diff --git a/docs/assets/openid-connect/auth0/application-client-id.png b/docs/assets/openid-connect/auth0/application-client-id.png
new file mode 100644
index 000000000000..bcd1d8a9f60a
Binary files /dev/null and b/docs/assets/openid-connect/auth0/application-client-id.png differ
diff --git a/docs/assets/openid-connect/auth0/create-application.png b/docs/assets/openid-connect/auth0/create-application.png
new file mode 100644
index 000000000000..2fe0a8562022
Binary files /dev/null and b/docs/assets/openid-connect/auth0/create-application.png differ
diff --git a/docs/assets/openid-connect/auth0/update-application.png b/docs/assets/openid-connect/auth0/update-application.png
new file mode 100644
index 000000000000..1c0111bdf3ef
Binary files /dev/null and b/docs/assets/openid-connect/auth0/update-application.png differ
diff --git a/docs/assets/openid-connect/keycloak/create-client.png b/docs/assets/openid-connect/keycloak/create-client.png
new file mode 100644
index 000000000000..4bda495fb725
Binary files /dev/null and b/docs/assets/openid-connect/keycloak/create-client.png differ
diff --git a/docs/assets/openid-connect/keycloak/update-client.png b/docs/assets/openid-connect/keycloak/update-client.png
new file mode 100644
index 000000000000..c57a1d8c9082
Binary files /dev/null and b/docs/assets/openid-connect/keycloak/update-client.png differ
diff --git a/docs/assets/openid-connect/okta/application-client-id.png b/docs/assets/openid-connect/okta/application-client-id.png
new file mode 100644
index 000000000000..bc2d78b26fa7
Binary files /dev/null and b/docs/assets/openid-connect/okta/application-client-id.png differ
diff --git a/docs/assets/openid-connect/okta/create-application.png b/docs/assets/openid-connect/okta/create-application.png
new file mode 100644
index 000000000000..160d4fd6515d
Binary files /dev/null and b/docs/assets/openid-connect/okta/create-application.png differ
diff --git a/docs/assets/openid-connect/okta/update-application-assignments.png b/docs/assets/openid-connect/okta/update-application-assignments.png
new file mode 100644
index 000000000000..bdacc14971fc
Binary files /dev/null and b/docs/assets/openid-connect/okta/update-application-assignments.png differ
diff --git a/docs/assets/openid-connect/okta/update-application-grants.png b/docs/assets/openid-connect/okta/update-application-grants.png
new file mode 100644
index 000000000000..59f46640abcc
Binary files /dev/null and b/docs/assets/openid-connect/okta/update-application-grants.png differ
diff --git a/docs/assets/openid-connect/okta/update-application.png b/docs/assets/openid-connect/okta/update-application.png
new file mode 100644
index 000000000000..b3471ed3bcc6
Binary files /dev/null and b/docs/assets/openid-connect/okta/update-application.png differ
diff --git a/docs/openid-auth.md b/docs/openid-auth.md
new file mode 100644
index 000000000000..7869f6697ef1
--- /dev/null
+++ b/docs/openid-auth.md
@@ -0,0 +1,152 @@
+# Configuring OpenID authentication
+
+The purpose of this guide is to demonstrate the process of configuring an OpenID application as an authentication and authorization source for code-server.
+
+More information regarding how OpenID Connect works can be found here:
+
+-
+-
+-
+
+## Prerequisites
+
+- Either Keycloak has been deployed or an existing Auth0/Okta account exists.
+ - Auth0 Signup:
+ - Okta Signup:
+ - Getting started with Keycloak:
+- A value needs to be generated for `openid-secret`. This value will be used to encrypt the OpenID Connect session token.
+ - MacOS/Linux: `openssl rand -base64 25`
+ - Windows:
+
+## Auth0 OpenID Connect application setup
+
+### Creating the application
+
+1. Navigate to the application management section of your Auth0 dashboard at `https://manage.auth0.com/dashboard/us/{{auth0_account_name}}/applications`
+2. Click the **Create Application** button in the top right of the page.
+3. Either provide a name for this application or use the default, then select **Regular Web Application** as the application type and click the blue **Create** button.
+
+ 
+
+
+### Gather the client ID
+
+1. Make note of the `Client ID` value. This value will be used in the code-server `openid-client-id` configuration variable.
+
+ 
+
+
+### Update the application URLs
+
+1. Update the **_Allowed Callback URL_** and **_Allowed Logout URLs_** fields so that they point to the correct code-server endpoint.
+
+ 
+
+
+### Example Auth0 code-server configuration
+
+---
+
+**NOTE:** The `openid-issuer-base-url` should be set to the value of the **Domain** field of the Okta application.
+
+---
+
+```yml
+bind-addr: 127.0.0.1:8080
+cert: false
+
+auth: openid
+openid-issuer-base-url: "https://cdr.auth0.com"
+openid-client-id: "yg3IIz2alcikRqjqOsnRJABn8Uthfrtv"
+openid-base-url: "http://localhost:8080"
+openid-secret: "{prerequisites_openid-secret_value}"
+```
+
+## Okta OpenID Connect application setup
+
+### Creating the application
+
+1. Navigate to the **Add Application** page of your Okta dashboard at `https://{{okta_account_name}}-admin.okta.com/admin/apps/add-app`
+2. Click the **Create New App** button located in the upper right of the page.
+3. Set the **Platform** to **Web** and **Sign on method** to **OpenID Connect**. Then click **Create**
+
+ 
+
+
+### Update the application
+
+1. Update the **Application name** field with the desired name for this application.
+2. Update the **Login redirect URIs** and **Logout redirect URIs (Optional)** fields so that they point to the correct code-server endpoint then click **Save**
+ 
+3. To update the **Allowed grant types** start by navigating to the **General Settings** section and clicking the **Edit** link in the top right corner of the section card.
+4. Once in the edit view, locate the **Allowed grant types** checkbox list and make sure the boxes for **Implicit (Hybrid)** and **Allow ID Token with implicit grant type** are checked, then scroll to the bottom of the page and click **Save**.
+ 
+5. Lastly, ensure a user is assigned to this application by navigating to the **Assignments** tab, clicking on **Assign**, then selecting **Assign to People**.
+ 
+
+### Gather the client ID
+
+1. Make note of the `Client ID` value. This value will be used in the code-server `openid-client-id` configuration variable.
+
+ 
+
+
+### Example code-server configuration
+
+---
+
+**NOTE:** The `openid-issuer-base-url` should be set to the value of the **Okta domain** field of the Okta application.
+
+---
+
+```yml
+bind-addr: 127.0.0.1:8080
+cert: false
+
+auth: openid
+openid-issuer-base-url: "https://cdr.okta.com"
+openid-client-id: "0oal8azjyekLwJXan5d6"
+openid-base-url: "http://localhost:8080"
+openid-secret: "{prerequisites_openid-secret_value}"
+```
+
+## Keycloak OpenID Connect client setup
+
+### Creating the client
+
+1. Once logged into the Keycloak instance, navigate to the **Clients** page by clicking the **Clients** link in the navigation menu on the left side of the page.
+2. Begin the client creation process by clicking the **Create** button located in the top right corner of the client list.
+3. Fill out the client creation fields then click **Save** - Client ID**: This is the value that will later be populated in `openid-client-id`. This value is entirely up the the user or process creating the client. - **Client Protocol**: This value should be set to **openid-connect** - **Root URL\*\*: This field should be populated with the code-server base URL.
+
+ 
+
+
+### Update the client name
+
+1. Once the **Save** button in the **Add Client** window has been clicked, the client will be created and the page will be redirected to the client settings view. From inside that view proceed to name the newly create client by populating the **Name** field.
