coder/code-server
1
0
Fork 0
mirror of https://github.com/coder/code-server.git synced 2026-05-07 00:01:16 -05:00
Code Issues Packages Projects Releases 202 Wiki Activity

Add cookie-suffix flag (#7590)

Browse Source
This commit is contained in:
Timon Fiedler
2025-12-12 02:23:09 +01:00
committed by GitHub
parent 0de7cf5679
commit 68ac95b84e
6 changed files with 22 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/node/routes/index.ts
View File

@@ -5,7 +5,7 @@ import { promises as fs } from "fs"
import * as path from "path"
import * as tls from "tls"
import { Disposable } from "../../common/emitter"
import { HttpCode, HttpError } from "../../common/http"
import { getCookieSessionName, HttpCode, HttpError } from "../../common/http"
import { plural } from "../../common/util"
import { App } from "../app"
import { AuthType, DefaultedArgs } from "../cli"
@@ -61,6 +61,8 @@ export const register = async (
const settings = new SettingsProvider<CoderSettings>(path.join(args["user-data-dir"], "coder.json"))
const updater = new UpdateProvider("https://api.github.com/repos/coder/code-server/releases/latest", settings)
const cookieSessionName = getCookieSessionName(args["cookie-suffix"])
const common: express.RequestHandler = (req, _, next) => {
// /healthz|/healthz/ needs to be excluded otherwise health checks will make
// it look like code-server is always in use.
@@ -75,6 +77,7 @@ export const register = async (
req.heart = heart
req.settings = settings
req.updater = updater
req.cookieSessionName = cookieSessionName
next()
}

3
src/node/routes/login.ts
View File

@@ -2,7 +2,6 @@ import { Router, Request } from "express"
import { promises as fs } from "fs"
import { RateLimiter as Limiter } from "limiter"
import * as path from "path"
import { CookieKeys } from "../../common/http"
import { rootPath } from "../constants"
import { authenticated, getCookieOptions, redirect, replaceTemplates } from "../http"
import i18n from "../i18n"
@@ -95,7 +94,7 @@ router.post<{}, string, { password?: string; base?: string } | undefined, { to?:
if (isPasswordValid) {
// The hash does not add any actual security but we do it for
// obfuscation purposes (and as a side effect it handles escaping).
res.cookie(CookieKeys.Session, hashedPassword, getCookieOptions(req))
res.cookie(req.cookieSessionName, hashedPassword, getCookieOptions(req))
const to = (typeof req.query.to === "string" && req.query.to) || "/"
return redirect(req, res, to, { to: undefined })

3
src/node/routes/logout.ts
View File

@@ -1,5 +1,4 @@
import { Router } from "express"
import { CookieKeys } from "../../common/http"
import { getCookieOptions, redirect } from "../http"
import { sanitizeString } from "../util"
@@ -7,7 +6,7 @@ export const router = Router()
router.get<{}, undefined, undefined, { base?: string; to?: string }>("/", async (req, res) => {
// Must use the *identical* properties used to set the cookie.
res.clearCookie(CookieKeys.Session, getCookieOptions(req))
res.clearCookie(req.cookieSessionName, getCookieOptions(req))
const to = sanitizeString(req.query.to) || "/"
return redirect(req, res, to, { to: undefined, base: undefined, href: undefined })