[gitpod-desktop] Connect using ssh gateway

Author: jeanp413

extensions/gitpod-web/src/util/zip.ts

@@ -160,7 +160,7 @@ function extractZip(zipfile: ZipFile, targetPath: string, options: IOptions, tok
 
 function openZip(zipFile: string, lazy: boolean = false): Promise<ZipFile> {
 	return new Promise<ZipFile>((resolve, reject) => {
-		_openZip(zipFile, lazy ? { lazyEntries: true } : undefined!, (error?: Error, zipfile?: ZipFile) => {
+		_openZip(zipFile, lazy ? { lazyEntries: true } : undefined!, (error: Error | null, zipfile?: ZipFile) => {
 			if (error) {
 				reject(toExtractError(error));
 			} else {
@@ -172,7 +172,7 @@ function openZip(zipFile: string, lazy: boolean = false): Promise<ZipFile> {
 
 function openZipStream(zipFile: ZipFile, entry: Entry): Promise<Readable> {
 	return new Promise<Readable>((resolve, reject) => {
-		zipFile.openReadStream(entry, (error?: Error, stream?: Readable) => {
+		zipFile.openReadStream(entry, (error: Error | null, stream?: Readable) => {
 			if (error) {
 				reject(toExtractError(error));
 			} else {

extensions/gitpod/extension.webpack.config.js

@@ -8,6 +8,7 @@
 'use strict';
 
 const withDefaults = require('../shared.webpack.config');
+const webpack = require('webpack');
 
 module.exports = withDefaults({
 	context: __dirname,
@@ -16,5 +17,13 @@ module.exports = withDefaults({
 	},
 	externals: {
 		'keytar': 'commonjs keytar'
-	}
+	},
+	plugins: [
+		new webpack.IgnorePlugin({
+			resourceRegExp: /crypto\/build\/Release\/sshcrypto\.node$/,
+		}),
+		new webpack.IgnorePlugin({
+			resourceRegExp: /cpu-features/,
+		})
+	]
 });

extensions/gitpod/package.json

@@ -48,6 +48,12 @@
 						"description": "Gitpod Service URL. Update this if you are using a Gitpod self-hosted installation.",
 						"default": "https://gitpod.io/",
 						"scope": "application"
+					},
+					"gitpod.remote.useLocalApp":{
+						"type":"boolean",
+						"description": "Use the local companion app to connect to a remote workspace.\nWarning: Connecting to a remote workspace using local companion app will be removed in the near future.",
+						"default": false,
+						"scope": "application"
 					}
 				}
 			},
@@ -93,6 +99,7 @@
 		"@types/crypto-js": "4.1.1",
 		"@types/node": "16.x",
 		"@types/node-fetch": "^2.5.12",
+		"@types/ssh2": "^0.5.52",
 		"@types/tmp": "^0.2.1",
 		"@types/uuid": "8.0.0",
 		"@types/ws": "^7.2.6",
@@ -105,11 +112,9 @@
 		"analytics-node": "^6.0.0",
 		"node-fetch": "2.6.7",
 		"pkce-challenge": "^3.0.0",
+		"ssh2": "^1.10.0",
 		"tmp": "^0.2.1",
 		"uuid": "8.1.0",
 		"yazl": "^2.5.1"
-	},
-	"extensionDependencies": [
-		"ms-vscode-remote.remote-ssh"
-	]
+	}
 }