+2. Enable implicit flow by changing **Implicit Flow Enabled** from **OFF** to **ON**.
+3. Scroll to the bottom of the page and click **Save**.
+
+ 
+
+
+### Example code-server configuration
+
+---
+
+**NOTE:** The `openid-issuer-base-url` will depend on the Keycloak realm. In the example below the realm is called `master`.
+
+**NOTE:** The `openid-client-id` value should be set to the value given to the **Client ID** when the client was first created.
+
+---
+
+```yml
+bind-addr: 127.0.0.1:8080
+cert: false
+
+auth: openid
+openid-issuer-base-url: "https://keycloak.local/auth/realms/master/.well-known/openid-configuration"
+openid-client-id: "example-code-server"
+openid-base-url: "http://localhost:8080"
+openid-secret: "{prerequisites_openid-secret_value}"
+```
diff --git a/package.json b/package.json
index dc879ba77c04..f395e38fdc02 100644
--- a/package.json
+++ b/package.json
@@ -87,6 +87,7 @@
"cookie-parser": "^1.4.5",
"env-paths": "^2.2.0",
"express": "^5.0.0-alpha.8",
+ "express-openid-connect": "^2.3.1",
"http-proxy": "^1.18.0",
"httpolyglot": "^0.1.2",
"js-yaml": "^4.0.0",
diff --git a/src/node/app.ts b/src/node/app.ts
index 1387135583d5..da709c599ec8 100644
--- a/src/node/app.ts
+++ b/src/node/app.ts
@@ -1,12 +1,13 @@
import { logger } from "@coder/logger"
import compression from "compression"
import express, { Express } from "express"
+import { auth } from "express-openid-connect"
import { promises as fs } from "fs"
import http from "http"
import * as httpolyglot from "httpolyglot"
import { Disposable } from "../common/emitter"
import * as util from "../common/util"
-import { DefaultedArgs } from "./cli"
+import { AuthType, DefaultedArgs } from "./cli"
import { disposer } from "./http"
import { isNodeJSErrnoException } from "./util"
import { handleUpgrade } from "./wsRouter"
@@ -73,6 +74,18 @@ export const createApp = async (args: DefaultedArgs): Promise => {
const wsRouter = express()
handleUpgrade(wsRouter, server)
+ if (args.auth === AuthType.Openid) {
+ const openidConfig = {
+ authRequired: true,
+ auth0Logout: true,
+ issuerBaseURL: args["openid-issuer-base-url"],
+ clientID: args["openid-client-id"],
+ baseURL: args["openid-base-url"],
+ secret: args["openid-secret"],
+ }
+ router.use(auth(openidConfig))
+ wsRouter.use(auth(openidConfig))
+ }
return { router, wsRouter, server, dispose }
}
diff --git a/src/node/cli.ts b/src/node/cli.ts
index 6565fbc9aea6..214ef50ac503 100644
--- a/src/node/cli.ts
+++ b/src/node/cli.ts
@@ -23,6 +23,7 @@ export enum Feature {
export enum AuthType {
Password = "password",
None = "none",
+ Openid = "openid",
}
export class Optional {
@@ -49,6 +50,12 @@ export interface UserProvidedArgs {
config?: string
auth?: AuthType
password?: string
+ "openid-issuer-base-url"?: string
+ "openid-client-id"?: string
+ "openid-base-url"?: string
+ "openid-secret"?: string
+ "openid-group-claim"?: OptionalString
+ "openid-user-group"?: string
"hashed-password"?: string
cert?: OptionalString
"cert-host"?: string
@@ -136,6 +143,30 @@ const options: Options> = {
type: "string",
description: "The password for password authentication (can only be passed in via $PASSWORD or the config file).",
},
+ "openid-issuer-base-url": {
+ type: "string",
+ description: "The base url for providers .well-known endpoint",
+ },
+ "openid-client-id": {
+ type: "string",
+ description: "The client ID of this OpenID application",
+ },
+ "openid-base-url": {
+ type: "string",
+ description: "The base URL for code-server",
+ },
+ "openid-secret": {
+ type: "string",
+ description: "A long secret used to encrypt the session cookie",
+ },
+ "openid-group-claim": {
+ type: OptionalString,
+ description: "A claim that contains the authenticated users group assignments",
+ },
+ "openid-user-group": {
+ type: "string",
+ description: "The group that a user will need to be a member of to access this instance",
+ },
"hashed-password": {
type: "string",
description:
diff --git a/src/node/http.ts b/src/node/http.ts
index dbd72d84eae8..4329ce10869f 100644
--- a/src/node/http.ts
+++ b/src/node/http.ts
@@ -1,5 +1,6 @@
import { field, logger } from "@coder/logger"
import * as express from "express"
+import { RequestContext } from "express-openid-connect"
import * as expressCore from "express-serve-static-core"
import * as http from "http"
import * as net from "net"
@@ -31,6 +32,7 @@ declare global {
export interface Request {
args: DefaultedArgs
heart: Heart
+ oidc: RequestContext
settings: SettingsProvider
updater: UpdateProvider
}
@@ -89,9 +91,12 @@ export const ensureAuthenticated = async (
*/
export const authenticated = async (req: express.Request): Promise => {
switch (req.args.auth) {
+ // NO authentication used...
case AuthType.None: {
return true
}
+
+ // BASIC authentication used...
case AuthType.Password: {
// The password is stored in the cookie after being hashed.
const hashedPasswordFromArgs = req.args["hashed-password"]
@@ -105,6 +110,41 @@ export const authenticated = async (req: express.Request): Promise => {
return await isCookieValid(isCookieValidArgs)
}
+
+ // OiDC authentication used...
+ case AuthType.Openid: {
+ if (req.oidc.isAuthenticated()) {
+ logger.debug("User authenticated with OpenID Connect", field("user", req.oidc.user))
+
+ // Check to see if a group claim was specified.
+ // If there was no group claim specified the user will be considered authorized.
+ if (!req.args["openid-group-claim"]) {
+ return true
+ }
+
+ // With the user authenticated we need to check the group claims to make sure they're authorized.
+ for (const key in req.oidc.idTokenClaims) {
+ const claims = req.oidc.idTokenClaims[key]
+ if (key === req.args["openid-group-claim"] && req.args["openid-group-claim"].value) {
+ for (const value in claims) {
+ if (req.args["openid-user-group"] === claims[value]) {
+ logger.debug("User authorized", field("user", req.oidc.user))
+ return true
+ }
+ }
+ }
+ }
+
+ // Throw an error informing the user that they're unauthorized.
+ logger.debug("User not authorized", field("user", req.oidc.user))
+ throw new HttpError("Unauthorized", HttpCode.Unauthorized)
+ }
+
+ // Returning false means the user isn't authenticated.
+ // This should trigger a redirect so the user can get authenticated.
+ logger.debug("User not authenticated using OpenID Connect", field("user", req.oidc.user))
+ return false
+ }
default: {
throw new Error(`Unsupported auth type ${req.args.auth}`)
}
diff --git a/test/unit/cli.test.ts b/test/unit/cli.test.ts
new file mode 100644
index 000000000000..558cb3c6298f
--- /dev/null
+++ b/test/unit/cli.test.ts
@@ -0,0 +1,405 @@
+import { Level, logger } from "@coder/logger"
+import { promises as fs } from "fs"
+import * as net from "net"
+import * as os from "os"
+import * as path from "path"
+import { Args, parse, setDefaults, shouldOpenInExistingInstance } from "../../src/node/cli"
+import { paths, tmpdir } from "../../src/node/util"
+
+type Mutable = {
+ -readonly [P in keyof T]: T[P]
+}
+
+describe("parser", () => {
+ beforeEach(() => {
+ delete process.env.LOG_LEVEL
+ delete process.env.PASSWORD
+ console.log = jest.fn()
+ })
+
+ // The parser should not set any defaults so the caller can determine what
+ // values the user actually set. These are only set after explicitly calling
+ // `setDefaults`.
