Skip to content

feat: add passwordFile, hashedPasswordFile, githubAuthTokenFile and absProxyBasePath options#10

Merged
DanielleMaywood merged 4 commits intomainfrom
dm-add-password
Apr 28, 2025
Merged

feat: add passwordFile, hashedPasswordFile, githubAuthTokenFile and absProxyBasePath options#10
DanielleMaywood merged 4 commits intomainfrom
dm-add-password

Conversation

@DanielleMaywood
Copy link
Collaborator

@DanielleMaywood DanielleMaywood commented Apr 23, 2025
edited
Loading

Closes coder/internal#462

Adds the final four options

  • passwordFile
  • hashedPasswordFile
  • githubAuthTokenFile
  • absProxyBasePath

The decision to pass credentials via a file instead of embedding them directly in the devcontainer.json is to allow people the ability to not commit the password to source control.

With these final four options added we should have feature parity with the CLI.

@DanielleMaywood DanielleMaywood self-assigned this Apr 23, 2025
@DanielleMaywood DanielleMaywood requested a review from Copilot April 23, 2025 17:39
Copilot AI reviewed Apr 23, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces two new configuration options for code-server to improve security by using external password files instead of hardcoded values.

  • Adds the hashedPasswordFile option, which uses an Argon2-hashed password that takes priority over passwordFile.
  • Adds the passwordFile option to allow direct password authentication via a file.
Files not reviewed (7)
  • src/code-server/devcontainer-feature.json: Language not supported
  • src/code-server/install.sh: Language not supported
  • test/code-server/code-server-hashed-password-file.sh: Language not supported
  • test/code-server/code-server-hashed-password-file/Dockerfile: Language not supported
  • test/code-server/code-server-password-file.sh: Language not supported
  • test/code-server/code-server-password-file/Dockerfile: Language not supported
  • test/code-server/scenarios.json: Language not supported

@DanielleMaywood DanielleMaywood changed the title feat: add passwordFile and hashedPasswordFile options feat: add passwordFile, hashedPasswordFile, githubAuthTokenFile and absProxyBasePath options Apr 24, 2025
@DanielleMaywood DanielleMaywood marked this pull request as ready for review April 24, 2025 09:53
mafredri
mafredri approved these changes Apr 28, 2025
View reviewed changes
src/code-server/install.sh Outdated
Comment on lines 123 to 124
if [[ -f "$PASSWORDFILE" ]]; then
export PASSWORD="\$(cat '$PASSWORDFILE')"
Copy link
Member

@mafredri mafredri Apr 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if [[ -f "$PASSWORDFILE" ]]; then
export PASSWORD="\$(cat '$PASSWORDFILE')"
export PASSWORD="\$(<"$PASSWORDFILE")"

Minor: useless use of cat 😄 and " is fine within $().

We don't have the same shell safety for inputs here (as with declare -p) but arguably if someone passes a file name with " in it then they might have other problems too.

@DanielleMaywood DanielleMaywood merged commit 8772e2b into main Apr 28, 2025
8 checks passed
@DanielleMaywood DanielleMaywood deleted the dm-add-password branch April 28, 2025 10:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mafredri mafredri mafredri approved these changes

Assignees

@DanielleMaywood DanielleMaywood

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Create devcontainer feature for code-server

2 participants

@DanielleMaywood @mafredri