We are trying to update Express to fix a vulnerability.
We would have to update the plugins as well, but since we are no longer
using the plugin system, we can just delete it instead.
* Update Code to 1.94.2
* Convert from yarn to npm
This is to match VS Code. We were already partially using npm for the
releases so this is some nice alignment.
* Update caniuse-lite
This was complaining on every unit test.
* Update eslint
I was having a bunch of dependency conflicts and eslint seemed to be the
culprit so I just removed it and set it up again, since it seems things
have changed quite a bit.
* Update test dependencies
I was getting oom when running the unit tests...updating seems to work.
* Remove package.json `scripts` property in release
The new pre-install script was being included, which is dev-only.
This was always the intent; did not realize jq's merge was recursive.
* Remove jest and devDependencies in release as well
* Update test extension dependencies
This appears to be conflicting with the root dependencies.
* Fix playwright exec
npm does not let you run binaries like yarn does, as far as I know.
* Fix import of server-main.js
* Fix several tests by waiting for selectors
* Update VS Code to 1.92.2
* Use server-main.js to load VS Code
It looks like the bootstrap files are now bundled so we can no longer
require them. We could make them included again, but maybe it is better
to go through the main entrypoint anyway because it includes some nls
stuff which is maybe necessary.
This also fixes what looks like a bug where we could create two servers
if two requests came in. I am not sure what the practical consequences
of that would be, but it will no longer do that.
* Drop es2020 patch
Unfortunately, VS Code will not load with this. It seems to be because
`this` is being used in static properties, and it becomes `void 0` for
some reason under the es2020 target. For example:
static PREFIX_BY_CATEGORY = `${this.PREFIX}${this.SCOPE_PREFIX}`;
becomes
AbstractGotoSymbolQuickAccessProvider.PREFIX_BY_CATEGORY = `${(void 0).PREFIX}${(void 0).SCOPE_PREFIX}`;
Which, obviously, will not work.
Older versions of Safari (and maybe other browsers) are likely affected.
* Fix display language
* Update Playwright
I think maybe because of the dropped es2020 patch that Webkit is now
failing because it is too old.
* Do not wait for networkidle in e2e tests
I am not sure what is going on but some tests on Webkit are timing out
and it seems the page is loaded but something is still trying to
download. Not good, but for now try to at least get the tests passing.
It seems that * matches a literal * now, so we have to use a regular
expression.
Parentheses around a parameter no longer works (it causes it to match on
the parameter name literally) and I am not sure why we had it anyway as
it had no effect previously.
Matching with a leading / does not appear to work either, but we do not
need the leading / anyway since the proxy logic was changed to use the
whole path. Consequently it will never be / anymore from what I can
tell but I left that check in just in case. I turned it into a named
parameter as well, because that seems better.
Since the release of code-server v4.17.0 (Code 1.82), "Command Center" has become a default option. However, the current code-server PWA app lacks support for the Windows control overlay, resulting in an untidy appearance of the title bar. This commit introduces modifications to the manifest file to enable support for the window control overlay.
The tilde is ambiguous and it can be helpful to know exactly what paths
code-server is trying to use, especially if it is running as a different
user than you expected.
* Move splitOnFirstEquals to util
I will be making use of this to parse the forwarded header.
* Type splitOnFirstEquals with two items
Also add some test cases.
* Check origin header on web sockets
* Update changelog with origin check
* Fix web sockets not closing with error code
This does not seem to actually cause an issue (not resolving ends up
with the same behavior as resolving with false) but I am not sure if the
hanging promises would be a memory leak so seems best to fix.
* feat: add i18n in login page
* fix: add word space and put the app name into the title
* fix: remove duplicate replace title
* fix: prettier format code
* fix: fix typescript check warning
* fix: add zh-cn locale file code owner
* fix: use existing flag locale to the login page
Co-authored-by: Joe Previte <jjprevite@gmail.com>
* add customization options for the login page
* add unit tests
* add test for correct welcome text when none is set but app-name is
Signed-off-by: niwla23 <46248939+niwla23@users.noreply.github.com>
* add test for no app-name set and check in title too
Signed-off-by: niwla23 <46248939+niwla23@users.noreply.github.com>
Signed-off-by: niwla23 <46248939+niwla23@users.noreply.github.com>
Co-authored-by: Joe Previte <jjprevite@gmail.com>
`proxy` should `await` for result of `authenticated` call otherwise since otherwise it will always appear to be authenticated as the promise is truthy.
