pythononwheels
diff --git a/‎src/browser/api.ts‎
Lines changed: 3 additions & 7 deletions b/‎src/browser/api.ts‎
Lines changed: 3 additions & 7 deletions
diff --git a/‎src/browser/app.tsx‎
Lines changed: 20 additions & 9 deletions b/‎src/browser/app.tsx‎
Lines changed: 20 additions & 9 deletions
diff --git a/‎src/browser/components/modal.tsx‎
Lines changed: 0 additions & 1 deletion b/‎src/browser/components/modal.tsx‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎src/browser/index.html‎
Lines changed: 6 additions & 6 deletions b/‎src/browser/index.html‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎src/common/api.ts‎
Lines changed: 5 additions & 0 deletions b/‎src/common/api.ts‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/common/util.ts‎
Lines changed: 3 additions & 2 deletions b/‎src/common/util.ts‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎src/node/api/server.ts‎
Lines changed: 41 additions & 39 deletions b/‎src/node/api/server.ts‎
Lines changed: 41 additions & 39 deletions
diff --git a/‎src/node/app/server.tsx‎
Lines changed: 34 additions & 31 deletions b/‎src/node/app/server.tsx‎
Lines changed: 34 additions & 31 deletions
@@ -1,3 +1,4 @@
+import { getBasepath } from "hookrouter"
 import { Application, ApplicationsResponse, CreateSessionResponse, FilesResponse, RecentResponse } from "../common/api"
 import { ApiEndpoint, HttpCode, HttpError } from "../common/http"
 
@@ -18,7 +19,7 @@ export function setAuthed(authed: boolean): void {
  * Also set authed to false if the request returns unauthorized.
  */
 const tryRequest = async (endpoint: string, options?: RequestInit): Promise<Response> => {
-  const response = await fetch("/api" + endpoint + "/", options)
+  const response = await fetch(getBasepath() + "/api" + endpoint + "/", options)
   if (response.status === HttpCode.Unauthorized) {
     setAuthed(false)
   }
@@ -33,14 +34,9 @@ const tryRequest = async (endpoint: string, options?: RequestInit): Promise<Resp
  * Try authenticating.
  */
 export const authenticate = async (body?: AuthBody): Promise<void> => {
-  let formBody: URLSearchParams | undefined
-  if (body) {
-    formBody = new URLSearchParams()
-    formBody.append("password", body.password)
-  }
   const response = await tryRequest(ApiEndpoint.login, {
     method: "POST",
-    body: formBody,
+    body: JSON.stringify({ ...body, basePath: getBasepath() }),
     headers: {
       "Content-Type": "application/x-www-form-urlencoded; charset=utf-8",
     },
 
@@ -1,4 +1,4 @@
-import { getBasepath, navigate } from "hookrouter"
+import { getBasepath, navigate, setBasepath } from "hookrouter"
 import * as React from "react"
 import { Application, isExecutableApplication } from "../common/api"
 import { HttpError } from "../common/http"
@@ -11,25 +11,36 @@ export interface AppProps {
 }
 
 const App: React.FunctionComponent<AppProps> = (props) => {
-  const [authed, setAuthed] = React.useState<boolean>(!!props.options.authed)
+  const [authed, setAuthed] = React.useState<boolean>(props.options.authed)
   const [app, setApp] = React.useState<Application | undefined>(props.options.app)
   const [error, setError] = React.useState<HttpError | Error | string>()
 
-  React.useEffect(() => {
-    if (app && !isExecutableApplication(app)) {
-      navigate(normalize(`${getBasepath()}/${app.path}/`, true))
-    }
-  }, [app])
-
   if (typeof window !== "undefined") {
+    const url = new URL(window.location.origin + window.location.pathname + props.options.basePath)
+    setBasepath(normalize(url.pathname))
+
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
     ;(window as any).setAuthed = (a: boolean): void => {
       if (authed !== a) {
         setAuthed(a)
+        // TEMP: Remove when no longer auto-loading VS Code.
+        if (a && !app) {
+          setApp({
+            name: "VS Code",
+            path: "/",
+            embedPath: "/vscode-embed",
+          })
+        }
       }
     }
   }
 
+  React.useEffect(() => {
+    if (app && !isExecutableApplication(app)) {
+      navigate(normalize(`${getBasepath()}/${app.path}/`, true))
+    }
+  }, [app])
+
   return (
     <>
       {!app || !app.loaded ? (
@@ -41,7 +52,7 @@ const App: React.FunctionComponent<AppProps> = (props) => {
       )}
       <Modal app={app} setApp={setApp} authed={authed} error={error} setError={setError} />
       {authed && app && app.embedPath ? (
-        <iframe id="iframe" src={normalize(`${getBasepath()}/${app.embedPath}/`, true)}></iframe>
+        <iframe id="iframe" src={normalize(`./${app.embedPath}/`, true)}></iframe>
       ) : (
         undefined
       )}
 
