coder · Liorba · Apr 6, 2023 · Apr 14, 2023 · Apr 17, 2023 · Apr 17, 2023
diff --git a/.gitignore b/.gitignore
@@ -6,3 +6,4 @@
 /coverage/
 *.vsix
 yarn-error.log
+.vscode/settings.json
diff --git a/package.json b/package.json
@@ -42,6 +42,26 @@
           },
           "scope": "machine",
           "default": []
+        },
+        "coder.vpnHeader":{
+          "markdownDescription": "key/ value pair to add to coder",
+            "type": "object",
+            "properties": {
+              "headerName": {
+                "type": "string",
+                "description": "header name"
+              },
+              "token": {
+                "type": "string",
+                "description": "header value (optional)"
+              },
+              "tokenFile": {
+                "type":"string",
+                "description": "optional.Path to a file to retrieve the token from, if set, it will ignore the the require on startup "
+
+              }
+            }
+
         }
       }
     },

diff --git a/src/commands.ts b/src/commands.ts
@@ -1,4 +1,4 @@
-import axios from "axios"
+import axios  from "axios"
 import { getAuthenticatedUser, getWorkspaces, updateWorkspaceVersion } from "coder/site/src/api/api"
 import { Workspace } from "coder/site/src/api/typesGenerated"
 import * as vscode from "vscode"
@@ -8,8 +8,8 @@ import { Storage } from "./storage"
 import { WorkspaceTreeItem } from "./workspacesProvider"
 
 export class Commands {
-  public constructor(private readonly vscodeProposed: typeof vscode, private readonly storage: Storage) {}
 
+  public constructor(private readonly vscodeProposed: typeof vscode, private readonly storage: Storage) {}
   public async login(...args: string[]): Promise<void> {
     let url: string | undefined = args.length >= 1 ? args[0] : undefined
     if (!url) {

diff --git a/src/extension.ts b/src/extension.ts
@@ -1,12 +1,16 @@
 "use strict"
 
+import axios, { AxiosResponse } from "axios"
 import { getAuthenticatedUser } from "coder/site/src/api/api"
+import { readFileSync } from "fs"
 import * as module from "module"
 import * as vscode from "vscode"
 import { Commands } from "./commands"
 import { Remote } from "./remote"
 import { Storage } from "./storage"
+import * as os from "os"
 import { WorkspaceQuery, WorkspaceProvider } from "./workspacesProvider"
+import path from "path"
 
 export async function activate(ctx: vscode.ExtensionContext): Promise<void> {
   const output = vscode.window.createOutputChannel("Coder")
@@ -18,7 +22,8 @@ export async function activate(ctx: vscode.ExtensionContext): Promise<void> {
 
