From 10b3028196192607dab139ea01b58b94a2336eae Mon Sep 17 00:00:00 2001
From: Anmol Sethi <hi@nhooyr.io>
Date: Fri, 30 Oct 2020 04:13:22 -0400
Subject: [PATCH] util: Generate self signed certificate into data directory

Closes #1778
---
 doc/FAQ.md        |  3 +++
 src/node/entry.ts |  2 +-
 src/node/util.ts  | 18 ++++++++++--------
 3 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/doc/FAQ.md b/doc/FAQ.md
index 370dd6660..694a07229 100644
--- a/doc/FAQ.md
+++ b/doc/FAQ.md
@@ -144,6 +144,9 @@ For HTTPS, you can use a self signed certificate by passing in just `--cert` or
 pass in an existing certificate by providing the path to `--cert` and the path to
 the key with `--cert-key`.
 
+The self signed certificate will be generated into
+`~/.local/share/code-server/self-signed.cert`.
+
 If `code-server` has been passed a certificate it will also respond to HTTPS
 requests and will redirect all HTTP requests to HTTPS.
 
diff --git a/src/node/entry.ts b/src/node/entry.ts
index 96db046e2..3fbbb4cf1 100644
--- a/src/node/entry.ts
+++ b/src/node/entry.ts
@@ -209,7 +209,7 @@ const main = async (args: Args, configArgs: Args): Promise<void> => {
     logger.info(
       args.cert && args.cert.value
         ? `  - Using provided certificate and key for HTTPS`
-        : `  - Using generated certificate and key for HTTPS`,
+        : `  - Using generated certificate and key for HTTPS: ${humanPath(options.cert)}`,
     )
   } else {
     logger.info("  - Not serving HTTPS")
diff --git a/src/node/util.ts b/src/node/util.ts
index 75122fe76..ee1e85be9 100644
--- a/src/node/util.ts
+++ b/src/node/util.ts
@@ -55,11 +55,10 @@ export function humanPath(p?: string): string {
 }
 
 export const generateCertificate = async (): Promise<{ cert: string; certKey: string }> => {
-  const paths = {
-    cert: path.join(tmpdir, "self-signed.cert"),
-    certKey: path.join(tmpdir, "self-signed.key"),
-  }
-  const checks = await Promise.all([fs.pathExists(paths.cert), fs.pathExists(paths.certKey)])
+  const certPath = path.join(paths.data, "self-signed.cert")
+  const certKeyPath = path.join(paths.data, "self-signed.key")
+
+  const checks = await Promise.all([fs.pathExists(certPath), fs.pathExists(certKeyPath)])
   if (!checks[0] || !checks[1]) {
     // Require on demand so openssl isn't required if you aren't going to
     // generate certificates.
@@ -69,10 +68,13 @@ export const generateCertificate = async (): Promise<{ cert: string; certKey: st
         return error ? reject(error) : resolve(result)
       })
     })
-    await fs.mkdirp(tmpdir)
-    await Promise.all([fs.writeFile(paths.cert, certs.certificate), fs.writeFile(paths.certKey, certs.serviceKey)])
+    await fs.mkdirp(paths.data)
+    await Promise.all([fs.writeFile(certPath, certs.certificate), fs.writeFile(certKeyPath, certs.serviceKey)])
+  }
+  return {
+    cert: certPath,
+    certKey: certKeyPath,
   }
-  return paths
 }
 
 export const generatePassword = async (length = 24): Promise<string> => {