mirror of
https://github.com/coder/code-server.git
synced 2024-12-05 07:13:06 +08:00
557247ac7a
They completely changed how auth is handled for GitHub in https://github.com/microsoft/vscode/pull/145424 so our patch may not work. Will need to test and revisit.
106 lines
3.9 KiB
Diff
106 lines
3.9 KiB
Diff
Use our own GitHub auth relay server
|
|
|
|
Microsoft's does not work with self-hosted instances so we run our own.
|
|
|
|
Also add an extra set of scopes so that tokens provided via --github-auth will
|
|
work for the PR extension.
|
|
|
|
Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
|
|
===================================================================
|
|
--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
|
|
+++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
|
|
@@ -277,7 +277,7 @@ export class WebClientServer {
|
|
id: generateUuid(),
|
|
providerId: 'github',
|
|
accessToken: this._environmentService.args['github-auth'],
|
|
- scopes: [['user:email'], ['repo']]
|
|
+ scopes: [['read:user', 'user:email', 'repo'], ['user:email'], ['repo']]
|
|
} : undefined;
|
|
const base = relativeRoot(getOriginalUrl(req))
|
|
const vscodeBase = relativePath(getOriginalUrl(req))
|
|
Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
|
|
===================================================================
|
|
--- code-server.orig/lib/vscode/src/vs/code/browser/workbench/workbench.ts
|
|
+++ code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
|
|
@@ -17,6 +17,7 @@ import { isFolderToOpen, isWorkspaceToOp
|
|
import { create, ICredentialsProvider, IURLCallbackProvider, IWorkbenchConstructionOptions, IWorkspace, IWorkspaceProvider } from 'vs/workbench/workbench.web.main';
|
|
import { posix } from 'vs/base/common/path';
|
|
import { ltrim } from 'vs/base/common/strings';
|
|
+import { equals as arrayEquals } from 'vs/base/common/arrays';
|
|
|
|
interface ICredential {
|
|
service: string;
|
|
@@ -24,6 +25,13 @@ interface ICredential {
|
|
password: string;
|
|
}
|
|
|
|
+interface IToken {
|
|
+ accessToken: string
|
|
+ account?: { label: string }
|
|
+ id: string
|
|
+ scopes: string[]
|
|
+}
|
|
+
|
|
class LocalStorageCredentialsProvider implements ICredentialsProvider {
|
|
|
|
private static readonly CREDENTIALS_STORAGE_KEY = 'credentials.provider';
|
|
@@ -51,6 +59,58 @@ class LocalStorageCredentialsProvider im
|
|
scopes,
|
|
accessToken: authSessionInfo!.accessToken
|
|
}))));
|
|
+
|
|
+ // Add tokens for extensions to use. This works for extensions like the
|
|
+ // pull requests one or GitLens.
|
|
+ const extensionId = `vscode.${authSessionInfo.providerId}-authentication`;
|
|
+ const service = `${product.urlProtocol}${extensionId}`;
|
|
+ const account = `${authSessionInfo.providerId}.auth`;
|
|
+ // Oddly the scopes need to match exactly so we cannot just have one token
|
|
+ // with all the scopes, instead we have to duplicate the token for each
|
|
+ // expected set of scopes.
|
|
+ const tokens: IToken[] = authSessionInfo.scopes.map((scopes) => ({
|
|
+ id: authSessionInfo!.id,
|
|
+ scopes: scopes.sort(), // Sort for comparing later.
|
|
+ accessToken: authSessionInfo!.accessToken,
|
|
+ }));
|
|
+ this.getPassword(service, account).then((raw) => {
|
|
+ let existing: {
|
|
+ content: IToken[]
|
|
+ } | undefined;
|
|
+
|
|
+ if (raw) {
|
|
+ try {
|
|
+ const json = JSON.parse(raw);
|
|
+ json.content = JSON.parse(json.content);
|
|
+ existing = json;
|
|
+ } catch (error) {
|
|
+ console.log(error);
|
|
+ }
|
|
+ }
|
|
+
|
|
+ // Keep tokens for account and scope combinations we do not have in case
|
|
+ // there is an extension that uses scopes we have not accounted for (in
|
|
+ // these cases the user will need to manually authenticate the extension
|
|
+ // through the UI) or the user has tokens for other accounts.
|
|
+ if (existing?.content) {
|
|
+ existing.content = existing.content.filter((existingToken) => {
|
|
+ const scopes = existingToken.scopes.sort();
|
|
+ return !(tokens.find((token) => {
|
|
+ return arrayEquals(scopes, token.scopes)
|
|
+ && token.account?.label === existingToken.account?.label;
|
|
+ }))
|
|
+ })
|
|
+ }
|
|
+
|
|
+ return this.setPassword(service, account, JSON.stringify({
|
|
+ extensionId,
|
|
+ ...(existing || {}),
|
|
+ content: JSON.stringify([
|
|
+ ...tokens,
|
|
+ ...(existing?.content || []),
|
|
+ ])
|
|
+ }));
|
|
+ })
|
|
}
|
|
}
|
|
|