Force certificates

This commit is contained in:
Kyle Carberry 2019-02-28 14:34:54 -06:00
parent e8174095ca
commit 43048c6d12
No known key found for this signature in database
GPG key ID: A0409BDB6B0B3EDB
3 changed files with 42 additions and 15 deletions

View file

@ -3,14 +3,14 @@
<head>
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1">
<title>Coder</title>
<title>Authenticate: code-server</title>
</head>
<body>
<div class="login">
<div class="back">
<- Back </div>
<!-- <h4 class="title">AWS Cloud</h4> -->
<h4 class="title">code-server</h4>
<h2 class="subtitle">
Enter server password
</h2>

View file

@ -1,5 +1,6 @@
import * as fs from "fs";
import * as path from "path";
import * as os from "os";
import { isCli, buildDir } from "./constants";
declare var __non_webpack_require__: typeof require;
@ -19,7 +20,7 @@ export const setup = (dataDirectory: string): void => {
}
return currentDir;
}); // Might need path.sep here for linux. Having it for windows causes an error because \C:\Users ...
}, os.platform() === "win32" ? undefined! : path.sep); // Might need path.sep here for linux. Having it for windows causes an error because \C:\Users ...
const unpackModule = (moduleName: string): void => {
const memFile = path.join(isCli ? buildDir! : path.join(__dirname, ".."), "build/dependencies", moduleName);

View file

@ -86,6 +86,18 @@ export const createApp = async (options: CreateAppOptions): Promise<{
options.registerMiddleware(app);
}
interface CertificateInfo {
readonly key: string;
// tslint:disable-next-line:no-any
readonly cert: any;
}
const certs = await new Promise<CertificateInfo>(async (resolve, reject): Promise<void> => {
const selfSignedKeyPath = path.join(options.serverOptions!.dataDirectory, "self-signed.key");
const selfSignedCertPath = path.join(options.serverOptions!.dataDirectory, "self-signed.cert");
if (!fs.existsSync(selfSignedKeyPath) || !fs.existsSync(selfSignedCertPath)) {
try {
const certs = await new Promise<pem.CertificateCreationResult>((res, rej): void => {
pem.createCertificate({
selfSigned: true,
@ -100,10 +112,20 @@ export const createApp = async (options: CreateAppOptions): Promise<{
});
});
const server = httpolyglot.createServer({
key: certs.serviceKey,
cert: certs.certificate,
}, app) as http.Server;
fs.writeFileSync(selfSignedKeyPath, certs.serviceKey);
fs.writeFileSync(selfSignedCertPath, certs.certificate);
} catch (ex) {
return reject(ex);
}
}
resolve({
cert: fs.readFileSync(selfSignedCertPath).toString(),
key: fs.readFileSync(selfSignedKeyPath).toString(),
});
});
const server = httpolyglot.createServer(options.httpsOptions || certs, app) as http.Server;
const wss = new ws.Server({ server });
wss.shouldHandle = (req): boolean => {
@ -161,6 +183,10 @@ export const createApp = async (options: CreateAppOptions): Promise<{
const authStaticFunc = expressStaticGzip(path.join(baseDir, "build/web/auth"));
const unauthStaticFunc = expressStaticGzip(path.join(baseDir, "build/web/unauth"));
app.use((req, res, next) => {
if (!isEncrypted(req.socket)) {
return res.redirect(301, `https://${req.headers.host!}${req.path}`);
}
if (isAuthed(req)) {
// We can serve the actual VSCode bin
authStaticFunc(req, res, next);