|
| 1 | +Use our own GitHub auth relay server |
| 2 | + |
| 3 | +Microsoft's does not work with self-hosted instances so we run our own. |
| 4 | + |
| 5 | +Also add an extra set of scopes so that tokens provided via --github-auth will |
| 6 | +work for the PR extension. |
| 7 | + |
| 8 | +Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts |
| 9 | +=================================================================== |
| 10 | +--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts |
| 11 | ++++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts |
| 12 | +@@ -277,7 +277,7 @@ export class WebClientServer { |
| 13 | + id: generateUuid(), |
| 14 | + providerId: 'github', |
| 15 | + accessToken: this._environmentService.args['github-auth'], |
| 16 | +- scopes: [['user:email'], ['repo']] |
| 17 | ++ scopes: [['read:user', 'user:email', 'repo'], ['user:email'], ['repo']] |
| 18 | + } : undefined; |
| 19 | + const base = relativeRoot(getOriginalUrl(req)) |
| 20 | + const vscodeBase = relativePath(getOriginalUrl(req)) |
| 21 | +Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts |
| 22 | +=================================================================== |
| 23 | +--- code-server.orig/lib/vscode/src/vs/code/browser/workbench/workbench.ts |
| 24 | ++++ code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts |
| 25 | +@@ -17,6 +17,7 @@ import { isFolderToOpen, isWorkspaceToOp |
| 26 | + import { create, ICredentialsProvider, IURLCallbackProvider, IWorkbenchConstructionOptions, IWorkspace, IWorkspaceProvider } from 'vs/workbench/workbench.web.main'; |
| 27 | + import { posix } from 'vs/base/common/path'; |
| 28 | + import { ltrim } from 'vs/base/common/strings'; |
| 29 | ++import { equals as arrayEquals } from 'vs/base/common/arrays'; |
| 30 | + |
| 31 | + interface ICredential { |
| 32 | + service: string; |
| 33 | +@@ -24,6 +25,13 @@ interface ICredential { |
| 34 | + password: string; |
| 35 | + } |
| 36 | + |
| 37 | ++interface IToken { |
| 38 | ++ accessToken: string |
| 39 | ++ account?: { label: string } |
| 40 | ++ id: string |
| 41 | ++ scopes: string[] |
| 42 | ++} |
| 43 | ++ |
| 44 | + class LocalStorageCredentialsProvider implements ICredentialsProvider { |
| 45 | + |
| 46 | + private static readonly CREDENTIALS_STORAGE_KEY = 'credentials.provider'; |
| 47 | +@@ -51,6 +59,58 @@ class LocalStorageCredentialsProvider im |
| 48 | + scopes, |
| 49 | + accessToken: authSessionInfo!.accessToken |
| 50 | + })))); |
| 51 | ++ |
| 52 | ++ // Add tokens for extensions to use. This works for extensions like the |
| 53 | ++ // pull requests one or GitLens. |
| 54 | ++ const extensionId = `vscode.${authSessionInfo.providerId}-authentication`; |
| 55 | ++ const service = `${product.urlProtocol}${extensionId}`; |
| 56 | ++ const account = `${authSessionInfo.providerId}.auth`; |
| 57 | ++ // Oddly the scopes need to match exactly so we cannot just have one token |
| 58 | ++ // with all the scopes, instead we have to duplicate the token for each |
| 59 | ++ // expected set of scopes. |
| 60 | ++ const tokens: IToken[] = authSessionInfo.scopes.map((scopes) => ({ |
| 61 | ++ id: authSessionInfo!.id, |
| 62 | ++ scopes: scopes.sort(), // Sort for comparing later. |
| 63 | ++ accessToken: authSessionInfo!.accessToken, |
| 64 | ++ })); |
| 65 | ++ this.getPassword(service, account).then((raw) => { |
| 66 | ++ let existing: { |
| 67 | ++ content: IToken[] |
| 68 | ++ } | undefined; |
| 69 | ++ |
| 70 | ++ if (raw) { |
| 71 | ++ try { |
| 72 | ++ const json = JSON.parse(raw); |
| 73 | ++ json.content = JSON.parse(json.content); |
| 74 | ++ existing = json; |
| 75 | ++ } catch (error) { |
| 76 | ++ console.log(error); |
| 77 | ++ } |
| 78 | ++ } |
| 79 | ++ |
| 80 | ++ // Keep tokens for account and scope combinations we do not have in case |
| 81 | ++ // there is an extension that uses scopes we have not accounted for (in |
| 82 | ++ // these cases the user will need to manually authenticate the extension |
| 83 | ++ // through the UI) or the user has tokens for other accounts. |
| 84 | ++ if (existing?.content) { |
| 85 | ++ existing.content = existing.content.filter((existingToken) => { |
| 86 | ++ const scopes = existingToken.scopes.sort(); |
| 87 | ++ return !(tokens.find((token) => { |
| 88 | ++ return arrayEquals(scopes, token.scopes) |
| 89 | ++ && token.account?.label === existingToken.account?.label; |
| 90 | ++ })) |
| 91 | ++ }) |
| 92 | ++ } |
| 93 | ++ |
| 94 | ++ return this.setPassword(service, account, JSON.stringify({ |
| 95 | ++ extensionId, |
| 96 | ++ ...(existing || {}), |
| 97 | ++ content: JSON.stringify([ |
| 98 | ++ ...tokens, |
| 99 | ++ ...(existing?.content || []), |
| 100 | ++ ]) |
| 101 | ++ })); |
| 102 | ++ }) |
| 103 | + } |
| 104 | + } |
| 105 | + |
0 commit comments