (process.env.CS_DISABLE_FILE_DOWNLOADS?.match(/^(1|true)$/)) {
args["disable-file-downloads"] = true
}
@@ -621,6 +641,7 @@ export async function setDefaults(cliArgs: UserProvidedArgs, configArgs?: Config
return {
...args,
usingEnvPassword,
usingEnvAuthUser,
usingEnvHashedPassword,
} as DefaultedArgs // TODO: Technically no guarantee this is fulfilled.
}
39 changes: 39 additions & 0 deletions src/node/http.ts
Original file line number Diff line number Diff line change
@@ -4,6 +4,7 @@ import * as expressCore from "express-serve-static-core"
import * as http from "http"
import * as net from "net"
import * as qs from "qs"
import safeCompare from "safe-compare"
import { Disposable } from "../common/emitter"
import { CookieKeys, HttpCode, HttpError } from "../common/http"
import { normalize } from "../common/util"
@@ -20,6 +21,7 @@ import {
escapeHtml,
escapeJSON,
splitOnFirstEquals,
isHashMatch,
} from "./util"

/**
@@ -111,6 +113,35 @@ export const ensureAuthenticated = async (
}
}

/**
* Validate basic auth credentials.
*/
const validateBasicAuth = async (
authHeader: string | undefined,
authUser: string | undefined,
authPassword: string | undefined,
hashedPassword: string | undefined,
): Promise<boolean> => {
if (!authHeader?.startsWith("Basic ")) {
return false
}

try {
const base64Credentials = authHeader.split(" ")[1]
const credentials = Buffer.from(base64Credentials, "base64").toString("utf-8")
const [username, password] = credentials.split(":")
if (username !== authUser) return false
if (hashedPassword) {
return await isHashMatch(password, hashedPassword)
} else {
return safeCompare(password, authPassword || "")
}
} catch (error) {
logger.error("Error validating basic auth:" + error)
return false
}
}

/**
* Return true if authenticated via cookies.
*/
@@ -132,6 +163,14 @@ export const authenticated = async (req: express.Request): Promise<boolean> => {

return await isCookieValid(isCookieValidArgs)
}
case AuthType.HttpBasic: {
return await validateBasicAuth(
req.headers.authorization,
req.args["auth-user"],
req.args.password,
req.args["hashed-password"],
)
}
default: {
throw new Error(`Unsupported auth type ${req.args.auth}`)
}
9 changes: 8 additions & 1 deletion src/node/main.ts
Original file line number Diff line number Diff line change
@@ -133,7 +133,7 @@ export const runCodeServer = async (

logger.info(`Using config file ${args.config}`)
logger.info(`${protocol.toUpperCase()} server listening on ${serverAddress.toString()}`)
if (args.auth === AuthType.Password) {
if (args.auth === AuthType.Password || args.auth === AuthType.HttpBasic) {
logger.info(" - Authentication is enabled")
if (args.usingEnvPassword) {
logger.info(" - Using password from $PASSWORD")
@@ -142,6 +142,13 @@ export const runCodeServer = async (
} else {
logger.info(` - Using password from ${args.config}`)
}
if (args.auth === AuthType.HttpBasic) {
if (args.usingEnvAuthUser) {
logger.info(" - Using user from $AUTH_USER")
} else {
logger.info(` - With user ${args["auth-user"]}`)
}
}
} else {
logger.info(" - Authentication is disabled")
}
5 changes: 5 additions & 0 deletions src/node/routes/domainProxy.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import { Request, Router } from "express"
import { HttpCode, HttpError } from "../../common/http"
import { AuthType } from "../cli"
import { getHost, ensureProxyEnabled, authenticated, ensureAuthenticated, ensureOrigin, redirect, self } from "../http"
import { proxy } from "../proxy"
import { Router as WsRouter } from "../wsRouter"
@@ -78,6 +79,10 @@ router.all(/.*/, async (req, res, next) => {
if (/\/login\/?/.test(req.path)) {
return next()
}
// If auth is HttpBasic, return a 401.
if (req.args.auth === AuthType.HttpBasic) {
throw new HttpError("Unauthorized", HttpCode.Unauthorized)
}
// Redirect all other pages to the login.
const to = self(req)
return redirect(req, res, "login", {
11 changes: 11 additions & 0 deletions src/node/routes/index.ts
Original file line number Diff line number Diff line change
@@ -17,6 +17,7 @@ import { PluginAPI } from "../plugin"
import { CoderSettings, SettingsProvider } from "../settings"
import { UpdateProvider } from "../update"
import { getMediaMime, paths } from "../util"
import { wrapper } from "../wrapper"
import * as apps from "./apps"
import * as domainProxy from "./domainProxy"
import { errorHandler, wsErrorHandler } from "./errors"
@@ -170,6 +171,16 @@ export const register = async (app: App, args: DefaultedArgs): Promise<Disposabl
app.router.all("/logout", (req, res) => redirect(req, res, "/", {}))
}

if (args["allow-shutdown"] ) {
app.router.use("/shutdown", async (req, res) => {
redirect(req, res, "/", {})
logger.warn("Shutting down due to /shutdown")
setTimeout(() => wrapper.exit(0), 10)
})
} else {
app.router.use("/shutdown", (req, res) => redirect(req, res, "/", {}))
}

app.router.use("/update", update.router)

// Note that the root route is replaced in Coder Enterprise by the plugin API.
3 changes: 2 additions & 1 deletion src/node/routes/pathProxy.ts
Original file line number Diff line number Diff line change
@@ -4,6 +4,7 @@ import * as pluginapi from "../../../typings/pluginapi"
import { HttpCode, HttpError } from "../../common/http"
import { ensureProxyEnabled, authenticated, ensureAuthenticated, ensureOrigin, redirect, self } from "../http"
import { proxy as _proxy } from "../proxy"
import { AuthType } from "../cli"

const getProxyTarget = (
req: Request,
@@ -28,7 +29,7 @@ export async function proxy(

if (!(await authenticated(req))) {
// If visiting the root (/:port only) redirect to the login page.
if (!req.params.path || req.params.path === "/") {
if ((!req.params.path || req.params.path === "/") && req.args.auth !== AuthType.HttpBasic) {
const to = self(req)
return redirect(req, res, "login", {
to: to !== "/" ? to : undefined,
8 changes: 7 additions & 1 deletion src/node/routes/vscode.ts
Original file line number Diff line number Diff line change
@@ -6,8 +6,9 @@ import * as http from "http"
import * as net from "net"
import * as path from "path"
import { WebsocketRequest } from "../../../typings/pluginapi"
import { HttpCode, HttpError } from "../../common/http"
import { logError } from "../../common/util"
import { CodeArgs, toCodeArgs } from "../cli"
import { AuthType, CodeArgs, toCodeArgs } from "../cli"
import { isDevMode, vsRootPath } from "../constants"
import { authenticated, ensureAuthenticated, ensureOrigin, redirect, replaceTemplates, self } from "../http"
import { SocketProxyProvider } from "../socket"
@@ -118,6 +119,11 @@ router.get("/", ensureVSCodeLoaded, async (req, res, next) => {
const FOLDER_OR_WORKSPACE_WAS_CLOSED = req.query.ew

if (!isAuthenticated) {
// If auth is HttpBasic, return a 401.
if (req.args.auth === AuthType.HttpBasic) {
res.setHeader("WWW-Authenticate", `Basic realm="${req.args["app-name"] || "code-server"}"`)
throw new HttpError("Unauthorized", HttpCode.Unauthorized)
}
const to = self(req)
return redirect(req, res, "login", {
to: to !== "/" ? to : undefined,
Loading