Co-authored-by: Asher <ash@coder.com>
* Update Node types to 16
* Update Express core types
Fixes a number of conflicts it has with Node 16.
* Fix websocket router types
It seems req was `any` before so now we have to handle the types. Also
it seems the socket is of type `stream.Duplex`, not `net.Socket`.
The ws types had to be updated to support the new type.
Unfortunately Code still uses the old type so cast for now.
In the web socket router just use a cast for the extra properties we
add. We could add the types to the Express namespace but I am not sure
we really want these commonly accessible so keep with the casts for now.
Likely we should use Express's `locals` or something instead.
* Add missing return
Not sure why it only just now started complaining though.
Co-authored-by: Asher <ash@coder.com>
* chore: update Code to 1.67
Was able to remove our changes to common/webview.ts since they are
upstream now.
Other than that no serious changes, just context diffs.
* chore: update Code to 1.68
- Upstream moved the web socket endpoint so change the Express route
from / to *. That will let web sockets work at any endpoint.
- Everything in the workbench config is basically the same but
de-indented (upstream extracted it into a separate object which
resulted in a de-indent), the ordering is slightly different, and
instead of vscodeBase we now need vscodeBase + this._staticRoute since
everything is served from a sub-path now.
- Move manifest link back to the root since that is where we host our
manifest.
- Change RemoteAuthoritiesImpl to use the same path building method as
in other places (+ instead of using URI.parse/join).
- Use existing host/port in RemoteAuthoritiesImpl and
BrowserSocketFactory instead of patching them to use window.location
(these are set from window.location to begin with so it should be the
same result but with less patching).
- Since BrowserSocketFactory includes a sub-path now (endpoints were
changed upstream to serve from /quality/commit instead of from the
root) the patch there has changed to prepend the base to that
path (instead of using the base directly).
- The workbench HTML now natively supports a base URL in the form of
WORKBENCH_WEB_BASE_URL so no need for VS_BASE patches there anymore.
- Upstream added type="image/x-icon" so I did as well.
- Move the language patch to the end of the series so it is easier to
eventually remove.
- Remove the existing NLS config in favor of one that supports
extensions.
- Upstream deleted webview main.js and inlined it into the HTML so move
that code (the parent origin check) into both those HTML files
(index.html and index-no-csp.html).
- The remaining diff is from changes to the surrounding context or a
line was changed slightly by upstream (for example renamed files or
new arguments like to the remote authority resolver).
* fix: modify product.json before building
Code injects this into the client during the build process so it needs
to be updated before we build.
* fix: update inline script nonces
* Update HTML base path test
* fix: missing commit
Code overrides it with nothing.
The date is also already injected.
* fix: web extensions breaking when the commit changes
By just using the marketplace directly instead of going through the
backend. I am not sure what the point is when searching extensions
already goes directly to the marketplace anyway.
But also remove the prefix that breaks this as well because otherwise
existing installations will break.
* feat: set up new test for beat twice
* refactor: make Heart.beat() async
This allows us to properly await heart.beat() in our tests and remove
the HACK I added before.
* refactor: bind heart methods .beat and .alive
This allows the functions to maintain access to the Heart instance (or
`this`) even when they are passed to other functions. We do this because
we pass both `isActive` and `beat` to `heartbeatTimer`.
* feat(heart): add test to ensure no warnings called
* fixup!: revert setTimeout for heartbeatTimer
* fixup!: return promise in beat
* Move integration types into code-server
This will be easier to maintain than to have it as a patch.
* Disable connection token
Using a flag means we will not need to patch it out. I think this is
new from 1.64?
* Add product.json to build process
This way we do not have to patch it.
* Ship with remote agent package.json
Instead of the root one. This contains fewer dependencies.
* Let Code handle errors
This way we will not have to patch Code to make this work and I think it
makes sense to let Code handle the request.
If we do want to handle errors we can do it cleanly by patching their
error handler to throw instead.