+ const defaults = {
+ auth: "password",
+ host: "localhost",
+ port: 8080,
+ "proxy-domain": [],
+ usingEnvPassword: false,
+ usingEnvHashedPassword: false,
+ "extensions-dir": path.join(paths.data, "extensions"),
+ "user-data-dir": paths.data,
+ }
+
+ it("should parse nothing", () => {
+ expect(parse([])).toStrictEqual({ _: [] })
+ })
+
+ it("should parse all available options", () => {
+ expect(
+ parse([
+ "--bind-addr=192.169.0.1:8080",
+ "--auth",
+ "none",
+ "--extensions-dir",
+ "foo",
+ "--builtin-extensions-dir",
+ "foobar",
+ "--extra-extensions-dir",
+ "nozzle",
+ "1",
+ "--extra-builtin-extensions-dir",
+ "bazzle",
+ "--verbose",
+ "2",
+ "--log",
+ "error",
+ "--help",
+ "--open",
+ "--socket=mumble",
+ "3",
+ "--user-data-dir",
+ "bar",
+ "--cert=baz",
+ "--cert-key",
+ "qux",
+ "--version",
+ "--json",
+ "--port=8081",
+ "--host",
+ "0.0.0.0",
+ "4",
+ "--",
+ "-5",
+ "--6",
+ ]),
+ ).toEqual({
+ _: ["1", "2", "3", "4", "-5", "--6"],
+ auth: "none",
+ "builtin-extensions-dir": path.resolve("foobar"),
+ "cert-key": path.resolve("qux"),
+ cert: {
+ value: path.resolve("baz"),
+ },
+ "extensions-dir": path.resolve("foo"),
+ "extra-builtin-extensions-dir": [path.resolve("bazzle")],
+ "extra-extensions-dir": [path.resolve("nozzle")],
+ help: true,
+ host: "0.0.0.0",
+ json: true,
+ log: "error",
+ open: true,
+ port: 8081,
+ socket: path.resolve("mumble"),
+ "user-data-dir": path.resolve("bar"),
+ verbose: true,
+ version: true,
+ "bind-addr": "192.169.0.1:8080",
+ })
+ })
+
+ it("should work with short options", () => {
+ expect(parse(["-vvv", "-v"])).toEqual({
+ _: [],
+ verbose: true,
+ version: true,
+ })
+ })
+
+ it("should use log level env var", async () => {
+ const args = parse([])
+ expect(args).toEqual({ _: [] })
+
+ process.env.LOG_LEVEL = "debug"
+ const defaults = await setDefaults(args)
+ expect(defaults).toStrictEqual({
+ ...defaults,
+ _: [],
+ log: "debug",
+ verbose: false,
+ })
+ expect(process.env.LOG_LEVEL).toEqual("debug")
+ expect(logger.level).toEqual(Level.Debug)
+
+ process.env.LOG_LEVEL = "trace"
+ const updated = await setDefaults(args)
+ expect(updated).toStrictEqual({
+ ...updated,
+ _: [],
+ log: "trace",
+ verbose: true,
+ })
+ expect(process.env.LOG_LEVEL).toEqual("trace")
+ expect(logger.level).toEqual(Level.Trace)
+ })
+
+ it("should prefer --log to env var and --verbose to --log", async () => {
+ let args = parse(["--log", "info"])
+ expect(args).toEqual({
+ _: [],
+ log: "info",
+ })
+
+ process.env.LOG_LEVEL = "debug"
+ const defaults = await setDefaults(args)
+ expect(defaults).toEqual({
+ ...defaults,
+ _: [],
+ log: "info",
+ verbose: false,
+ })
+ expect(process.env.LOG_LEVEL).toEqual("info")
+ expect(logger.level).toEqual(Level.Info)
+
+ process.env.LOG_LEVEL = "trace"
+ const updated = await setDefaults(args)
+ expect(updated).toEqual({
+ ...defaults,
+ _: [],
+ log: "info",
+ verbose: false,
+ })
+ expect(process.env.LOG_LEVEL).toEqual("info")
+ expect(logger.level).toEqual(Level.Info)
+
+ args = parse(["--log", "info", "--verbose"])
+ expect(args).toEqual({
+ _: [],
+ log: "info",
+ verbose: true,
+ })
+
+ process.env.LOG_LEVEL = "warn"
+ const updatedAgain = await setDefaults(args)
+ expect(updatedAgain).toEqual({
+ ...defaults,
+ _: [],
+ log: "trace",
+ verbose: true,
+ })
+ expect(process.env.LOG_LEVEL).toEqual("trace")
+ expect(logger.level).toEqual(Level.Trace)
+ })
+
+ it("should ignore invalid log level env var", async () => {
+ process.env.LOG_LEVEL = "bogus"
+ const defaults = await setDefaults(parse([]))
+ expect(defaults).toEqual({
+ ...defaults,
+ _: [],
+ })
+ })
+
+ it("should error if value isn't provided", () => {
+ expect(() => parse(["--auth"])).toThrowError(/--auth requires a value/)
+ expect(() => parse(["--auth=", "--log=debug"])).toThrowError(/--auth requires a value/)
+ expect(() => parse(["--auth", "--log"])).toThrowError(/--auth requires a value/)
+ expect(() => parse(["--auth", "--invalid"])).toThrowError(/--auth requires a value/)
+ expect(() => parse(["--bind-addr"])).toThrowError(/--bind-addr requires a value/)
+ })
+
+ it("should error if value is invalid", () => {
+ expect(() => parse(["--port", "foo"])).toThrowError(/--port must be a number/)
+ expect(() => parse(["--auth", "invalid"])).toThrowError(/--auth valid values: \[password, none, openid\]/)
+ expect(() => parse(["--log", "invalid"])).toThrowError(/--log valid values: \[trace, debug, info, warn, error\]/)
+ })
+
+ it("should error if the option doesn't exist", () => {
+ expect(() => parse(["--foo"])).toThrowError(/Unknown option --foo/)
+ })
+
+ it("should not error if the value is optional", () => {
+ expect(parse(["--cert"])).toEqual({
+ _: [],
+ cert: {
+ value: undefined,
+ },
+ })
+ })
+
+ it("should not allow option-like values", () => {
+ expect(() => parse(["--socket", "--socket-path-value"])).toThrowError(/--socket requires a value/)
+ // If you actually had a path like this you would do this instead:
+ expect(parse(["--socket", "./--socket-path-value"])).toEqual({
+ _: [],
+ socket: path.resolve("--socket-path-value"),
+ })
+ expect(() => parse(["--cert", "--socket-path-value"])).toThrowError(/Unknown option --socket-path-value/)
