Force certificates

Author: kylecarbs

packages/app/browser/src/app.html

@@ -3,14 +3,14 @@
 
 <head>
 	<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1">
-	<title>Coder</title>
+	<title>Authenticate: code-server</title>
 </head>
 
 <body>
 	<div class="login">
 		<div class="back">
 			<- Back </div>
-			<!-- <h4 class="title">AWS Cloud</h4> -->
+			<h4 class="title">code-server</h4>
 				<h2 class="subtitle">
 					Enter server password
 				</h2>

packages/server/src/modules.ts

@@ -1,5 +1,6 @@
 import * as fs from "fs";
 import * as path from "path";
+import * as os from "os";
 import { isCli, buildDir } from "./constants";
 
 declare var __non_webpack_require__: typeof require;
@@ -19,7 +20,7 @@ export const setup = (dataDirectory: string): void => {
 		}
 
 		return currentDir;
-	}); // Might need path.sep here for linux. Having it for windows causes an error because \C:\Users ...
+	}, os.platform() === "win32" ? undefined! : path.sep); // Might need path.sep here for linux. Having it for windows causes an error because \C:\Users ...
 
 	const unpackModule = (moduleName: string): void => {
 		const memFile = path.join(isCli ? buildDir! : path.join(__dirname, ".."), "build/dependencies", moduleName);

packages/server/src/server.ts

@@ -86,24 +86,46 @@ export const createApp = async (options: CreateAppOptions): Promise<{
 		options.registerMiddleware(app);
 	}
 
-	const certs = await new Promise<pem.CertificateCreationResult>((res, rej): void => {
-		pem.createCertificate({
-			selfSigned: true,
-		}, (err, result) => {
-			if (err) {
-				rej(err);
-
-				return;
+	interface CertificateInfo {
+		readonly key: string;
+		// tslint:disable-next-line:no-any
+		readonly cert: any;
+	}
+
+	const certs = await new Promise<CertificateInfo>(async (resolve, reject): Promise<void> => {
+		const selfSignedKeyPath = path.join(options.serverOptions!.dataDirectory, "self-signed.key");
+		const selfSignedCertPath = path.join(options.serverOptions!.dataDirectory, "self-signed.cert");
+
+		if (!fs.existsSync(selfSignedKeyPath) || !fs.existsSync(selfSignedCertPath)) {
+			try {
+				const certs = await new Promise<pem.CertificateCreationResult>((res, rej): void => {
+					pem.createCertificate({
+						selfSigned: true,
+					}, (err, result) => {
+						if (err) {
+							rej(err);
+
+							return;
+						}
+
+						res(result);
+					});
+				});
+
+				fs.writeFileSync(selfSignedKeyPath, certs.serviceKey);
+				fs.writeFileSync(selfSignedCertPath, certs.certificate);
+			} catch (ex) {
+				return reject(ex);
 			}
+		}
 
-			res(result);
+		resolve({
+			cert: fs.readFileSync(selfSignedCertPath).toString(),
+			key: fs.readFileSync(selfSignedKeyPath).toString(),
 		});
 	});
 
-	const server = httpolyglot.createServer({
-		key: certs.serviceKey,
-		cert: certs.certificate,
-	}, app) as http.Server;
+	const server = httpolyglot.createServer(options.httpsOptions || certs, app) as http.Server;
 	const wss = new ws.Server({ server });
 
 	wss.shouldHandle = (req): boolean => {
@@ -161,6 +183,10 @@ export const createApp = async (options: CreateAppOptions): Promise<{
 	const authStaticFunc = expressStaticGzip(path.join(baseDir, "build/web/auth"));
 	const unauthStaticFunc = expressStaticGzip(path.join(baseDir, "build/web/unauth"));
 	app.use((req, res, next) => {
+		if (!isEncrypted(req.socket)) {
+			return res.redirect(301, `https://${req.headers.host!}${req.path}`);
+		}
+
 		if (isAuthed(req)) {
 			// We can serve the actual VSCode bin
 			authStaticFunc(req, res, next);