* Move manifest override into code-server
This way we will not have to patch it.
* Move to patches
- Switch submodule to track upstream
- Add quilt to the process
- Add patches
The node-* ignore was ignoring one of the diffs so I removed it. This
was added when we were curling Node as node-v{version}-darwin-x64 for
the macOS build but this no longer happens (we use the Node action to
install a specific version now so we just use the system-wide Node).
* Use pre-packaged Code
* Move Code to a submodule
Closes#4901.
* Base Code cache on hash and re-enable node_modules cache
The current setup appears to only rebuild VS Code if the dependencies
change but we need to rebuild it if anything changes.
I also re-enabled the commented out node_modules caches. They look like
they should work to me with the submodule method. I think the problem
occurred because Code itself was being installed in the yarn step.
* refactor: remove folder/workspace from vsCodeCliArgs
Since we handle this in the vscode.ts route, we no longer need to pass it to VS
Code as a CLI arg since it's deprecated on that side.
* feat(vscode): redirect to folder from cli
* Update src/node/routes/vscode.ts
Co-authored-by: Asher <ash@coder.com>
* fixup!: update _: type
* fixup!: move vars to lower if block
* fixup!: share redirect block
* fixup!: mmove req.query.ew block into if
* fixup!: refactor vscode tests
* refactor: make vscode.ts logic easier to read
* fixup!: fix broken tests and clean up logic
* chore: upgrade vscode version
* fixup!: delete unnecessary if closed block
* Update src/node/routes/vscode.ts
Co-authored-by: Asher <ash@coder.com>
* fixup!: rename to FOLDER_OR_WORKSPACE_WAS_CLOSED
Co-authored-by: Asher <ash@coder.com>
* Disable BROWSER env var
Right now the browser helper script does not actually work. It seems
safer to skip this until we can fix it.
* Bump to 4.0.2
* Update changelog for 4.0.2
* Implement last opened functionality
Fixes https://github.com/cdr/code-server/issues/4619
* Fix test temp dirs not being cleaned up
* Mock logger everywhere
This suppresses all the error and debug output we generate which makes
it hard to actually find which test has failed. It also gives us a
standard way to test logging for the few places we do that.
* Use separate data directories for unit test instances
Exactly as we do for the e2e tests.
* Add integration tests for vscode route
* Make settings use --user-data-dir
Without this test instances step on each other feet and they also
clobber your own non-test settings.
* Make redirects consistent
They will preserve the trailing slash if there is one.
* Remove compilation check
If you do a regular non-watch build there are no compilation stats so
this bricks VS Code in CI when running the unit tests.
I am not sure how best to fix this for the case where you have a build
that has not been packaged yet so I just removed it for now and added a
message to check if VS Code is compiling when in dev mode.
* Update code-server update endpoint name
The problem before was that the pop() caused the open in existing
instance functionality to break because the arguments no longer
contained the file.
We could simply remove the pop() but since `workspace` and `folder` are
not CLI arguments I think it makes sense to handle them in a separate
function which can be called at the point where they are needed. This
also lets us de-duplicate some logic since we create these arguments in
two spots and lets us skip this logic when we do not need it.
The pop() is still avoided because manipulating a passed-in object
in-place seems like a risky move. If we really need to do this we
should copy the positional argument array instead.
* Add tests for relativeRoot
* Remove path.posix.join
Since this is for file system paths it feels incorrect to use it on
URL paths as they are different in many ways.
* Rewrite cookie path logic
Before we relied on the client to resolve the base given to it by the
backend against the path.
Instead have the client pass that information along so we can resolve it
on the backend. This means the client has to do less work.
* Do not remove out directory before watch
This is re-used for incremental compilation.
Also remove del since that was the only use (and we can use fs.rmdir in
the future if we need something like this).
* Remove unused function resolveBase
* Fix issue where HTTP error status codes are not read.
* Fix issues surrounding sessions when accessed from a proxy.
- Updated vscode args to match latest upstream.
- Fixed issues surrounding trailing slashes affecting base paths.
- Updated cookie names to better match upstream's usage, debuggability.
* Bump vendor.
* Update tests.
* Fix issue where tests lack cookie key.
Co-authored-by: Asher <ash@coder.com>