extensions/gitpod/src/common/hostfile.ts

@@ -0,0 +1,40 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Gitpod. All rights reserved.
+ *--------------------------------------------------------------------------------------------*/
+
+import * as os from 'os';
+import * as fs from 'fs';
+import * as path from 'path';
+import * as crypto from 'crypto';
+
+const KNOW_HOST_FILE = path.join(os.homedir(), '.ssh', 'known_hosts');
+const HASH_MAGIC = '|1|';
+const HASH_DELIM = '|';
+
+export async function checkNewHostInHostkeys(host: string): Promise<boolean> {
+    const fileContent = await fs.promises.readFile(KNOW_HOST_FILE, { encoding: 'utf8' });
+    const lines = fileContent.split(/\r?\n/);
+    for (let line of lines) {
+        line = line.trim();
+        if (!line.startsWith(HASH_MAGIC)) {
+            continue;
+        }
+
+        const [hostEncripted_] = line.split(' ');
+        const [salt_, hostHash_] = hostEncripted_.substring(HASH_MAGIC.length).split(HASH_DELIM);
+        const hostHash = crypto.createHmac('sha1', Buffer.from(salt_, 'base64')).update(host).digest();
+        if (hostHash.toString('base64') === hostHash_) {
+            return false;
+        }
+    }
+
+    return true;
+}
+
+export async function addHostToHostFile(host: string, hostKey: Buffer, type: string): Promise<void> {
+    const salt = crypto.randomBytes(20);
+    const hostHash = crypto.createHmac('sha1', salt).update(host).digest();
+
+    const entry = `${HASH_MAGIC}${salt.toString('base64')}${HASH_DELIM}${hostHash.toString('base64')} ${type} ${hostKey.toString('base64')}\n`;
+    await fs.promises.appendFile(KNOW_HOST_FILE, entry);
+}

extensions/gitpod/src/extension.ts

@@ -5,15 +5,17 @@
 import * as vscode from 'vscode';
 import Log from './common/logger';
 import GitpodAuthenticationProvider from './authentication';
-import LocalApp from './localApp';
+import RemoteConnector from './remoteConnector';
 import { enableSettingsSync, updateSyncContext } from './settingsSync';
 import { GitpodServer } from './gitpodServer';
 import TelemetryReporter from './telemetryReporter';
 import { exportLogs } from './exportLogs';
 
 const EXTENSION_ID = 'gitpod.gitpod-desktop';
 const FIRST_INSTALL_KEY = 'gitpod-desktop.firstInstall';
-const ANALITYCS_KEY = 'bUY8IRdJ42KjLOBS9LoIHMYFBD8rSzjU';
+
+// const ANALITYCS_KEY = 'YErmvd89wPsrCuGcVnF2XAl846W9WIGl'; // For development
+const ANALITYCS_KEY = 'bUY8IRdJ42KjLOBS9LoIHMYFBD8rSzjU'; // For release
 
 let telemetry: TelemetryReporter;
 
@@ -68,16 +70,16 @@ export async function activate(context: vscode.ExtensionContext) {
 	}));
 
 	const authProvider = new GitpodAuthenticationProvider(context, logger, telemetry);
-	const localApp = new LocalApp(context, logger);
+	const remoteConnector = new RemoteConnector(context, logger, telemetry);
 	context.subscriptions.push(authProvider);
-	context.subscriptions.push(localApp);
+	context.subscriptions.push(remoteConnector);
 	context.subscriptions.push(vscode.window.registerUriHandler({
 		handleUri(uri: vscode.Uri) {
 			// logger.trace('Handling Uri...', uri.toString());
 			if (uri.path === GitpodServer.AUTH_COMPLETE_PATH) {
 				authProvider.handleUri(uri);
 			} else {
-				localApp.handleUri(uri);
+				remoteConnector.handleUri(uri);
 			}
 		}
 	}));

extensions/gitpod/src/internalApi.ts

@@ -10,7 +10,7 @@ import ReconnectingWebSocket from 'reconnecting-websocket';
 import * as vscode from 'vscode';
 import Log from './common/logger';
 
-type UsedGitpodFunction = ['getLoggedInUser', 'getGitpodTokenScopes'];
+type UsedGitpodFunction = ['getLoggedInUser', 'getGitpodTokenScopes', 'getWorkspace', 'getOwnerToken'];
 type Union<Tuple extends any[], Union = never> = Tuple[number] | Union;
 export type GitpodConnection = Omit<GitpodServiceImpl<GitpodClient, GitpodServer>, 'server'> & {
 	server: Pick<GitpodServer, Union<UsedGitpodFunction>>;
@@ -28,6 +28,8 @@ class GitpodServerApi extends vscode.Disposable {
 	constructor(accessToken: string, serviceUrl: string, private readonly logger: Log) {
 		super(() => this.internalDispose());
 
+		serviceUrl = serviceUrl.replace(/\/$/, '');
+
 		const factory = new JsonRpcProxyFactory<GitpodServer>();
 		this.service = new GitpodServiceImpl<GitpodClient, GitpodServer>(factory.createProxy());