Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
microsoft
GitHub Repository: microsoft/vscode
 Path: blob/main/extensions/github-authentication/src/node/authServer.ts
5223 views
1
/*---------------------------------------------------------------------------------------------

2
 *  Copyright (c) Microsoft Corporation. All rights reserved.

3
 *  Licensed under the MIT License. See License.txt in the project root for license information.

4
 *--------------------------------------------------------------------------------------------*/

5
import * as http from 'http';

6
import { URL } from 'url';

7
import * as fs from 'fs';

8
import * as path from 'path';

9
import { randomBytes } from 'crypto';

10
import { env } from 'vscode';

11


12
function sendFile(res: http.ServerResponse, filepath: string) {

13
	const isSvg = filepath.endsWith('.svg');

14
	fs.readFile(filepath, (err, body) => {

15
		if (err) {

16
			console.error(err);

17
			res.writeHead(404);

18
			res.end();

19
		} else {

20
			if (isSvg) {

21
				// SVGs need to be served with the correct content type

22
				res.setHeader('Content-Type', 'image/svg+xml');

23
			}

24
			res.setHeader('content-length', body.length);

25
			res.writeHead(200);

26
			res.end(body);

27
		}

28
	});

29
}

30


31
interface IOAuthResult {

32
	code: string;

33
	state: string;

34
}

35


36
interface ILoopbackServer {

37
	/**

38
	 * If undefined, the server is not started yet.

39
	 */

40
	port: number | undefined;

41


42
	/**

43
	 * The nonce used

44
	 */

45
	nonce: string;

46


47
	/**

48
	 * The state parameter used in the OAuth flow.

49
	 */

50
	state: string | undefined;

51


52
	/**

53
	 * Starts the server.

54
	 * @returns The port to listen on.

55
	 * @throws If the server fails to start.

56
	 * @throws If the server is already started.

57
	 */

58
	start(): Promise<number>;

59
	/**

60
	 * Stops the server.

61
	 * @throws If the server is not started.

62
	 * @throws If the server fails to stop.

63
	 */

64
	stop(): Promise<void>;

65
	/**

66
	 * Returns a promise that resolves to the result of the OAuth flow.

67
	 */

68
	waitForOAuthResponse(): Promise<IOAuthResult>;

69
}

70


71
export class LoopbackAuthServer implements ILoopbackServer {

72
	private readonly _server: http.Server;

73
	private readonly _resultPromise: Promise<IOAuthResult>;

74
	private _startingRedirect: URL;

75


76
	public nonce = randomBytes(16).toString('base64');

77
	public port: number | undefined;

78


79
	public set state(state: string | undefined) {

80
		if (state) {

81
			this._startingRedirect.searchParams.set('state', state);

82
		} else {

83
			this._startingRedirect.searchParams.delete('state');

84
		}

85
	}

86
	public get state(): string | undefined {

87
		return this._startingRedirect.searchParams.get('state') ?? undefined;

88
	}

89


90
	constructor(serveRoot: string, startingRedirect: string, callbackUri: string, isPortable: boolean) {

91
		if (!serveRoot) {

92
			throw new Error('serveRoot must be defined');

93
		}

94
		if (!startingRedirect) {

95
			throw new Error('startingRedirect must be defined');

96
		}

97
		this._startingRedirect = new URL(startingRedirect);

98
		let deferred: { resolve: (result: IOAuthResult) => void; reject: (reason: any) => void };

99
		this._resultPromise = new Promise<IOAuthResult>((resolve, reject) => deferred = { resolve, reject });

100


101
		const appNameQueryParam = `&app_name=${encodeURIComponent(env.appName)}`;

102
		this._server = http.createServer((req, res) => {

103
			const reqUrl = new URL(req.url!, `http://${req.headers.host}`);

104
			switch (reqUrl.pathname) {

105
				case '/signin': {

106
					const receivedNonce = (reqUrl.searchParams.get('nonce') ?? '').replace(/ /g, '+');

107
					if (receivedNonce !== this.nonce) {

108
						res.writeHead(302, { location: `/?error=${encodeURIComponent('Nonce does not match.')}${appNameQueryParam}` });

109
						res.end();

110
					}

111
					res.writeHead(302, { location: this._startingRedirect.toString() });

112
					res.end();

113
					break;

114
				}

115
				case '/callback': {

116
					const code = reqUrl.searchParams.get('code') ?? undefined;

117
					const state = reqUrl.searchParams.get('state') ?? undefined;

118
					const nonce = (reqUrl.searchParams.get('nonce') ?? '').replace(/ /g, '+');

119
					if (!code || !state || !nonce) {

120
						res.writeHead(400);

121
						res.end();

122
						return;

123
					}

124
					if (this.state !== state) {

125
						res.writeHead(302, { location: `/?error=${encodeURIComponent('State does not match.')}${appNameQueryParam}` });

126
						res.end();

127
						throw new Error('State does not match.');

128
					}

129
					if (this.nonce !== nonce) {

130
						res.writeHead(302, { location: `/?error=${encodeURIComponent('Nonce does not match.')}${appNameQueryParam}` });

131
						res.end();

132
						throw new Error('Nonce does not match.');

133
					}

134
					deferred.resolve({ code, state });

135
					if (isPortable) {

136
						res.writeHead(302, { location: `/?app_name=${encodeURIComponent(env.appName)}` });

137
					} else {

138
						res.writeHead(302, { location: `/?redirect_uri=${encodeURIComponent(callbackUri)}${appNameQueryParam}` });

139
					}

140
					res.end();

141
					break;

142
				}

143
				// Serve the static files

144
				case '/':

145
					sendFile(res, path.join(serveRoot, 'index.html'));

146
					break;

147
				default:

148
					// substring to get rid of leading '/'

149
					sendFile(res, path.join(serveRoot, reqUrl.pathname.substring(1)));

150
					break;

151
			}

152
		});

153
	}

154


155
	public start(): Promise<number> {

156
		return new Promise<number>((resolve, reject) => {

157
			if (this._server.listening) {

158
				throw new Error('Server is already started');

159
			}

160
			const portTimeout = setTimeout(() => {

161
				reject(new Error('Timeout waiting for port'));

162
			}, 5000);

163
			this._server.on('listening', () => {

164
				const address = this._server.address();

165
				if (typeof address === 'string') {

166
					this.port = parseInt(address);

167
				} else if (address instanceof Object) {

168
					this.port = address.port;

169
				} else {

170
					throw new Error('Unable to determine port');

171
				}

172


173
				clearTimeout(portTimeout);

174


175
				// set state which will be used to redirect back to vscode

176
				this.state = `http://127.0.0.1:${this.port}/callback?nonce=${encodeURIComponent(this.nonce)}`;

177


178
				resolve(this.port);

179
			});

180
			this._server.on('error', err => {

181
				reject(new Error(`Error listening to server: ${err}`));

182
			});

183
			this._server.on('close', () => {

184
				reject(new Error('Closed'));

185
			});

186
			this._server.listen(0, '127.0.0.1');

187
		});

188
	}

189


190
	public stop(): Promise<void> {

191
		return new Promise<void>((resolve, reject) => {

192
			if (!this._server.listening) {

193
				throw new Error('Server is not started');

194
			}

195
			this._server.close((err) => {

196
				if (err) {

197
					reject(err);

198
				} else {

199
					resolve();

200
				}

201
			});

202
		});

203
	}

204


205
	public waitForOAuthResponse(): Promise<IOAuthResult> {

206
		return this._resultPromise;

207
	}

208
}

209


210