+ })
+
+ it("should allow positional arguments before options", () => {
+ expect(parse(["foo", "test", "--auth", "none"])).toEqual({
+ _: ["foo", "test"],
+ auth: "none",
+ })
+ })
+
+ it("should support repeatable flags", () => {
+ expect(parse(["--proxy-domain", "*.coder.com"])).toEqual({
+ _: [],
+ "proxy-domain": ["*.coder.com"],
+ })
+ expect(parse(["--proxy-domain", "*.coder.com", "--proxy-domain", "test.com"])).toEqual({
+ _: [],
+ "proxy-domain": ["*.coder.com", "test.com"],
+ })
+ })
+
+ it("should enforce cert-key with cert value or otherwise generate one", async () => {
+ const args = parse(["--cert"])
+ expect(args).toEqual({
+ _: [],
+ cert: {
+ value: undefined,
+ },
+ })
+ expect(() => parse(["--cert", "test"])).toThrowError(/--cert-key is missing/)
+ const defaultArgs = await setDefaults(args)
+ expect(defaultArgs).toEqual({
+ _: [],
+ ...defaults,
+ cert: {
+ value: path.join(paths.data, "localhost.crt"),
+ },
+ "cert-key": path.join(paths.data, "localhost.key"),
+ })
+ })
+
+ it("should override with --link", async () => {
+ const args = parse("--cert test --cert-key test --socket test --host 0.0.0.0 --port 8888 --link test".split(" "))
+ const defaultArgs = await setDefaults(args)
+ expect(defaultArgs).toEqual({
+ _: [],
+ ...defaults,
+ auth: "none",
+ host: "localhost",
+ link: {
+ value: "test",
+ },
+ port: 0,
+ cert: undefined,
+ "cert-key": path.resolve("test"),
+ socket: undefined,
+ })
+ })
+
+ it("should use env var password", async () => {
+ process.env.PASSWORD = "test"
+ const args = parse([])
+ expect(args).toEqual({
+ _: [],
+ })
+
+ const defaultArgs = await setDefaults(args)
+ expect(defaultArgs).toEqual({
+ ...defaults,
+ _: [],
+ password: "test",
+ usingEnvPassword: true,
+ })
+ })
+
+ it("should use env var hashed password", async () => {
+ process.env.HASHED_PASSWORD = "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08" // test
+ const args = parse([])
+ expect(args).toEqual({
+ _: [],
+ })
+
+ const defaultArgs = await setDefaults(args)
+ expect(defaultArgs).toEqual({
+ ...defaults,
+ _: [],
+ "hashed-password": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
+ usingEnvHashedPassword: true,
+ })
+ })
+
+ it("should filter proxy domains", async () => {
+ const args = parse(["--proxy-domain", "*.coder.com", "--proxy-domain", "coder.com", "--proxy-domain", "coder.org"])
+ expect(args).toEqual({
+ _: [],
+ "proxy-domain": ["*.coder.com", "coder.com", "coder.org"],
+ })
+
+ const defaultArgs = await setDefaults(args)
+ expect(defaultArgs).toEqual({
+ ...defaults,
+ _: [],
+ "proxy-domain": ["coder.com", "coder.org"],
+ })
+ })
+})
+
+describe("cli", () => {
+ let args: Mutable = { _: [] }
+ const testDir = path.join(tmpdir, "tests/cli")
+ const vscodeIpcPath = path.join(os.tmpdir(), "vscode-ipc")
+
+ beforeAll(async () => {
+ await fs.rmdir(testDir, { recursive: true })
+ await fs.mkdir(testDir, { recursive: true })
+ })
+
+ beforeEach(async () => {
+ delete process.env.VSCODE_IPC_HOOK_CLI
+ args = { _: [] }
+ await fs.rmdir(vscodeIpcPath, { recursive: true })
+ })
+
+ it("should use existing if inside code-server", async () => {
+ process.env.VSCODE_IPC_HOOK_CLI = "test"
+ expect(await shouldOpenInExistingInstance(args)).toStrictEqual("test")
+
+ args.port = 8081
+ args._.push("./file")
+ expect(await shouldOpenInExistingInstance(args)).toStrictEqual("test")
+ })
+
+ it("should use existing if --reuse-window is set", async () => {
+ args["reuse-window"] = true
+ await expect(shouldOpenInExistingInstance(args)).resolves.toStrictEqual(undefined)
+
+ await fs.writeFile(vscodeIpcPath, "test")
+ await expect(shouldOpenInExistingInstance(args)).resolves.toStrictEqual("test")
+
+ args.port = 8081
+ await expect(shouldOpenInExistingInstance(args)).resolves.toStrictEqual("test")
+ })
+
+ it("should use existing if --new-window is set", async () => {
+ args["new-window"] = true
+ expect(await shouldOpenInExistingInstance(args)).toStrictEqual(undefined)
+
+ await fs.writeFile(vscodeIpcPath, "test")
+ expect(await shouldOpenInExistingInstance(args)).toStrictEqual("test")
+
+ args.port = 8081
+ expect(await shouldOpenInExistingInstance(args)).toStrictEqual("test")
+ })
+
+ it("should use existing if no unrelated flags are set, has positional, and socket is active", async () => {
+ expect(await shouldOpenInExistingInstance(args)).toStrictEqual(undefined)
+
+ args._.push("./file")
+ expect(await shouldOpenInExistingInstance(args)).toStrictEqual(undefined)
+
+ const socketPath = path.join(testDir, "socket")
+ await fs.writeFile(vscodeIpcPath, socketPath)
+ expect(await shouldOpenInExistingInstance(args)).toStrictEqual(undefined)
+
+ await new Promise((resolve) => {
+ const server = net.createServer(() => {
+ // Close after getting the first connection.
+ server.close()
+ })
+ server.once("listening", () => resolve(server))
+ server.listen(socketPath)
+ })
+
+ expect(await shouldOpenInExistingInstance(args)).toStrictEqual(socketPath)
+
+ args.port = 8081
+ expect(await shouldOpenInExistingInstance(args)).toStrictEqual(undefined)
+ })
+})
diff --git a/test/unit/node/settings.test.ts b/test/unit/node/settings.test.ts
