Skip to content

Handle Gateway links #289

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 14 commits into from
Aug 18, 2023
Merged

Handle Gateway links #289

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
bc0ce3f
Break connection code out into separate class
code-asher Aug 3, 2023
8d60046
Break out askToken dialog
code-asher Aug 3, 2023
77787a8
Add generic function to ask for input
code-asher Aug 7, 2023
e20d503
Add QUERY token source and show deployment host
code-asher Aug 7, 2023
78a8df4
Tweak client error responses
code-asher Aug 7, 2023
5569d46
Use exception class name when there is no message
code-asher Aug 7, 2023
809f5b2
Handle Gateway links
code-asher Aug 3, 2023
153a48e
Fix If-None-Match header name
code-asher Aug 16, 2023
b654ace
Use active voice
code-asher Aug 16, 2023
aa453f4
Automatically use token on disk if there is one
code-asher Aug 16, 2023
2d27c46
Use only agent if none provided
code-asher Aug 16, 2023
64fe78f
Confirm download link if not whitelisted
code-asher Aug 17, 2023
64cf76d
s/whitelist/allowlist
code-asher Aug 18, 2023
e0b8293
Remove deployment host
code-asher Aug 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
s/whitelist/allowlist
  • Loading branch information
@code-asher
code-asher committed Aug 18, 2023
commit 64cf76d3ade9f5faa2e7abc10e625e4bac9a47ea
16 changes: 8 additions & 8 deletions src/main/kotlin/com/coder/gateway/CoderGatewayConnectionProvider.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ class CoderGatewayConnectionProvider : GatewayConnectionProvider {
}

// Check that both the domain and the redirected domain are
// whitelisted. If not, check with the user whether to proceed.
// allowlisted. If not, check with the user whether to proceed.
verifyDownloadLink(parameters, deploymentURL.toURL())

// TODO: Ask for the project path if missing and validate the path.
Expand Down Expand Up @@ -159,7 +159,7 @@ class CoderGatewayConnectionProvider : GatewayConnectionProvider {
}

/**
* Check that the link is whitelisted. If not, confirm with the user.
* Check that the link is allowlisted. If not, confirm with the user.
*/
private fun verifyDownloadLink(parameters: Map<String, String>, deploymentURL: URL) {
val link = parameters[IDE_DOWNLOAD_LINK]
Expand All @@ -173,25 +173,25 @@ class CoderGatewayConnectionProvider : GatewayConnectionProvider {
throw IllegalArgumentException("$link is not a valid URL")
}

val (whitelisted, https, linkWithRedirect) = try {
CoderRemoteConnectionHandle.isWhitelisted(url, deploymentURL)
val (allowlisted, https, linkWithRedirect) = try {
CoderRemoteConnectionHandle.isAllowlisted(url, deploymentURL)
} catch (e: Exception) {
throw IllegalArgumentException("Unable to verify $url: $e")
}
if (whitelisted && https) {
if (allowlisted && https) {
return
}

val comment = if (whitelisted) "The download link is from a non-whitelisted URL"
val comment = if (allowlisted) "The download link is from a non-allowlisted URL"
else if (https) "The download link is not using HTTPS"
else "The download link is from a non-whitelisted URL and is not using HTTPS"
else "The download link is from a non-allowlisted URL and is not using HTTPS"

if (!CoderRemoteConnectionHandle.confirm(
"Confirm download URL",
"$comment. Would you like to proceed?",
linkWithRedirect,
)) {
throw IllegalArgumentException("$linkWithRedirect is not whitelisted")
throw IllegalArgumentException("$linkWithRedirect is not allowlisted")
}
}

Expand Down
14 changes: 7 additions & 7 deletions src/main/kotlin/com/coder/gateway/CoderRemoteConnectionHandle.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -240,14 +240,14 @@ class CoderRemoteConnectionHandle {
}

/**
* Return if the URL is whitelisted, https, and the URL and its final
* Return if the URL is allowlisted, https, and the URL and its final
* destination, if it is a different host.
*/
@JvmStatic
fun isWhitelisted(url: URL, deploymentURL: URL): Triple<Boolean, Boolean, String> {
// TODO: Setting for the whitelist, and remember previously allowed
fun isAllowlisted(url: URL, deploymentURL: URL): Triple<Boolean, Boolean, String> {
// TODO: Setting for the allowlist, and remember previously allowed
// domains.
val domainWhitelist = listOf("intellij.net", "jetbrains.com", deploymentURL.host)
val domainAllowlist = listOf("intellij.net", "jetbrains.com", deploymentURL.host)

// Resolve any redirects.
val finalUrl = try {
Expand All @@ -269,10 +269,10 @@ class CoderRemoteConnectionHandle {
linkWithRedirect = "$linkWithRedirect (redirects to to $finalUrl)"
}

val whitelisted = domainWhitelist.any { url.host == it || url.host.endsWith(".$it") }
&& domainWhitelist.any { finalUrl.host == it || finalUrl.host.endsWith(".$it") }
val allowlisted = domainAllowlist.any { url.host == it || url.host.endsWith(".$it") }
&& domainAllowlist.any { finalUrl.host == it || finalUrl.host.endsWith(".$it") }
val https = url.protocol == "https" && finalUrl.protocol == "https"
return Triple(whitelisted, https, linkWithRedirect)
return Triple(allowlisted, https, linkWithRedirect)
}

/**
Expand Down