   vscode.window.registerTreeDataProvider("myWorkspaces", myWorkspacesProvider)
   vscode.window.registerTreeDataProvider("allWorkspaces", allWorkspacesProvider)
-
+  await initGlobalVpnHeaders(storage)
+  addAxiosInterceptor(storage)
   getAuthenticatedUser()
     .then(async (user) => {
       if (user) {
@@ -116,3 +121,94 @@ export async function activate(ctx: vscode.ExtensionContext): Promise<void> {
     })
   }
 }
+function addAxiosInterceptor(storage: Storage): void {
+  axios.interceptors.response.use(
+    ;(res) => {
+      if (isVpnTokenInvalid(res)) {
+        getVpnHeaderFromUser(
+          "seems like the Vpn Token provided is either invalid or expired, please provide a new token",
+        ).then((token) => {
+          storage.setVpnHeaderToken(token)
+        })
+      } else {
+        return res
+      }
+    },
+      (error) => {
+        if (isVpnTokenInvalidOnError(error)) {
+          getVpnHeaderFromUser(
+            "seems like the Vpn Token provided is either invalid or expired, please provide a new token",
+          ).then((token) => {
+            storage.setVpnHeaderToken(token)
+          })
+          // vscode.window.showErrorMessage(JSON.stringify("vpn token not valid, make sure you added a correct token"))
+        }
+        return error
+      },
+  )
+}
+async function initGlobalVpnHeaders(storage: Storage): Promise<void> {
+  //find if global vpn headers are needed
+  type VpnHeaderConfig = {
+    headerName: string
+    token: string
+    tokenFile: string
+  }
+  const vpnHeaderConf = vscode.workspace.getConfiguration("coder").get<VpnHeaderConfig>("vpnHeader")
+  if (!vpnHeaderConf) {
+    return
+  }
+  const { headerName, tokenFile, token } = vpnHeaderConf
+  if (!headerName) {
+    throw Error(
+      "vpn header name was not defined in extension setting, please make sure to set `coder.vpnHeader.headerName`",
+    )
+  }
+  const maybeVpnHeaderToken = (await storage.getVpnHeaderToken()) || token || readVpnHeaderTokenFromFile(tokenFile)
+  if (maybeVpnHeaderToken) {
+    storage.setVpnHeaderToken(maybeVpnHeaderToken)
+    axios.defaults.headers.common[headerName] = maybeVpnHeaderToken
+  } else {
+    //default to read global headers from user prompt
+    const vpnToken = await getVpnHeaderFromUser(
+      "you need to add your vpn access token to be able to run api calls to coder ",
+    )
+
+    if (vpnToken) {
+      storage.setVpnHeaderToken(vpnToken)
+      axios.defaults.headers.common[headerName] = vpnToken
+    } else {
+      throw Error(
+        "you must provide a vpn token, either by user prompt, path to file holding the token, or explicitly as conf argument ",
+      )
+    }
+  }
+}
+
+async function getVpnHeaderFromUser(message: string): Promise<string | undefined> {
+  return await vscode.window.showInputBox({
+    title: "VpnToken",
+    prompt: message,
+    placeHolder: "put your token here",
+    // value: ,
+  })
+}
+
+function readVpnHeaderTokenFromFile(filepath: string): string | undefined {
+  if (!filepath) {
+    return
+  }
+  if (filepath.startsWith("~")) {
+    return readFileSync(path.join(os.homedir(), filepath.slice(1)), "utf-8")
+  } else {
+    return readFileSync(filepath, "utf-8")
+  }
+}
+function isVpnTokenInvalid(res: AxiosResponse<any, any>): boolean {
+  //if token expired or missing the vpn will return 200 OK with the actual html page to get you to reauthenticate
+  // , this will result in "data" not being an object but a string containing the html
+  return typeof res.data !== "object"
+}
+function isVpnTokenInvalidOnError(error: any): boolean {
+  return error.isAxiosError && error.response.status === 403
+}
diff --git a/src/remote.ts b/src/remote.ts
@@ -509,13 +509,20 @@ export class Remote {
     }
 
     const escape = (str: string): string => `"${str.replace(/"/g, '\\"')}"`
+    const vpnTokenHeaderName = this.vscodeProposed.workspace
+      .getConfiguration()
+      .get<string>("coder.vpnHeader.headerName")
+    const VpnHeaderToken = await this.storage.getVpnHeaderToken()
     const sshValues = {
       Host: `${Remote.Prefix}*`,
-      ProxyCommand: `${escape(binaryPath)} vscodessh --network-info-dir ${escape(
+      // when running vscodessh command we get the following error "find workspace: invalid character '<' looking for beginning of value" which means that the header is not proppgate currectly
+      ProxyCommand: `${escape(
+        binaryPath,
+      )} --header="${vpnTokenHeaderName}=${VpnHeaderToken}" vscodessh --network-info-dir ${escape(
         this.storage.getNetworkInfoPath(),
       )} --session-token-file ${escape(this.storage.getSessionTokenPath())} --url-file ${escape(
         this.storage.getURLPath(),
-      )} %h`,
+      )}  %h`,
       ConnectTimeout: "0",
       StrictHostKeyChecking: "no",
       UserKnownHostsFile: "/dev/null",

diff --git a/src/storage.ts b/src/storage.ts
@@ -54,6 +54,14 @@ export class Storage {
   public async getSessionToken(): Promise<string | undefined> {
     return this.secrets.get("sessionToken")
   }
+  public async setVpnHeaderToken(headerToken?: string): Promise<void> {
+    if (headerToken) {
+      this.secrets.store("vpnHeaderToken", headerToken)
+    }
+  }
+  public async getVpnHeaderToken(): Promise<string | undefined> {
+    return await this.secrets.get("vpnHeaderToken")
+  }
 
   // getRemoteSSHLogPath returns the log path for the "Remote - SSH" output panel.
   // There is no VS Code API to get the contents of an output panel. We use this