index 5931c7994bd9..68bf51784fbd 100644
--- a/test/unit/node/settings.test.ts
+++ b/test/unit/node/settings.test.ts
@@ -14,7 +14,7 @@ describe("settings", () => {
testDir = await tmpdir(testName)
})
describe("with invalid JSON in settings file", () => {
- let mockSettingsFile = "coder.json"
+ const mockSettingsFile = "coder.json"
let pathToMockSettingsFile = ""
beforeEach(async () => {
@@ -33,7 +33,7 @@ describe("settings", () => {
})
})
describe("with invalid settings file path", () => {
- let mockSettingsFile = "nonExistent.json"
+ const mockSettingsFile = "nonExistent.json"
let pathToMockSettingsFile = ""
beforeEach(async () => {
diff --git a/yarn.lock b/yarn.lock
index fb208d26356b..288f2491ef09 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -221,6 +221,22 @@
minimatch "^3.0.4"
strip-json-comments "^3.1.1"
+"@hapi/hoek@^9.0.0":
+ version "9.1.1"
+ resolved "https://registry.yarnpkg.com/@hapi/hoek/-/hoek-9.1.1.tgz#9daf5745156fd84b8e9889a2dc721f0c58e894aa"
+ integrity sha512-CAEbWH7OIur6jEOzaai83jq3FmKmv4PmX1JYfs9IrYcGEVI/lyL1EXJGCj7eFVJ0bg5QR8LMxBlEtA+xKiLpFw==
+
+"@hapi/topo@^5.0.0":
+ version "5.0.0"
+ resolved "https://registry.yarnpkg.com/@hapi/topo/-/topo-5.0.0.tgz#c19af8577fa393a06e9c77b60995af959be721e7"
+ integrity sha512-tFJlT47db0kMqVm3H4nQYgn6Pwg10GTZHb1pwmSiv1K4ks6drQOtfEF5ZnPjkvC+y4/bUPHK+bc87QvLcL+WMw==
+ dependencies:
+ "@hapi/hoek" "^9.0.0"
+
+"@iarna/toml@^2.2.0":
+ version "2.2.5"
+ resolved "https://registry.yarnpkg.com/@iarna/toml/-/toml-2.2.5.tgz#b32366c89b43c6f8cefbdefac778b9c828e3ba8c"
+ integrity sha512-trnsAYxU3xnS1gPHPyU961coFyLkh4gAD/0zQ5mymY4yOZ+CYvsPqUbOFSw0aDM4y0tV7tiFxL/1XfXPNC6IPg==
"@humanwhocodes/config-array@^0.5.0":
version "0.5.0"
resolved "https://registry.yarnpkg.com/@humanwhocodes/config-array/-/config-array-0.5.0.tgz#1407967d4c6eecd7388f83acf1eaf4d0c6e58ef9"
@@ -271,6 +287,51 @@
"@nodelib/fs.scandir" "2.1.4"
fastq "^1.6.0"
+"@panva/asn1.js@^1.0.0":
+ version "1.0.0"
+ resolved "https://registry.yarnpkg.com/@panva/asn1.js/-/asn1.js-1.0.0.tgz#dd55ae7b8129e02049f009408b97c61ccf9032f6"
+ integrity sha512-UdkG3mLEqXgnlKsWanWcgb6dOjUzJ+XC5f+aWw30qrtjxeNUSfKX1cd5FBzOaXQumoe9nIqeZUvrRJS03HCCtw==
+
+"@parcel/fs@^1.11.0":
+ version "1.11.0"
+ resolved "https://registry.yarnpkg.com/@parcel/fs/-/fs-1.11.0.tgz#fb8a2be038c454ad46a50dc0554c1805f13535cd"
+ integrity sha512-86RyEqULbbVoeo8OLcv+LQ1Vq2PKBAvWTU9fCgALxuCTbbs5Ppcvll4Vr+Ko1AnmMzja/k++SzNAwJfeQXVlpA==
+ dependencies:
+ "@parcel/utils" "^1.11.0"
+ mkdirp "^0.5.1"
+ rimraf "^2.6.2"
+
+"@parcel/logger@^1.11.1":
+ version "1.11.1"
+ resolved "https://registry.yarnpkg.com/@parcel/logger/-/logger-1.11.1.tgz#c55b0744bcbe84ebc291155627f0ec406a23e2e6"
+ integrity sha512-9NF3M6UVeP2udOBDILuoEHd8VrF4vQqoWHEafymO1pfSoOMfxrSJZw1MfyAAIUN/IFp9qjcpDCUbDZB+ioVevA==
+ dependencies:
+ "@parcel/workers" "^1.11.0"
+ chalk "^2.1.0"
+ grapheme-breaker "^0.3.2"
+ ora "^2.1.0"
+ strip-ansi "^4.0.0"
+
+"@parcel/utils@^1.11.0":
+ version "1.11.0"
+ resolved "https://registry.yarnpkg.com/@parcel/utils/-/utils-1.11.0.tgz#539e08fff8af3b26eca11302be80b522674b51ea"
+ integrity sha512-cA3p4jTlaMeOtAKR/6AadanOPvKeg8VwgnHhOyfi0yClD0TZS/hi9xu12w4EzA/8NtHu0g6o4RDfcNjqN8l1AQ==
+
+"@parcel/watcher@^1.12.1":
+ version "1.12.1"
+ resolved "https://registry.yarnpkg.com/@parcel/watcher/-/watcher-1.12.1.tgz#b98b3df309fcab93451b5583fc38e40826696dad"
+ integrity sha512-od+uCtCxC/KoNQAIE1vWx1YTyKYY+7CTrxBJPRh3cDWw/C0tCtlBMVlrbplscGoEpt6B27KhJDCv82PBxOERNA==
+ dependencies:
+ "@parcel/utils" "^1.11.0"
+ chokidar "^2.1.5"
+
+"@parcel/workers@^1.11.0":
+ version "1.11.0"
+ resolved "https://registry.yarnpkg.com/@parcel/workers/-/workers-1.11.0.tgz#7b8dcf992806f4ad2b6cecf629839c41c2336c59"
+ integrity sha512-USSjRAAQYsZFlv43FUPdD+jEGML5/8oLF0rUzPQTtK4q9kvaXr49F5ZplyLz5lox78cLZ0TxN2bIDQ1xhOkulQ==
+ dependencies:
+ "@parcel/utils" "^1.11.0"
+ physical-cpu-count "^2.0.0"
"@phc/format@^1.0.0":
version "1.0.0"
resolved "https://registry.yarnpkg.com/@phc/format/-/format-1.0.0.tgz#b5627003b3216dc4362125b13f48a4daa76680e4"
@@ -281,6 +342,28 @@
resolved "https://registry.yarnpkg.com/@schemastore/package/-/package-0.0.6.tgz#9a76713da1c7551293b7e72e4f387f802bfd5d81"
integrity sha512-uNloNHoyHttSSdeuEkkSC+mdxJXMKlcUPOMb//qhQbIQijXg8x54VmAw3jm6GJZQ5DBtIqGBd66zEQCDCChQVA==
+"@sideway/address@^4.1.0":
+ version "4.1.1"
+ resolved "https://registry.yarnpkg.com/@sideway/address/-/address-4.1.1.tgz#9e321e74310963fdf8eebfbee09c7bd69972de4d"
+ integrity sha512-+I5aaQr3m0OAmMr7RQ3fR9zx55sejEYR2BFJaxL+zT3VM2611X0SHvPWIbAUBZVTn/YzYKbV8gJ2oT/QELknfQ==
+ dependencies:
+ "@hapi/hoek" "^9.0.0"
+
+"@sideway/formula@^3.0.0":
+ version "3.0.0"
+ resolved "https://registry.yarnpkg.com/@sideway/formula/-/formula-3.0.0.tgz#fe158aee32e6bd5de85044be615bc08478a0a13c"
+ integrity sha512-vHe7wZ4NOXVfkoRb8T5otiENVlT7a3IAiw7H5M2+GO+9CDgcVUUsX1zalAztCmwyOr2RUTGJdgB+ZvSVqmdHmg==
+
+"@sideway/pinpoint@^2.0.0":
+ version "2.0.0"
+ resolved "https://registry.yarnpkg.com/@sideway/pinpoint/-/pinpoint-2.0.0.tgz#cff8ffadc372ad29fd3f78277aeb29e632cc70df"
+ integrity sha512-RNiOoTPkptFtSVzQevY/yWtZwf/RxyVnPy/OcA9HBM3MlGDnBEYL5B41H0MTn0Uec8Hi+2qUtTfG2WWZBmMejQ==
