mirror of https://github.com/coder/code-server.git
Make authentication work with sub-domain proxy
This commit is contained in:
parent
112eda4605
commit
257d9a4fa4
|
@ -1,7 +1,7 @@
|
||||||
import { Request, Router } from "express"
|
import { Request, Router } from "express"
|
||||||
import proxyServer from "http-proxy"
|
import proxyServer from "http-proxy"
|
||||||
import { HttpCode } from "../common/http"
|
import { HttpCode, HttpError } from "../common/http"
|
||||||
import { ensureAuthenticated } from "./http"
|
import { authenticated, ensureAuthenticated } from "./http"
|
||||||
|
|
||||||
export const proxy = proxyServer.createProxyServer({})
|
export const proxy = proxyServer.createProxyServer({})
|
||||||
proxy.on("error", (error, _, res) => {
|
proxy.on("error", (error, _, res) => {
|
||||||
|
@ -42,18 +42,39 @@ const maybeProxy = (req: Request): string | undefined => {
|
||||||
return undefined
|
return undefined
|
||||||
}
|
}
|
||||||
|
|
||||||
// Must be authenticated to use the proxy.
|
|
||||||
ensureAuthenticated(req)
|
|
||||||
|
|
||||||
return port
|
return port
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine if the user is browsing /, /login, or static assets and if so fall
|
||||||
|
* through to allow the redirect and login flow.
|
||||||
|
*/
|
||||||
|
const shouldFallThrough = (req: Request): boolean => {
|
||||||
|
// The ideal would be to have a reliable way to detect if this is a request
|
||||||
|
// for (or originating from) our root or login HTML. But requests for HTML
|
||||||
|
// don't seem to set any content type.
|
||||||
|
return (
|
||||||
|
req.headers["content-type"] !== "application/json" &&
|
||||||
|
((req.originalUrl.startsWith("/") && req.method === "GET") ||
|
||||||
|
(req.originalUrl.startsWith("/static") && req.method === "GET") ||
|
||||||
|
(req.originalUrl.startsWith("/login") && (req.method === "GET" || req.method === "POST")))
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
router.all("*", (req, res, next) => {
|
router.all("*", (req, res, next) => {
|
||||||
const port = maybeProxy(req)
|
const port = maybeProxy(req)
|
||||||
if (!port) {
|
if (!port) {
|
||||||
return next()
|
return next()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Must be authenticated to use the proxy.
|
||||||
|
if (!authenticated(req)) {
|
||||||
|
if (shouldFallThrough(req)) {
|
||||||
|
return next()
|
||||||
|
}
|
||||||
|
throw new HttpError("Unauthorized", HttpCode.Unauthorized)
|
||||||
|
}
|
||||||
|
|
||||||
proxy.web(req, res, {
|
proxy.web(req, res, {
|
||||||
ignorePath: true,
|
ignorePath: true,
|
||||||
target: `http://127.0.0.1:${port}${req.originalUrl}`,
|
target: `http://127.0.0.1:${port}${req.originalUrl}`,
|
||||||
|
@ -66,6 +87,9 @@ router.ws("*", (socket, head, req, next) => {
|
||||||
return next()
|
return next()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Must be authenticated to use the proxy.
|
||||||
|
ensureAuthenticated(req)
|
||||||
|
|
||||||
proxy.ws(req, socket, head, {
|
proxy.ws(req, socket, head, {
|
||||||
ignorePath: true,
|
ignorePath: true,
|
||||||
target: `http://127.0.0.1:${port}${req.originalUrl}`,
|
target: `http://127.0.0.1:${port}${req.originalUrl}`,
|
||||||
|
|
Loading…
Reference in New Issue