archive-gh-me/gitpod
1
0
Fork 0
mirror of https://github.com/gitpod-io/gitpod.git synced 2025-12-08 17:36:30 +00:00
Code Issues Projects Releases Wiki Activity
12,293 Commits 1,231 Branches 1,883 Tags
Commit Graph

138 Commits

Author SHA1 Message Date
iQQBot
b888cca216
[dev] update dev image (#20417) 
* [dev] update dev image

* update cookie test
 2024-12-05 10:55:12 -05:00
Pudong
9e0f6e13d7
[ws-proxy] close connection if workspace or port stopped share (#20248) 
* remove useless InfoProvider

* close connection if visibility change

* nit: fix typo

* fn name typo fix

---------

Co-authored-by: Filip Troníček <filip@gitpod.io>
 2024-09-27 10:20:12 -04:00
Kyle Brennan
2be52daba4
[ws-proxy] introduce RED metrics, including a http_version label (#20196) 
* Introduce RED metrics for ws-proxy

Originally from https://github.com/gitpod-io/gitpod/pull/17294

Co-authored-by: Anton Kosyakov <anton@gitpod.io>

* Remove unused var

* [ws-proxy] fix crash loop backoff (WIP)

I think for this value to be populated, we'll need to "bubble up" httpVersion (like what was done with many methods and resource) 🤔 Think of a better way.

* Add namespace and subsystem to metrics

* Set a value for http_version label

* Persist http_version for server metrics

* Code review feedback

---------

Co-authored-by: Anton Kosyakov <anton@gitpod.io>
 2024-09-16 11:40:01 -04:00
mustard
f8fc9461e6
[ws-proxy] remove cors settings (#20198) 2024-09-11 09:06:57 -04:00
Gero Posmyk-Leinemann
414ee45983
[supervisor] Frontend: re-try + track "checkReady" (#20175) 
* [ws-proxy] Log whenever we can't connect to an upstream

* [protocol] Fix linter error

* [supervisor] Frontend: re-connect every 5s + track behavior

* [supervisor] Frontend: Guard connection re-try with feature flag "supervisor_check_ready_retry"
 2024-09-05 10:54:48 -04:00
mustard
309a32e82e
Improve CORS settings (#20154) 
* Remove allowCredentials

* fix tests

* Revert "Remove allowCredentials"

This reverts commit 06624ee50c7f231e2f1bce6ab96d347ee859be20.

* Use FeatureFlag `ws_proxy_cors_enabled`

* Fix test failed

* fixup

* fix network

* fixup
 2024-08-29 03:03:41 -04:00
Filip Troníček
da1053e101
Make auth cookie stricter (#19973) 
* Use `__Host-` prefix for cookie

* Fix tests

* Remove domain from cookie

* Fix logout

* remove unused fn

* fix user logout properly

* [server] Make domain-only cookie work for GitHub oauth login

... by adding additional step so we can set the cookie for the base domain only

* test: fix by redirecting before callbacl/authorize

* [server] SessionHandler: Allow to login with both primary and secondary cookies

* [server] Clear 2ndary cookie on logout

* Fix filtering cookie values when primary cookie is empty

* Fix logouts

* Fix tests

---------

Co-authored-by: Gero Posmyk-Leinemann <gero@gitpod.io>
 2024-07-01 08:53:14 +02:00
Gero Posmyk-Leinemann
eca86a2111
[ws-proxy] Filter cookies on all routes that send traffic to the workspace (except supervisor) (#19773) 
* [ws-proxy] Filter cookies on all routes that send traffic to the workspace (except supervisor)

* [ws-proxy] more tests
 2024-05-28 14:45:08 +08:00
Gero Posmyk-Leinemann
f079d8dc81
[server, ws-proxy] Test cookie filter against real name generator (#19770) 
* [server, ws-proxy] Extract CookieNameFromDomain into server/go, so installer (for config generation) and ws-proxy (for tests) can both depend on it

