code-server/patches/github-auth.diff
Asher a1af9e2a56
chore: move to patches (#4997)
* Move integration types into code-server

This will be easier to maintain than to have it as a patch.

* Disable connection token

Using a flag means we will not need to patch it out.  I think this is
new from 1.64?

* Add product.json to build process

This way we do not have to patch it.

* Ship with remote agent package.json

Instead of the root one.  This contains fewer dependencies.

* Let Code handle errors

This way we will not have to patch Code to make this work and I think it
makes sense to let Code handle the request.

If we do want to handle errors we can do it cleanly by patching their
error handler to throw instead.

* Move manifest override into code-server

This way we will not have to patch it.

* Move to patches

- Switch submodule to track upstream
- Add quilt to the process
- Add patches

The node-* ignore was ignoring one of the diffs so I removed it.  This
was added when we were curling Node as node-v{version}-darwin-x64 for
the macOS build but this no longer happens (we use the Node action to
install a specific version now so we just use the system-wide Node).

* Use pre-packaged Code
2022-03-22 15:07:14 -05:00

119 lines
4.6 KiB
Diff

Use our own GitHub auth relay server
Microsoft's does not work with self-hosted instances so we run our own.
Also add an extra set of scopes so that tokens provided via --github-auth will
work for the PR extension.
Index: code-server/lib/vscode/extensions/github-authentication/src/githubServer.ts
===================================================================
--- code-server.orig/lib/vscode/extensions/github-authentication/src/githubServer.ts
+++ code-server/lib/vscode/extensions/github-authentication/src/githubServer.ts
@@ -17,7 +17,7 @@ const localize = nls.loadMessageBundle()
const CLIENT_ID = '01ab8ac9400c4e429b23';
const NETWORK_ERROR = 'network error';
-const AUTH_RELAY_SERVER = 'vscode-auth.github.com';
+const AUTH_RELAY_SERVER = 'auth.code-server.dev';
// const AUTH_RELAY_STAGING_SERVER = 'client-auth-staging-14a768b.herokuapp.com';
class UriEventHandler extends vscode.EventEmitter<vscode.Uri> implements vscode.UriHandler {
Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
===================================================================
--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
+++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
@@ -274,7 +274,7 @@ export class WebClientServer {
id: generateUuid(),
providerId: 'github',
accessToken: this._environmentService.args['github-auth'],
- scopes: [['user:email'], ['repo']]
+ scopes: [['read:user', 'user:email', 'repo'], ['user:email'], ['repo']]
} : undefined;
const base = relativeRoot(getOriginalUrl(req))
const vscodeBase = relativePath(getOriginalUrl(req))
Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
===================================================================
--- code-server.orig/lib/vscode/src/vs/code/browser/workbench/workbench.ts
+++ code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
@@ -17,6 +17,7 @@ import { isFolderToOpen, isWorkspaceToOp
import { create, ICredentialsProvider, IURLCallbackProvider, IWorkbenchConstructionOptions, IWorkspace, IWorkspaceProvider } from 'vs/workbench/workbench.web.main';
import { posix } from 'vs/base/common/path';
import { ltrim } from 'vs/base/common/strings';
+import { equals as arrayEquals } from 'vs/base/common/arrays';
interface ICredential {
service: string;
@@ -24,6 +25,13 @@ interface ICredential {
password: string;
}
+interface IToken {
+ accessToken: string
+ account?: { label: string }
+ id: string
+ scopes: string[]
+}
+
class LocalStorageCredentialsProvider implements ICredentialsProvider {
private static readonly CREDENTIALS_STORAGE_KEY = 'credentials.provider';
@@ -51,6 +59,58 @@ class LocalStorageCredentialsProvider im
scopes,
accessToken: authSessionInfo!.accessToken
}))));
+
+ // Add tokens for extensions to use. This works for extensions like the
+ // pull requests one or GitLens.
+ const extensionId = `vscode.${authSessionInfo.providerId}-authentication`;
+ const service = `${product.urlProtocol}${extensionId}`;
+ const account = `${authSessionInfo.providerId}.auth`;
+ // Oddly the scopes need to match exactly so we cannot just have one token
+ // with all the scopes, instead we have to duplicate the token for each
+ // expected set of scopes.
+ const tokens: IToken[] = authSessionInfo.scopes.map((scopes) => ({
+ id: authSessionInfo!.id,
+ scopes: scopes.sort(), // Sort for comparing later.
+ accessToken: authSessionInfo!.accessToken,
+ }));
+ this.getPassword(service, account).then((raw) => {
+ let existing: {
+ content: IToken[]
+ } | undefined;
+
+ if (raw) {
+ try {
+ const json = JSON.parse(raw);
+ json.content = JSON.parse(json.content);
+ existing = json;
+ } catch (error) {
+ console.log(error);
+ }
+ }
+
+ // Keep tokens for account and scope combinations we do not have in case
+ // there is an extension that uses scopes we have not accounted for (in
+ // these cases the user will need to manually authenticate the extension
+ // through the UI) or the user has tokens for other accounts.
+ if (existing?.content) {
+ existing.content = existing.content.filter((existingToken) => {
+ const scopes = existingToken.scopes.sort();
+ return !(tokens.find((token) => {
+ return arrayEquals(scopes, token.scopes)
+ && token.account?.label === existingToken.account?.label;
+ }))
+ })
+ }
+
+ return this.setPassword(service, account, JSON.stringify({
+ extensionId,
+ ...(existing || {}),
+ content: JSON.stringify([
+ ...tokens,
+ ...(existing?.content || []),
+ ])
+ }));
+ })
}
}