+
+"@sindresorhus/is@^4.0.0":
+ version "4.0.0"
+ resolved "https://registry.yarnpkg.com/@sindresorhus/is/-/is-4.0.0.tgz#2ff674e9611b45b528896d820d3d7a812de2f0e4"
+ integrity sha512-FyD2meJpDPjyNQejSjvnhpgI/azsQkA4lGbuu5BQZfjvJ9cbRZXzeWL2HceCekW4lixO9JPesIIQkSoLjeJHNQ==
+
"@stylelint/postcss-css-in-js@^0.37.2":
version "0.37.2"
resolved "https://registry.yarnpkg.com/@stylelint/postcss-css-in-js/-/postcss-css-in-js-0.37.2.tgz#7e5a84ad181f4234a2480803422a47b8749af3d2"
@@ -296,6 +379,13 @@
remark "^13.0.0"
unist-util-find-all-after "^3.0.2"
+"@szmarczak/http-timer@^4.0.5":
+ version "4.0.5"
+ resolved "https://registry.yarnpkg.com/@szmarczak/http-timer/-/http-timer-4.0.5.tgz#bfbd50211e9dfa51ba07da58a14cdfd333205152"
+ integrity sha512-PyRA9sm1Yayuj5OIoJ1hGt2YISX45w9WcFbh6ddT0Z/0yaFxOtGLInr4jUfU1EAFVs0Yfyfev4RNwBlUaHdlDQ==
+ dependencies:
+ defer-to-connect "^2.0.0"
+
"@textlint/ast-node-types@^4.2.5":
version "4.4.1"
resolved "https://registry.yarnpkg.com/@textlint/ast-node-types/-/ast-node-types-4.4.1.tgz#715dd42b3ec7ff02729fa81cdc9557fe2cdd4f10"
@@ -347,6 +437,16 @@
"@types/connect" "*"
"@types/node" "*"
+"@types/cacheable-request@^6.0.1":
+ version "6.0.1"
+ resolved "https://registry.yarnpkg.com/@types/cacheable-request/-/cacheable-request-6.0.1.tgz#5d22f3dded1fd3a84c0bbeb5039a7419c2c91976"
+ integrity sha512-ykFq2zmBGOCbpIXtoVbz4SKY5QriWPh3AjyU4G74RYbtt5yOc5OfaY75ftjg7mikMOla1CTGpX3lLbuJh8DTrQ==
+ dependencies:
+ "@types/http-cache-semantics" "*"
+ "@types/keyv" "*"
+ "@types/node" "*"
+ "@types/responselike" "*"
+
"@types/compression@^1.7.0":
version "1.7.1"
resolved "https://registry.yarnpkg.com/@types/compression/-/compression-1.7.1.tgz#d935a1cd6f5cd9a4dc8b0d8aadf2ee91a2975acc"
@@ -387,6 +487,11 @@
"@types/qs" "*"
"@types/serve-static" "*"
+"@types/http-cache-semantics@*":
+ version "4.0.0"
+ resolved "https://registry.yarnpkg.com/@types/http-cache-semantics/-/http-cache-semantics-4.0.0.tgz#9140779736aa2655635ee756e2467d787cfe8a2a"
+ integrity sha512-c3Xy026kOF7QOTn00hbIllV1dLR9hG9NkSrLQgCVs8NF6sBU+VGWjD3wLPhmh1TYAc7ugCFsvHYMN4VcBN1U1A==
+
"@types/http-proxy@^1.17.4":
version "1.17.7"
resolved "https://registry.yarnpkg.com/@types/http-proxy/-/http-proxy-1.17.7.tgz#30ea85cc2c868368352a37f0d0d3581e24834c6f"
@@ -409,6 +514,13 @@
resolved "https://registry.yarnpkg.com/@types/json5/-/json5-0.0.29.tgz#ee28707ae94e11d2b827bcbe5270bcea7f3e71ee"
integrity sha1-7ihweulOEdK4J7y+UnC86n8+ce4=
+"@types/keyv@*":
+ version "3.1.1"
+ resolved "https://registry.yarnpkg.com/@types/keyv/-/keyv-3.1.1.tgz#e45a45324fca9dab716ab1230ee249c9fb52cfa7"
+ integrity sha512-MPtoySlAZQ37VoLaPcTHCu1RWJ4llDkULYZIzOYxlhxBqYPB0RsRlmMU0R6tahtFe27mIdkHV+551ZWV4PLmVw==
+ dependencies:
+ "@types/node" "*"
+
"@types/mdast@^3.0.0":
version "3.0.3"
resolved "https://registry.yarnpkg.com/@types/mdast/-/mdast-3.0.3.tgz#2d7d671b1cd1ea3deb306ea75036c2a0407d2deb"
@@ -465,6 +577,13 @@
resolved "https://registry.yarnpkg.com/@types/range-parser/-/range-parser-1.2.3.tgz#7ee330ba7caafb98090bece86a5ee44115904c2c"
integrity sha512-ewFXqrQHlFsgc09MK5jP5iR7vumV/BYayNC6PgJO2LPe8vrnNFyjQjSppfEngITi0qvfKtzFvgKymGheFM9UOA==
+"@types/responselike@*", "@types/responselike@^1.0.0":
+ version "1.0.0"
+ resolved "https://registry.yarnpkg.com/@types/responselike/-/responselike-1.0.0.tgz#251f4fe7d154d2bad125abe1b429b23afd262e29"
+ integrity sha512-85Y2BjiufFzaMIlvJDvTTB8Fxl2xfLo4HgmHzVBz08w4wDePCTjYw66PdrolO0kzli3yam/YCgRufyo1DdQVTA==
+ dependencies:
+ "@types/node" "*"
+
"@types/safe-compare@^1.1.0":
version "1.1.0"
resolved "https://registry.yarnpkg.com/@types/safe-compare/-/safe-compare-1.1.0.tgz#47ed9b9ca51a3a791b431cd59b28f47fa9bf1224"
@@ -800,11 +919,66 @@ bail@^1.0.0:
resolved "https://registry.yarnpkg.com/bail/-/bail-1.0.5.tgz#b6fa133404a392cbc1f8c4bf63f5953351e7a776"
integrity sha512-xFbRxM1tahm08yHBP16MMjVUAvDaBMD38zsM9EMAUN61omwLmKlOpB/Zku5QkjZ8TZ4vn53pj+t518cH0S03RQ==
-balanced-match@^1.0.0:
+base64-js@^1.0.2, base64-js@^1.3.1:
+ version "1.5.1"
+ resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.5.1.tgz#1b1b440160a5bf7ad40b650f095963481903930a"
+ integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==
+
+base64url@^3.0.1:
+ version "3.0.1"
+ resolved "https://registry.yarnpkg.com/base64url/-/base64url-3.0.1.tgz#6399d572e2bc3f90a9a8b22d5dbb0a32d33f788d"
+ integrity sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==
+
+base@^0.11.1:
+ version "0.11.2"
+ resolved "https://registry.yarnpkg.com/base/-/base-0.11.2.tgz#7bde5ced145b6d551a90db87f83c558b4eb48a8f"
+ integrity sha512-5T6P4xPgpp0YDFvSWwEZ4NoE3aM4QBQXDzmVbraCkFj8zHM+mba8SyqB5DbZWyR7mYHo6Y7BdQo3MoA4m0TeQg==
+ dependencies:
+ cache-base "^1.0.1"
+ class-utils "^0.3.5"
+ component-emitter "^1.2.1"
+ define-property "^1.0.0"
+ isobject "^3.0.1"
+ mixin-deep "^1.2.0"
+ pascalcase "^0.1.1"
+
+bcrypt-pbkdf@^1.0.0:
version "1.0.2"
- resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.2.tgz#e83e3a7e3f300b34cb9d87f615fa0cbf357690ee"
- integrity sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==
+ resolved "https://registry.yarnpkg.com/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz#a4301d389b6a43f9b67ff3ca11a3f6637e360e9e"
