Add authentication flow

Author: code-asher

src/auth.test.ts

@@ -0,0 +1,10 @@
+// import * as assert from "assert"
+import * as vscode from "vscode"
+// import * as auth from "./download"
+
+suite("Authenticate", () => {
+  vscode.window.showInformationMessage("Start authenticate tests.")
+
+  // TODO: Implement.
+  test("authenticate")
+})

src/auth.ts

@@ -0,0 +1,76 @@
+import { promises as fs } from "fs"
+import * as os from "os"
+import * as path from "path"
+import * as vscode from "vscode"
+import { debug } from "./utils"
+
+const getConfigDir = (): string => {
+  // The CLI uses localConfig from https://github.com/kirsle/configdir.
+  switch (process.platform) {
+    case "win32":
+      return process.env.APPDATA || path.join(os.homedir(), "AppData/Roaming")
+    case "darwin":
+      return path.join(os.homedir(), "Library/Application Support")
+    case "linux":
+      return process.env.XDG_CONFIG_HOME || path.join(os.homedir(), ".config")
+  }
+  throw new Error(`Unsupported platform ${process.platform}`)
+}
+
+/**
+ * Authenticate the Coder CLI.
+ */
+const doAuthenticate = async (accessUrl?: string, token?: string): Promise<void> => {
+  if (!accessUrl) {
+    debug(`  - No access URL, querying user`)
+    accessUrl = await vscode.window.showInputBox({
+      prompt: "Coder URL",
+      placeHolder: "https://my.coder.domain",
+    })
+    if (!accessUrl) {
+      throw new Error("Unable to authenticate; no access URL was provided")
+    }
+  }
+
+  // TODO: This step can be automated if we make the internal-auth endpoint
+  // automatically open another VS Code URI.
+  if (!token) {
+    debug(`  - No token, querying user`)
+    const url = vscode.Uri.parse(`${accessUrl}/internal-auth?show_token=true`)
+    const opened = await vscode.env.openExternal(url)
+    debug(`  - Opened ${url}: ${opened}`)
+    token = await vscode.window.showInputBox({
+      ignoreFocusOut: true,
+      placeHolder: "Paste your token here",
+      prompt: `Token from ${url.toString(true)}`,
+    })
+    if (!token) {
+      throw new Error("Unable to authenticate; no token was provided")
+    }
+  }
+
+  // TODO: Using the login command would be ideal but it unconditionally opens a
+  // browser.  To work around this write to the config files directly.  We
+  // cannot use the env-paths module because the library the CLI is using
+  // implements both Windows and macOS paths differently.
+  const dir = path.join(getConfigDir(), "coder")
+  await fs.mkdir(dir, { recursive: true })
+  await Promise.all([fs.writeFile(path.join(dir, "session"), token), fs.writeFile(path.join(dir, "url"), accessUrl)])
+}
+
+/** Only allow one at a time. */
+let promise: Promise<void> | undefined
+
+export const authenticate = async (accessUrl?: string, token?: string): Promise<void> => {
+  if (!promise) {
+    promise = (async (): Promise<void> => {
+      try {
+        return await doAuthenticate(accessUrl, token)
+      } finally {
+        promise = undefined
+      }
+    })()
+  }
+
+  return promise
+}

src/exec.ts

@@ -3,6 +3,7 @@ import * as path from "path"
 import * as stream from "stream"
 import { promisify } from "util"
 import * as nodeWhich from "which"
+import { authenticate } from "./auth"
 import { download } from "./download"
 import { context, debug } from "./utils"
 
@@ -36,12 +37,40 @@ export const execCoder = async (command: string, opts?: CoderOptions): Promise<s
   debug(`Run command: ${command}`)
 
   const invocation = coderInvocation()
-  const cmd = (await binaryExists(invocation.cmd))
-    ? [invocation.cmd, ...invocation.args].join(" ")
-    : await download(opts?.version || "latest", path.join(await context().globalStoragePath, invocation.cmd))
+  let coderBinary = [invocation.cmd, ...invocation.args].join(" ")
 
-  const output = await promisify(cp.exec)(cmd + " " + command)
-  return output.stdout
+  try {
+    if (!(await binaryExists(invocation.cmd))) {
+      coderBinary = await download(
+        opts?.version || "latest",
+        path.join(await context().globalStoragePath, invocation.cmd),
+      )
+    }
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  } catch (error: any) {
+    // Re-throw with some guidance on how to manually install.
+    throw new Error(`${error.message.trim()}. Please [install manually](https://coder.com/docs/cli/installation).`)
+  }
+
+  try {
+    const output = await promisify(cp.exec)(coderBinary + " " + command)
+    return output.stdout
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  } catch (error: any) {
+    // See if the error appears to be related to the token or login.  If it does
+    // we will try authenticating then run the command again.
+    // TODO: Since this relies on stderr output being a certain way it might be
+    // better if the CLI had a command for checking the login status.
+    if (/Session-Token|credentials|API key|401/.test(error.stderr)) {
+      await authenticate(opts?.accessUri, opts?.token)
+      const output = await promisify(cp.exec)(coderBinary + " " + command)
+      return output.stdout
+    } else {
+      // Otherwise it is some other kind of error, like the command does not
+      // exist or the binary is gone, etc.
+      throw error
+    }
+  }
 }
 
 /**