* review comment
 2024-05-27 15:27:07 +08:00
Gero Posmyk-Leinemann
486dab1bbf
[ws-proxy] Tighten cookie filter (#19672) 2024-04-26 11:03:04 +02:00
Pudong
9759f0081c
[ws-proxy] use ecdsa private key for createKey fake api (#19211) 2023-12-11 16:59:18 +02:00
Pudong
7f83e2f592
[ws-proxy] only get username if workspace not managed by mk2 (#19180) 
* [ws-proxy] only get username if workspace not managed by mk2

* remove ssh key from infoprovider

* improve logs

* Update components/ws-proxy/pkg/sshproxy/server.go
 2023-12-01 21:41:09 +02:00
Pudong
555c738cd0
hook create key route in ws-proxy (#19174) 2023-11-30 19:28:07 +02:00
Pudong
10fe5b9699
[sshgateway] use ssh CA to auth (#19147) 
* [sshgateway] use ssh CA to auth

* change name

* add error log

* fix

* mark volume optional

* [installer] validate ssh-ca secret

* Revert "[installer] validate ssh-ca secret"

This reverts commit ca6ede78a7b5a720fd315eca32eb277cb5063069.

We must support the scenario where the installer has the secret, but, it is not in the cluster yet.

---------

Co-authored-by: Kyle Brennan <kyle@gitpod.io>
 2023-11-30 19:17:08 +02:00
Manuel Alejandro de Brito Fontes
453bf6ea4a
Refactor configuration of workspace SSH key (#19059) 
* Refactor configuration of workspace SSH key

* Update go modules

* Update CRD

* only add SSH Key to workspace CR (#19130)

---------

Co-authored-by: Pudong <tianshi8650@gmail.com>
 2023-11-24 15:55:01 +02:00
Pudong
34674c7fdb
Migrate the ssh tunnel from supervisor to ws-proxy (#19119) 
* Migrate the ssh tunnel from supervisor to ws-proxy

* Add metrics for tunnel open and close
 2023-11-24 14:21:02 +02:00
Milan Pavlik
f500e391dc
[ws-proxy] Add /health route (#18915) 
* [ws-proxy] Add /health route

* retest
 2023-10-12 17:29:21 +03:00
Manuel Alejandro de Brito Fontes
882ac56e7f
Reduce log verbosity (#18664) 2023-09-05 23:49:02 +02:00
Manuel Alejandro de Brito Fontes
5791909dc4
[ws-proxy] Implement graceful shutdown (#18583) 
* [ws-proxy] Implement graceful shutdown

* Align termination grace period with http shutdown timeout

* Address feedback

* Configure http server timeouts
 2023-08-28 18:25:54 +02:00
Thomas Schubart
df861c3929
[ws-proxy] Return last instance if multiple instances are found (#17985) 2023-06-21 16:06:11 +08:00
Wouter Verlaek
5ec09a8218
[ws-proxy] Remove pod info provider (#17992) 
* [ws-proxy] Remove pod info provider

* Remove unused methods
 2023-06-20 23:07:10 +08:00
Pudong
fcaf1b3ffa
Check workspace phase in ssh-gateway before connect to workspace (#17876) 2023-06-13 13:53:03 +08:00
Anton Kosyakov
9a6cd07534
[ws-proxy] don't hit blobserve with web sockets (#17558) 
instead fallback directly to workspace
 2023-06-05 14:08:55 +08:00
Pudong
176393a0c8
Add support to forward https protocol port (#17644) 
* add support to forward https protocol port

* Update components/ws-proxy/pkg/proxy/routes.go

Co-authored-by: Kyle Brennan <kyle@gitpod.io>

---------

Co-authored-by: Kyle Brennan <kyle@gitpod.io>
 2023-05-19 15:22:53 +08:00
Manuel Alejandro de Brito Fontes
aa61917989
Remove TLS EOF errors from logs (#16930) 
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
 2023-03-21 10:23:13 +01:00
Thomas Schubart
2c259c4dc8
[ws-manager-mk2] Support public SSH keys (#16413) 2023-03-13 14:50:49 +01:00
Huiwen
12ed1367f4 Reuse the same workspace patterns 2023-02-07 09:43:45 +01:00
Christian Weichel
9992d4fa32 [ws-proxy] Support workspace CRD 2023-01-23 14:14:30 +01:00
Anton Kosyakov
959e584b55 [ws-proxy] support ports location for debug workspace 
It is a prerequisite to https://github.com/gitpod-io/gitpod/pull/15795. Based on Pudong's work from https://github.com/gitpod-io/gitpod/pull/15687.

