util: Generate self signed certificate into data directory

nhooyr · nhooyr · commit 10b302819619 · 2020-10-30T13:36:53.000-04:00
Closes #1778
diff --git a/doc/FAQ.md b/doc/FAQ.md
@@ -144,6 +144,9 @@ For HTTPS, you can use a self signed certificate by passing in just `--cert` or
 pass in an existing certificate by providing the path to `--cert` and the path to
 the key with `--cert-key`.
 
+The self signed certificate will be generated into
+`~/.local/share/code-server/self-signed.cert`.
+
 If `code-server` has been passed a certificate it will also respond to HTTPS
 requests and will redirect all HTTP requests to HTTPS.
 
diff --git a/src/node/entry.ts b/src/node/entry.ts
@@ -209,7 +209,7 @@ const main = async (args: Args, configArgs: Args): Promise<void> => {
     logger.info(
       args.cert && args.cert.value
         ? `  - Using provided certificate and key for HTTPS`
-        : `  - Using generated certificate and key for HTTPS`,
+        : `  - Using generated certificate and key for HTTPS: ${humanPath(options.cert)}`,
     )
   } else {
     logger.info("  - Not serving HTTPS")
diff --git a/src/node/util.ts b/src/node/util.ts
@@ -55,11 +55,10 @@ export function humanPath(p?: string): string {
 }
 
 export const generateCertificate = async (): Promise<{ cert: string; certKey: string }> => {
-  const paths = {
-    cert: path.join(tmpdir, "self-signed.cert"),
-    certKey: path.join(tmpdir, "self-signed.key"),
-  }
-  const checks = await Promise.all([fs.pathExists(paths.cert), fs.pathExists(paths.certKey)])
+  const certPath = path.join(paths.data, "self-signed.cert")
+  const certKeyPath = path.join(paths.data, "self-signed.key")
+
+  const checks = await Promise.all([fs.pathExists(certPath), fs.pathExists(certKeyPath)])
   if (!checks[0] || !checks[1]) {
     // Require on demand so openssl isn't required if you aren't going to
     // generate certificates.
@@ -69,10 +68,13 @@ export const generateCertificate = async (): Promise<{ cert: string; certKey: st
         return error ? reject(error) : resolve(result)
       })
     })
-    await fs.mkdirp(tmpdir)
-    await Promise.all([fs.writeFile(paths.cert, certs.certificate), fs.writeFile(paths.certKey, certs.serviceKey)])
+    await fs.mkdirp(paths.data)
+    await Promise.all([fs.writeFile(certPath, certs.certificate), fs.writeFile(certKeyPath, certs.serviceKey)])
+  }
+  return {
+    cert: certPath,
+    certKey: certKeyPath,
   }
-  return paths
 }
 
 export const generatePassword = async (length = 24): Promise<string> => {

Original file line number	Diff line number	Diff line change
`@@ -209,7 +209,7 @@ const main = async (args: Args, configArgs: Args): Promise<void> => {`
`209`	`209`	`logger.info(`
`210`	`210`	`args.cert && args.cert.value`
`211`	`211`	? ` - Using provided certificate and key for HTTPS`
`212`		- : ` - Using generated certificate and key for HTTPS`,
	`212`	+ : ` - Using generated certificate and key for HTTPS: ${humanPath(options.cert)}`,
`213`	`213`	`)`
`214`	`214`	`} else {`
`215`	`215`	`logger.info(" - Not serving HTTPS")`