forked from coder/code-server
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdomainProxy.ts
111 lines (93 loc) · 3.4 KB
/
domainProxy.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
import { Request, Router } from "express"
import { HttpCode, HttpError } from "../../common/http"
import { getHost } from "../http"
import { authenticated, ensureAuthenticated, ensureOrigin, redirect, self } from "../http"
import { proxy } from "../proxy"
import { Router as WsRouter } from "../wsRouter"
export const router = Router()
const proxyDomainToRegex = (matchString: string): RegExp => {
let escapedMatchString = matchString.replace(/[.*+?^$()|[\]\\]/g, "\\$&");
// Replace {{port}} with a regex group to capture the port
// Replace {{host}} with .+ to allow any host match (so rely on DNS record here)
let regexString = escapedMatchString.replace("{{port}}", "(\\d+)");
regexString = regexString.replace("{{host}}", ".+");
regexString = regexString.replace(/[{}]/g, "\\$&"); //replace any '{}' that might be left
return new RegExp("^" + regexString + "$");
}
let proxyRegexes : RegExp[] = [];
const proxyDomainsToRegex = (proxyDomains : string[]): RegExp[] => {
if(proxyDomains.length != proxyRegexes.length) {
proxyRegexes = proxyDomains.map(proxyDomainToRegex);
}
return proxyRegexes;
}
/**
* Return the port if the request should be proxied. Anything that ends in a
* proxy domain and has a *single* subdomain should be proxied. Anything else
* should return `undefined` and will be handled as normal.
*
* For example if `coder.com` is specified `8080.coder.com` will be proxied
* but `8080.test.coder.com` and `test.8080.coder.com` will not.
*/
const maybeProxy = (req: Request): string | undefined => {
let reqDomain = getHost(req);
if (reqDomain === undefined) {
return undefined;
}
let regexs = proxyDomainsToRegex(req.args["proxy-domain"]);
for(let regex of regexs){
let match = reqDomain.match(regex);
if (match) {
return match[1]; // match[1] contains the port
}
}
return undefined
}
router.all("*", async (req, res, next) => {
const port = maybeProxy(req)
if (!port) {
return next()
}
// Must be authenticated to use the proxy.
const isAuthenticated = await authenticated(req)
if (!isAuthenticated) {
// Let the assets through since they're used on the login page.
if (req.path.startsWith("/static/") && req.method === "GET") {
return next()
}
// Assume anything that explicitly accepts text/html is a user browsing a
// page (as opposed to an xhr request). Don't use `req.accepts()` since
// *every* request that I've seen (in Firefox and Chromium at least)
// includes `*/*` making it always truthy. Even for css/javascript.
if (req.headers.accept && req.headers.accept.includes("text/html")) {
// Let the login through.
if (/\/login\/?/.test(req.path)) {
return next()
}
// Redirect all other pages to the login.
const to = self(req)
return redirect(req, res, "login", {
to: to !== "/" ? to : undefined,
})
}
// Everything else gets an unauthorized message.
throw new HttpError("Unauthorized", HttpCode.Unauthorized)
}
proxy.web(req, res, {
ignorePath: true,
target: `http://0.0.0.0:${port}${req.originalUrl}`,
})
})
export const wsRouter = WsRouter()
wsRouter.ws("*", async (req, _, next) => {
const port = maybeProxy(req)
if (!port) {
return next()
}
ensureOrigin(req)
await ensureAuthenticated(req)
proxy.ws(req, req.ws, req.head, {
ignorePath: true,
target: `http://0.0.0.0:${port}${req.originalUrl}`,
})
})