Co-authored-by: Pudong Zheng <tianshi8650@gmail.com>
 2023-01-20 09:44:27 +01:00
Anton Kosyakov
697696029b [gp-run] experimental workspace config debug mode 
Co-authored-by: Anton Kosyakov <anton@gitpod.io>
Co-authored-by: Victor Nogueira <victor@gitpod.io>
Co-authored-by: Andrea Falzetti <andrea@gitpod.io>
 2023-01-09 06:32:48 +01:00
Christian Weichel
478a75e744 Switch license to AGPL 2022-12-08 13:05:19 -03:00
Jean Pierre
9adc2e0458 Minor cleanup 2022-10-03 22:20:19 +02:00
Jean Pierre
350404f82d Add vscode callback route 2022-09-12 20:25:13 +02:00
Victor Nogueira
fe690d2782 Remove the port number from "X-Forwarded-Host" header as it's is already defined in "X-Forwarded-Port" 2022-07-09 18:16:56 +05:30
Pudong Zheng
dc33a0b1ca [ws-proxy] use target host for foreign resource 2022-07-06 13:40:53 +05:30
Pudong Zheng
394eda070c [ws-proxy] remove blobserve readonly mode 2022-07-06 13:40:53 +05:30
Pudong Zheng
2f5e402524 [ws-proxy] Add test case for blobserve and workspace port 2022-07-05 14:17:52 +05:30
Victor Nogueira
a5e828ffa2 Add X-Forwarded-Port header 
It's required by some software, like [FusionAuth](https://fusionauth.io/).
 2022-07-04 17:20:51 +05:30
Pudong Zheng
cf6a34ae6b [ws-proxy] not use target host when serve workspace port route 2022-07-01 15:34:39 +05:30
Pudong Zheng
9dc436aa92 [SSH Gateway] remove priavte key requirement when ownerToken is provide 2022-06-17 12:13:26 +05:30
Pudong Zheng
fe6e39e3a3 [workspace] support user upload ssh keys 
Co-authored-by: Huiwen <huiwen@gitpod.io>
Co-authored-by: Christian Weichel <chris@gitpod.io>
Co-authored-by: Pavel Tumik <18602811+sagor999@users.noreply.github.com>
 2022-06-15 22:58:25 +05:30
Pudong Zheng
c8794637a3 [ws-proxy] use ide-proxy to serve blobserv 2022-06-10 02:47:19 +05:30
Pudong Zheng
c2b3752c39 Add OwnerUserId in workspaceInfo 
patch
 2022-05-19 12:06:33 +05:30
Jean Pierre
aa2c51c804 Serve webview resources from blobserve 2022-05-19 08:12:33 +05:30
Pavel Tumik
ede6cace47 [ws-proxy] fix ACME challenge handler 2022-04-19 05:58:31 +05:30
Manuel Alejandro de Brito Fontes
0ac53c0794 [ws-proxy] Deny ACME challenges 2022-04-07 18:40:20 +05:30
Jean Pierre
8dd2ddd844 Add new foreign route 2022-03-15 13:12:21 +05:30
Pudong Zheng
8fa98f9e68 add ssh_host_key router 2022-02-21 16:43:01 +05:30
Gero Posmyk-Leinemann
c0bbf911db [dashboard, ws-proxy, supervisor] Break potential DDOS cycle by disabling autostart 
When triggered:
     a) inFrame or
     b) when redirect from IDE url (by ws-proxy)
 2022-02-14 11:06:35 +01:00
Sven Efftinge
f8086b9a25 [server] use owner and repo name for workspace id 
This change introduces optional arguments in generateWorkspaceId
for the first two segments. And makes use of it in workspace factory
using the repos org/group and name.

fixes https://github.com/gitpod-io/gitpod/issues/4129
 2022-01-07 10:33:00 +01:00