From 517aaf71c5f3fb377e6f9f047833eb027cb002d1 Mon Sep 17 00:00:00 2001 From: Joe Previte Date: Thu, 3 Jun 2021 11:27:59 -0700 Subject: [PATCH] docs: update FAQ with new hashing instructions --- docs/FAQ.md | 75 ++++++++++++++++++++++--------------------- src/node/http.ts | 3 +- test/unit/cli.test.ts | 2 +- 3 files changed, 41 insertions(+), 39 deletions(-) diff --git a/docs/FAQ.md b/docs/FAQ.md index 9f86bb3a7..0e11308d9 100644 --- a/docs/FAQ.md +++ b/docs/FAQ.md @@ -2,38 +2,39 @@ # FAQ -- [Questions?](#questions) -- [iPad Status?](#ipad-status) -- [Community Projects (awesome-code-server)](#community-projects-awesome-code-server) -- [How can I reuse my VS Code configuration?](#how-can-i-reuse-my-vs-code-configuration) -- [Differences compared to VS Code?](#differences-compared-to-vs-code) - - [Installing an extension](#installing-an-extension) -- [How can I request a missing extension?](#how-can-i-request-a-missing-extension) -- [Installing an extension manually](#installing-an-extension-manually) -- [How do I configure the marketplace URL?](#how-do-i-configure-the-marketplace-url) -- [Where are extensions stored?](#where-are-extensions-stored) -- [How is this different from VS Code Codespaces?](#how-is-this-different-from-vs-code-codespaces) -- [How should I expose code-server to the internet?](#how-should-i-expose-code-server-to-the-internet) -- [Can I store my password hashed?](#can-i-store-my-password-hashed) -- [How do I securely access web services?](#how-do-i-securely-access-web-services) - - [Sub-paths](#sub-paths) - - [Sub-domains](#sub-domains) -- [Why does the code-server proxy strip `/proxy/` from the request path?](#why-does-the-code-server-proxy-strip-proxyport-from-the-request-path) - - [Proxying to Create React App](#proxying-to-create-react-app) -- [Multi-tenancy](#multi-tenancy) -- [Docker in code-server container?](#docker-in-code-server-container) -- [How can I disable telemetry?](#how-can-i-disable-telemetry) -- [How does code-server decide what workspace or folder to open?](#how-does-code-server-decide-what-workspace-or-folder-to-open) -- [How do I debug issues with code-server?](#how-do-i-debug-issues-with-code-server) -- [Heartbeat File](#heartbeat-file) -- [Healthz endpoint](#healthz-endpoint) -- [How does the config file work?](#how-does-the-config-file-work) -- [Isn't an install script piped into sh insecure?](#isnt-an-install-script-piped-into-sh-insecure) -- [How do I make my keyboard shortcuts work?](#how-do-i-make-my-keyboard-shortcuts-work) -- [How do I access my Documents/Downloads/Desktop folders in code-server on OSX?](#how-do-i-access-my-documentsdownloadsdesktop-folders-in-code-server-on-osx) -- [Differences compared to Theia?](#differences-compared-to-theia) -- [`$HTTP_PROXY`, `$HTTPS_PROXY`, `$NO_PROXY`](#http_proxy-https_proxy-no_proxy) -- [Enterprise](#enterprise) +- [FAQ](#faq) + - [Questions?](#questions) + - [iPad Status?](#ipad-status) + - [Community Projects (awesome-code-server)](#community-projects-awesome-code-server) + - [How can I reuse my VS Code configuration?](#how-can-i-reuse-my-vs-code-configuration) + - [Differences compared to VS Code?](#differences-compared-to-vs-code) + - [Installing an extension](#installing-an-extension) + - [How can I request a missing extension?](#how-can-i-request-a-missing-extension) + - [Installing an extension manually](#installing-an-extension-manually) + - [How do I configure the marketplace URL?](#how-do-i-configure-the-marketplace-url) + - [Where are extensions stored?](#where-are-extensions-stored) + - [How is this different from VS Code Codespaces?](#how-is-this-different-from-vs-code-codespaces) + - [How should I expose code-server to the internet?](#how-should-i-expose-code-server-to-the-internet) + - [Can