+ integrity sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4=
+ dependencies:
+ tweetnacl "^0.14.3"
+
+binary-extensions@^1.0.0:
+ version "1.13.1"
+ resolved "https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-1.13.1.tgz#598afe54755b2868a5330d2aff9d4ebb53209b65"
+ integrity sha512-Un7MIEDdUC5gNpcGDV97op1Ywk748MpHcFTHoYs6qnj1Z3j7I53VG3nwZhKzoBZmbdRNnb6WRdFlwl7tSDuZGw==
+bindings@^1.5.0:
+ version "1.5.0"
+ resolved "https://registry.yarnpkg.com/bindings/-/bindings-1.5.0.tgz#10353c9e945334bc0511a6d90b38fbc7c9c504df"
+ integrity sha512-p2q/t/mhvuOj/UeLlV6566GD/guowlr0hHxClI0W9m7MWYkL1F0hLo+0Aexs9HSPCtR1SXQ0TD3MMKrXZajbiQ==
+ dependencies:
+ file-uri-to-path "1.0.0"
+
+bl@^4.0.3:
+ version "4.1.0"
+ resolved "https://registry.yarnpkg.com/bl/-/bl-4.1.0.tgz#451535264182bec2fbbc83a62ab98cf11d9f7b3a"
+ integrity sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w==
+ dependencies:
+ buffer "^5.5.0"
+ inherits "^2.0.4"
+ readable-stream "^3.4.0"
+
+bn.js@^4.0.0, bn.js@^4.1.0, bn.js@^4.11.9:
+ version "4.12.0"
+ resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.12.0.tgz#775b3f278efbb9718eec7361f483fb36fbbfea88"
+ integrity sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==
+
+bn.js@^5.0.0, bn.js@^5.1.1:
+ version "5.2.0"
+ resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-5.2.0.tgz#358860674396c6997771a9d051fcc1b57d4ae002"
+ integrity sha512-D7iWRBvnZE8ecXiLj/9wbxH7Tk79fAh8IHaTNq1RWRixsS02W+5qS+iE9yq6RYl0asXx5tw0bLhmT5pIfbSquw==
balanced-match@^2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-2.0.0.tgz#dc70f920d78db8b858535795867bf48f820633d9"
@@ -1210,6 +1384,11 @@ deep-is@~0.1.3:
resolved "https://registry.yarnpkg.com/deep-is/-/deep-is-0.1.4.tgz#a6f2dce612fadd2ef1f519b73551f17e85199831"
integrity sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==
+defer-to-connect@^2.0.0:
+ version "2.0.1"
+ resolved "https://registry.yarnpkg.com/defer-to-connect/-/defer-to-connect-2.0.1.tgz#8016bdb4143e4632b77a3449c6236277de520587"
+ integrity sha512-4tvttepXG1VaYGrRibk5EwJd1t4udunSOVMdLSAL6mId1ix438oPwPZMALY41FCijukO1L0twNcGsdzS7dHgDg==
+
define-properties@^1.1.3:
version "1.1.3"
resolved "https://registry.yarnpkg.com/define-properties/-/define-properties-1.1.3.tgz#cf88da6cbee26fe6db7094f61d870cbd84cee9f1"
@@ -1719,6 +1898,38 @@ execall@^2.0.0:
dependencies:
clone-regexp "^2.1.0"
+expand-brackets@^2.1.4:
+ version "2.1.4"
+ resolved "https://registry.yarnpkg.com/expand-brackets/-/expand-brackets-2.1.4.tgz#b77735e315ce30f6b6eff0f83b04151a22449622"
+ integrity sha1-t3c14xXOMPa27/D4OwQVGiJEliI=
+ dependencies:
+ debug "^2.3.3"
+ define-property "^0.2.5"
+ extend-shallow "^2.0.1"
+ posix-character-classes "^0.1.0"
+ regex-not "^1.0.0"
+ snapdragon "^0.8.1"
+ to-regex "^3.0.1"
+
+express-openid-connect@^2.3.1:
+ version "2.3.1"
+ resolved "https://registry.yarnpkg.com/express-openid-connect/-/express-openid-connect-2.3.1.tgz#0718f85bbb85bcaca98a63c899733252cfba6d4d"
+ integrity sha512-BSim0jK/Y6Ha/6NbichWuOVhLat/Y1pZGe8P49hWoLgc9wh+b1iugEVRUeLrM7ahIZOnI4nLN7QKVhSk6gXfkw==
+ dependencies:
+ base64url "^3.0.1"
+ cb "^0.1.0"
+ clone "^2.1.2"
+ cookie "^0.4.1"
+ debug "^4.1.1"
+ futoin-hkdf "^1.3.2"
+ http-errors "^1.7.3"
+ joi "^17.4.0"
+ jose "^2.0.5"
+ on-headers "^1.0.2"
+ openid-client "^4.0.0"
+ p-memoize "^4.0.0"
+ url-join "^4.0.1"
+
express@^5.0.0-alpha.8:
version "5.0.0-alpha.8"
resolved "https://registry.yarnpkg.com/express/-/express-5.0.0-alpha.8.tgz#b9dd3a568eab791e3391db47f9e6ab91e61b13fe"
@@ -2184,6 +2395,11 @@ htmlparser2@~4.1.0:
domutils "^2.0.0"
entities "^2.0.0"
+http-cache-semantics@^4.0.0:
+ version "4.1.0"
+ resolved "https://registry.yarnpkg.com/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz#49e91c5cbf36c9b94bcfcd71c23d5249ec74e390"
+ integrity sha512-carPklcUh7ROWRK7Cv27RPtdhYhUsela/ue5/jKzjegVvXDqM2ILE9Q2BGn9JZJh1g87cp56su/FgQSzcWS8cQ==
+
http-errors@1.7.2:
version "1.7.2"
resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.7.2.tgz#4f5029cf13239f31036e5b2e55292bcfbcc85c8f"
@@ -2217,6 +2433,17 @@ http-errors@~1.7.2:
statuses ">= 1.5.0 < 2"
toidentifier "1.0.0"
+http-errors@^1.7.3:
+ version "1.8.0"
+ resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.8.0.tgz#75d1bbe497e1044f51e4ee9e704a62f28d336507"
+ integrity sha512-4I8r0C5JDhT5VkvI47QktDW75rNlGVsUf/8hzjCC/wkWI/jdTRmBb9aI7erSG82r1bjKY3F6k28WnsVxB1C73A==
+ dependencies:
+ depd "~1.1.2"
+ inherits "2.0.4"
+ setprototypeof "1.2.0"
+ statuses ">= 1.5.0 < 2"
+ toidentifier "1.0.0"
+
http-proxy-agent@^4.0.0, http-proxy-agent@^4.0.1:
version "4.0.1"
resolved "https://registry.yarnpkg.com/http-proxy-agent/-/http-proxy-agent-4.0.1.tgz#8a8c8ef7f5932ccf953c296ca8291b95aa74aa3a"
@@ -2562,6 +2789,24 @@ jju@^1.4.0:
resolved "https://registry.yarnpkg.com/jju/-/jju-1.4.0.tgz#a3abe2718af241a2b2904f84a625970f389ae32a"
integrity sha1-o6vicYryQaKykE+EpiWXDzia4yo=
+joi@^17.4.0:
+ version "17.4.0"
+ resolved "https://registry.yarnpkg.com/joi/-/joi-17.4.0.tgz#b5c2277c8519e016316e49ababd41a1908d9ef20"
+ integrity sha512-F4WiW2xaV6wc1jxete70Rw4V/VuMd6IN+a5ilZsxG4uYtUXWu2kq9W5P2dz30e7Gmw8RCbY/u/uk+dMPma9tAg==
+ dependencies:
+ "@hapi/hoek" "^9.0.0"
+ "@hapi/topo" "^5.0.0"
+ "@sideway/address" "^4.1.0"
+ "@sideway/formula" "^3.0.0"
+ "@sideway/pinpoint" "^2.0.0"
+
+jose@^2.0.0, jose@^2.0.4:
+ version "2.0.4"
+ resolved "https://registry.yarnpkg.com/jose/-/jose-2.0.4.tgz#7838354d28f64466db9fc7f275aa8a96db656f37"
+ integrity sha512-EArN9f6aq1LT/fIGGsfghOnNXn4noD+3dG5lL/ljY3LcRjw1u9w+4ahu/4ahsN6N0kRLyyW6zqdoYk7LNx3+YQ==
+ dependencies:
+ "@panva/asn1.js" "^1.0.0"
+
js-tokens@^4.0.0:
version "4.0.0"
resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499"
@@ -2732,6 +2977,11 @@ longest-streak@^2.0.0:
resolved "https://registry.yarnpkg.com/longest-streak/-/longest-streak-2.0.4.tgz#b8599957da5b5dab64dee3fe316fa774597d90e4"
integrity sha512-vM6rUVCVUJJt33bnmHiZEvr7wPT78ztX7rojL+LW51bHtLh6HTjx84LA5W4+oa6aKEJA7jJu5LR6vQRBpA5DVg==
+lowercase-keys@^2.0.0:
+ version "2.0.0"
+ resolved "https://registry.yarnpkg.com/lowercase-keys/-/lowercase-keys-2.0.0.tgz#2603e78b7b4b0006cbca2fbcc8a3202558ac9479"
+ integrity sha512-tqNXrS78oMOE73NMxK4EMLQsQowWf8jKooH9g7xPavRT706R6bkQJ6DY2Te7QukaZsulxa30wQ7bk0pm4XiHmA==
+
lru-cache@^5.1.1:
version "5.1.1"
resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-5.1.1.tgz#1da27e6710271947695daf6848e847f01d84b920"
@@ -2753,7 +3003,7 @@ make-dir@^3.1.0:
dependencies:
semver "^6.0.0"
-make-error@^1.1.1:
+make-error@^1.1.1, make-error@^1.3.6:
version "1.3.6"
resolved "https://registry.yarnpkg.com/make-error/-/make-error-1.3.6.tgz#2eb2e37ea9b67c4891f684a1394799af484cf7a2"
integrity sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==
@@ -2825,6 +3075,14 @@ media-typer@0.3.0:
resolved "https://registry.yarnpkg.com/media-typer/-/media-typer-0.3.0.tgz#8710d7af0aa626f8fffa1ce00168545263255748"
integrity sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g=
+mem@^6.0.1:
+ version "6.1.1"
+ resolved "https://registry.yarnpkg.com/mem/-/mem-6.1.1.tgz#ea110c2ebc079eca3022e6b08c85a795e77f6318"
+ integrity sha512-Ci6bIfq/UgcxPTYa8dQQ5FY3BzKkT894bwXWXxC/zqs0XgMO2cT20CGkOqda7gZNkmK5VP4x89IGZ6K7hfbn3Q==
+ dependencies:
+ map-age-cleaner "^0.1.3"
+ mimic-fn "^3.0.0"
+
meow@^9.0.0:
version "9.0.0"
resolved "https://registry.yarnpkg.com/meow/-/meow-9.0.0.tgz#cd9510bc5cac9dee7d03c73ee1f9ad959f4ea364"
@@ -3083,7 +3341,13 @@ object.values@^1.1.3:
define-properties "^1.1.3"
es-abstract "^1.18.0-next.2"
has "^1.0.3"
+ function-bind "^1.1.1"
+oidc-token-hash@^5.0.1:
+ version "5.0.1"
+ resolved "https://registry.yarnpkg.com/oidc-token-hash/-/oidc-token-hash-5.0.1.tgz#ae6beec3ec20f0fd885e5400d175191d6e2f10c6"
+ integrity sha512-EvoOtz6FIEBzE+9q253HsLCVRiK/0doEJ2HCvvqMQb3dHZrP3WlJKYtJ55CRTw4jmYomzH4wkPuCj/I3ZvpKxQ==
+
on-finished@~2.3.0:
version "2.3.0"
resolved "https://registry.yarnpkg.com/on-finished/-/on-finished-2.3.0.tgz#20f1336481b083cd75337992a16971aa2d906947"
@@ -3091,7 +3355,7 @@ on-finished@~2.3.0:
dependencies:
ee-first "1.1.1"
-on-headers@~1.0.2:
+on-headers@^1.0.2, on-headers@~1.0.2:
version "1.0.2"
resolved "https://registry.yarnpkg.com/on-headers/-/on-headers-1.0.2.tgz#772b0ae6aaa525c399e489adfad90c403eb3c28f"
integrity sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==
@@ -3103,6 +3367,32 @@ once@^1.3.0:
dependencies:
wrappy "1"
+onetime@^2.0.0:
+ version "2.0.1"
+ resolved "https://registry.yarnpkg.com/onetime/-/onetime-2.0.1.tgz#067428230fd67443b2794b22bba528b6867962d4"
+ integrity sha1-BnQoIw/WdEOyeUsiu6UotoZ5YtQ=
+ dependencies:
+ mimic-fn "^1.0.0"
+
+openid-client@^4.0.0:
+ version "4.6.0"
+ resolved "https://registry.yarnpkg.com/openid-client/-/openid-client-4.6.0.tgz#ea279bc9f95d1a7b384a60eab6f3d93f1baa18a5"
+ integrity sha512-MzXjC83Lzh3GuYVHsBaUCcIjZ1bGYHlYSK1rfCLCtBMZn5GBq++b83x4Blcg3kpAI1QveRGNMIRYBq6OP1uiKg==
+ dependencies:
+ aggregate-error "^3.1.0"
+ got "^11.8.0"
+ jose "^2.0.5"
+ lru-cache "^6.0.0"
+ make-error "^1.3.6"
+ object-hash "^2.0.1"
+ oidc-token-hash "^5.0.1"
+
+opn@^5.1.0:
+ version "5.5.0"
+ resolved "https://registry.yarnpkg.com/opn/-/opn-5.5.0.tgz#fc7164fab56d235904c51c3b27da6758ca3b9bfc"
+ integrity sha512-PqHpggC9bLV0VeWcdKhkpxY+3JTzetLSqTCWL/z/tFIbI6G8JCjondXklT1JinczLz2Xib62sSp0T/gKT4KksA==
+ dependencies:
+ is-wsl "^1.1.0"
opencollective-postinstall@^2.0.3:
version "2.0.3"
resolved "https://registry.yarnpkg.com/opencollective-postinstall/-/opencollective-postinstall-2.0.3.tgz#7a0fff978f6dbfa4d006238fbac98ed4198c3259"
@@ -3137,6 +3427,16 @@ os-tmpdir@^1.0.1:
resolved "https://registry.yarnpkg.com/os-tmpdir/-/os-tmpdir-1.0.2.tgz#bbe67406c79aa85c5cfec766fe5734555dfa1274"
integrity sha1-u+Z0BseaqFxc/sdm/lc0VV36EnQ=
+p-cancelable@^2.0.0:
+ version "2.1.0"
+ resolved "https://registry.yarnpkg.com/p-cancelable/-/p-cancelable-2.1.0.tgz#4d51c3b91f483d02a0d300765321fca393d758dd"
+ integrity sha512-HAZyB3ZodPo+BDpb4/Iu7Jv4P6cSazBz9ZM0ChhEXp70scx834aWCEjQRwgt41UzzejUAPdbqqONfRWTPYrPAQ==
+
+p-defer@^1.0.0:
+ version "1.0.0"
+ resolved "https://registry.yarnpkg.com/p-defer/-/p-defer-1.0.0.tgz#9f6eb182f6c9aa8cd743004a7d4f96b196b0fb0c"
+ integrity sha1-n26xgvbJqozXQwBKfU+WsZaw+ww=
+
p-limit@^1.1.0:
version "1.3.0"
resolved "https://registry.yarnpkg.com/p-limit/-/p-limit-1.3.0.tgz#b86bd5f0c25690911c7590fcbfc2010d54b3ccb8"