mirror of
https://github.com/coder/code-server.git
synced 2024-11-30 01:36:01 +03:00
5ce99f8d1c
* chore: update Code to 1.67 Was able to remove our changes to common/webview.ts since they are upstream now. Other than that no serious changes, just context diffs. * chore: update Code to 1.68 - Upstream moved the web socket endpoint so change the Express route from / to *. That will let web sockets work at any endpoint. - Everything in the workbench config is basically the same but de-indented (upstream extracted it into a separate object which resulted in a de-indent), the ordering is slightly different, and instead of vscodeBase we now need vscodeBase + this._staticRoute since everything is served from a sub-path now. - Move manifest link back to the root since that is where we host our manifest. - Change RemoteAuthoritiesImpl to use the same path building method as in other places (+ instead of using URI.parse/join). - Use existing host/port in RemoteAuthoritiesImpl and BrowserSocketFactory instead of patching them to use window.location (these are set from window.location to begin with so it should be the same result but with less patching). - Since BrowserSocketFactory includes a sub-path now (endpoints were changed upstream to serve from /quality/commit instead of from the root) the patch there has changed to prepend the base to that path (instead of using the base directly). - The workbench HTML now natively supports a base URL in the form of WORKBENCH_WEB_BASE_URL so no need for VS_BASE patches there anymore. - Upstream added type="image/x-icon" so I did as well. - Move the language patch to the end of the series so it is easier to eventually remove. - Remove the existing NLS config in favor of one that supports extensions. - Upstream deleted webview main.js and inlined it into the HTML so move that code (the parent origin check) into both those HTML files (index.html and index-no-csp.html). - The remaining diff is from changes to the surrounding context or a line was changed slightly by upstream (for example renamed files or new arguments like to the remote authority resolver). * fix: modify product.json before building Code injects this into the client during the build process so it needs to be updated before we build. * fix: update inline script nonces * Update HTML base path test * fix: missing commit Code overrides it with nothing. The date is also already injected. * fix: web extensions breaking when the commit changes By just using the marketplace directly instead of going through the backend. I am not sure what the point is when searching extensions already goes directly to the marketplace anyway. But also remove the prefix that breaks this as well because otherwise existing installations will break.
107 lines
4.1 KiB
Diff
107 lines
4.1 KiB
Diff
Add the ability to provide a GitHub token
|
|
|
|
To test install the GitHub PR extension and start code-server with GITHUB_TOKEN
|
|
or set github-auth in the config file. The extension should be authenticated.
|
|
|
|
Index: code-server/lib/vscode/src/vs/platform/credentials/node/credentialsMainService.ts
|
|
===================================================================
|
|
--- code-server.orig/lib/vscode/src/vs/platform/credentials/node/credentialsMainService.ts
|
|
+++ code-server/lib/vscode/src/vs/platform/credentials/node/credentialsMainService.ts
|
|
@@ -5,9 +5,18 @@
|
|
|
|
import { InMemoryCredentialsProvider } from 'vs/platform/credentials/common/credentials';
|
|
import { ILogService } from 'vs/platform/log/common/log';
|
|
-import { INativeEnvironmentService } from 'vs/platform/environment/common/environment';
|
|
+import { IServerEnvironmentService } from 'vs/server/node/serverEnvironmentService';
|
|
import { IProductService } from 'vs/platform/product/common/productService';
|
|
import { BaseCredentialsMainService, KeytarModule } from 'vs/platform/credentials/common/credentialsMainService';
|
|
+import { generateUuid } from 'vs/base/common/uuid';
|
|
+import { equals as arrayEquals } from 'vs/base/common/arrays';
|
|
+
|
|
+interface IToken {
|
|
+ accessToken: string
|
|
+ account?: { label: string }
|
|
+ id: string
|
|
+ scopes: string[]
|
|
+}
|
|
|
|
export class CredentialsWebMainService extends BaseCredentialsMainService {
|
|
// Since we fallback to the in-memory credentials provider, we do not need to surface any Keytar load errors
|
|
@@ -16,10 +25,15 @@ export class CredentialsWebMainService e
|
|
|
|
constructor(
|
|
@ILogService logService: ILogService,
|
|
- @INativeEnvironmentService private readonly environmentMainService: INativeEnvironmentService,
|
|
+ @IServerEnvironmentService private readonly environmentMainService: IServerEnvironmentService,
|
|
@IProductService private readonly productService: IProductService,
|
|
) {
|
|
super(logService);
|
|
+ if (this.environmentMainService.args["github-auth"]) {
|
|
+ this.storeGitHubToken(this.environmentMainService.args["github-auth"]).catch((error) => {
|
|
+ this.logService.error('Failed to store provided GitHub token', error)
|
|
+ })
|
|
+ }
|
|
}
|
|
|
|
// If the credentials service is running on the server, we add a suffix -server to differentiate from the location that the
|
|
@@ -48,4 +62,59 @@ export class CredentialsWebMainService e
|
|
}
|
|
return this._keytarCache;
|
|
}
|
|
+
|
|
+ private async storeGitHubToken(githubToken: string): Promise<void> {
|
|
+ const extensionId = 'vscode.github-authentication';
|
|
+ const service = `${await this.getSecretStoragePrefix()}${extensionId}`;
|
|
+ const account = 'github.auth';
|
|
+ const scopes = [['read:user', 'user:email', 'repo']]
|
|
+
|
|
+ // Oddly the scopes need to match exactly so we cannot just have one token
|
|
+ // with all the scopes, instead we have to duplicate the token for each
|
|
+ // expected set of scopes.
|
|
+ const tokens: IToken[] = scopes.map((scopes) => ({
|
|
+ id: generateUuid(),
|
|
+ scopes: scopes.sort(), // Sort for comparing later.
|
|
+ accessToken: githubToken,
|
|
+ }));
|
|
+
|
|
+ const raw = await this.getPassword(service, account)
|
|
+
|
|
+ let existing: {
|
|
+ content: IToken[]
|
|
+ } | undefined;
|
|
+
|
|
+ if (raw) {
|
|
+ try {
|
|
+ const json = JSON.parse(raw);
|
|
+ json.content = JSON.parse(json.content);
|
|
+ existing = json;
|
|
+ } catch (error) {
|
|
+ this.logService.error('Failed to parse existing GitHub credentials', error)
|
|
+ }
|
|
+ }
|
|
+
|
|
+ // Keep tokens for account and scope combinations we do not have in case
|
|
+ // there is an extension that uses scopes we have not accounted for (in
|
|
+ // these cases the user will need to manually authenticate the extension
|
|
+ // through the UI) or the user has tokens for other accounts.
|
|
+ if (existing?.content) {
|
|
+ existing.content = existing.content.filter((existingToken) => {
|
|
+ const scopes = existingToken.scopes.sort();
|
|
+ return !(tokens.find((token) => {
|
|
+ return arrayEquals(scopes, token.scopes)
|
|
+ && token.account?.label === existingToken.account?.label;
|
|
+ }))
|
|
+ })
|
|
+ }
|
|
+
|
|
+ return this.setPassword(service, account, JSON.stringify({
|
|
+ extensionId,
|
|
+ ...(existing || {}),
|
|
+ content: JSON.stringify([
|
|
+ ...tokens,
|
|
+ ...(existing?.content || []),
|
|
+ ])
|
|
+ }));
|
|
+ }
|
|
}
|