I store my password hashed?](#can-i-store-my-password-hashed) + - [How do I securely access web services?](#how-do-i-securely-access-web-services) + - [Sub-paths](#sub-paths) + - [Sub-domains](#sub-domains) + - [Why does the code-server proxy strip `/proxy/` from the request path?](#why-does-the-code-server-proxy-strip-proxyport-from-the-request-path) + - [Proxying to Create React App](#proxying-to-create-react-app) + - [Multi-tenancy](#multi-tenancy) + - [Docker in code-server container?](#docker-in-code-server-container) + - [How can I disable telemetry?](#how-can-i-disable-telemetry) + - [How does code-server decide what workspace or folder to open?](#how-does-code-server-decide-what-workspace-or-folder-to-open) + - [How do I debug issues with code-server?](#how-do-i-debug-issues-with-code-server) + - [Heartbeat File](#heartbeat-file) + - [Healthz endpoint](#healthz-endpoint) + - [How does the config file work?](#how-does-the-config-file-work) + - [Isn't an install script piped into sh insecure?](#isnt-an-install-script-piped-into-sh-insecure) + - [How do I make my keyboard shortcuts work?](#how-do-i-make-my-keyboard-shortcuts-work) + - [How do I access my Documents/Downloads/Desktop folders in code-server on OSX?](#how-do-i-access-my-documentsdownloadsdesktop-folders-in-code-server-on-osx) + - [Differences compared to Theia?](#differences-compared-to-theia) + - [`$HTTP_PROXY`, `$HTTPS_PROXY`, `$NO_PROXY`](#http_proxy-https_proxy-no_proxy) + - [Enterprise](#enterprise) @@ -205,17 +206,19 @@ Again, please follow [./guide.md](./guide.md) for our recommendations on setting Yes you can! Set the value of `hashed-password` instead of `password`. Generate the hash with: -``` -printf "thisismypassword" | sha256sum | cut -d' ' -f1 +```shell +echo -n "password" | npx argon2-cli -e +$argon2i$v=19$m=4096,t=3,p=1$wst5qhbgk2lu1ih4dmuxvg$ls1alrvdiwtvzhwnzcm1dugg+5dto3dt1d5v9xtlws4 + ``` -Of course replace `thisismypassword` with your actual password. +Of course replace `thisismypassword` with your actual password and **remember to put it inside quotes**! Example: ```yaml auth: password -hashed-password: 1da9133ab9dbd11d2937ec8d312e1e2569857059e73cc72df92e670928983ab5 # You got this from the command above +hashed-password: "$argon2i$v=19$m=4096,t=3,p=1$wST5QhBgk2lu1ih4DMuxvg$LS1alrVdIWtvZHwnzCM1DUGg+5DTO3Dt1d5v9XtLws4" ``` ## How do I securely access web services? diff --git a/src/node/http.ts b/src/node/http.ts index 298e94287..c907dd928 100644 --- a/src/node/http.ts +++ b/src/node/http.ts @@ -2,13 +2,12 @@ import { field, logger } from "@coder/logger" import * as express from "express" import * as expressCore from "express-serve-static-core" import qs from "qs" -import safeCompare from "safe-compare" import { HttpCode, HttpError } from "../common/http" import { normalize, Options } from "../common/util" import { AuthType, DefaultedArgs } from "./cli" import { commit, rootPath } from "./constants" import { Heart } from "./heart" -import { getPasswordMethod, handlePasswordValidation, IsCookieValidArgs, isCookieValid, isHashMatch } from "./util" +import { getPasswordMethod, IsCookieValidArgs, isCookieValid } from "./util" declare global { // eslint-disable-next-line @typescript-eslint/no-namespace diff --git a/test/unit/cli.test.ts b/test/unit/cli.test.ts index 340b1d796..e8164222e 100644 --- a/test/unit/cli.test.ts +++ b/test/unit/cli.test.ts @@ -305,7 +305,7 @@ describe("parser", () => { }) }) - it.only("should use env var hashed password", async () => { + it("should use env var hashed password", async () => { process.env.HASHED_PASSWORD = "$argon2i$v=19$m=4096,t=3,p=1$0qR/o+0t00hsbJFQCKSfdQ$oFcM4rL6o+B7oxpuA4qlXubypbBPsf+8L531U7P9HYY" // test const args = parse([])