@@ -128,7 +128,6 @@ export const Modal: React.FunctionComponent<ModalProps> = (props) => {
           <aside className="sidebar-nav">
             <nav className="links">
               {props.authed ? (
-                // TEMP: Remove once we don't auto-load vscode.
                 <>
                   <button className="link" onClick={(): void => setSection(Section.Recent)}>
                     Recent
 
@@ -3,17 +3,17 @@
   <head>
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">
-    <!-- <meta http-equiv="Content-Security-Policy" content="font-src 'self'; connect-src 'self'; default-src ws: wss:; style-src 'self'; script-src 'self' 'unsafe-inline'; manifest-src 'self'; img-src 'self' data:;"> -->
+    <meta http-equiv="Content-Security-Policy" content="font-src 'self' fonts.gstatic.com; connect-src 'self'; default-src ws: wss: 'self'; style-src 'self' fonts.googleapis.com; script-src 'self' 'unsafe-inline'; manifest-src 'self'; img-src 'self' data:;">
     <title>code-server</title>
-    <link rel="icon" href="/static-{{COMMIT}}/src/browser/media/favicon.ico" type="image/x-icon" />
-    <link rel="manifest" href="/static-{{COMMIT}}/src/browser/media/manifest.json" crossorigin="use-credentials">
-    <link rel="apple-touch-icon" href="/static-{{COMMIT}}/src/browser/media/code-server.png" />
+    <link rel="icon" href="{{BASE}}/static-{{COMMIT}}/src/browser/media/favicon.ico" type="image/x-icon" />
+    <link rel="manifest" href="{{BASE}}/static-{{COMMIT}}/src/browser/media/manifest.json" crossorigin="use-credentials">
+    <link rel="apple-touch-icon" href="{{BASE}}/static-{{COMMIT}}/src/browser/media/code-server.png" />
     <link href="https://fonts.googleapis.com/css?family=IBM+Plex+Sans&display=swap" rel="stylesheet" />
-    <link href="/static-{{COMMIT}}/dist/index.css" rel="stylesheet">
+    <link href="{{BASE}}/static-{{COMMIT}}/dist/index.css" rel="stylesheet">
     <meta id="coder-options" data-settings="{{OPTIONS}}">
   </head>
   <body>
     <div id="root">{{COMPONENT}}</div>
-    <script src="/static-{{COMMIT}}/dist/index.js"></script>
+    <script src="{{BASE}}/static-{{COMMIT}}/dist/index.js"></script>
   </body>
 </html>
@@ -22,6 +22,11 @@ export enum SessionError {
   Unknown,
 }
 
+export interface LoginRequest {
+  password: string
+  basePath: string
+}
+
 export interface LoginResponse {
   success: boolean
 }
 
@@ -3,8 +3,9 @@ import { Application } from "../common/api"
 
 export interface Options {
   app?: Application
-  authed?: boolean
-  logLevel?: number
+  authed: boolean
+  basePath: string
+  logLevel: number
 }
 
 /**
 
@@ -1,17 +1,20 @@
 import { field, logger } from "@coder/logger"
 import * as http from "http"
 import * as net from "net"
-import * as querystring from "querystring"
 import * as ws from "ws"
-import { ApplicationsResponse, ClientMessage, FilesResponse, LoginResponse, ServerMessage } from "../../common/api"
+import {
+  ApplicationsResponse,
+  ClientMessage,
+  FilesResponse,
+  LoginRequest,
+  LoginResponse,
+  ServerMessage,
+} from "../../common/api"
 import { ApiEndpoint, HttpCode } from "../../common/http"
-import { HttpProvider, HttpProviderOptions, HttpResponse, HttpServer, PostData } from "../http"
+import { normalize } from "../../common/util"
+import { HttpProvider, HttpProviderOptions, HttpResponse, HttpServer, Route } from "../http"
 import { hash } from "../util"
 
-interface LoginPayload extends PostData {
-  password?: string | string[]
-}
-
 /**
  * API HTTP provider.
  */
@@ -22,13 +25,8 @@ export class ApiHttpProvider extends HttpProvider {
     super(options)
   }
 
-  public async handleRequest(
-    base: string,
-    _requestPath: string,
-    _query: querystring.ParsedUrlQuery,
-    request: http.IncomingMessage
-  ): Promise<HttpResponse | undefined> {
-    switch (base) {
+  public async handleRequest(route: Route, request: http.IncomingMessage): Promise<HttpResponse | undefined> {
+    switch (route.base) {
       case ApiEndpoint.login:
         if (request.method === "POST") {
           return this.login(request)
@@ -38,7 +36,7 @@ export class ApiHttpProvider extends HttpProvider {
         if (!this.authenticated(request)) {
           return { code: HttpCode.Unauthorized }
         }
-        switch (base) {
+        switch (route.base) {
           case ApiEndpoint.applications:
             return this.applications()
           case ApiEndpoint.files:
@@ -49,9 +47,7 @@ export class ApiHttpProvider extends HttpProvider {
   }
 
   public async handleWebSocket(
-    _base: string,
-    _requestPath: string,
-    _query: querystring.ParsedUrlQuery,
+    _route: Route,
     request: http.IncomingMessage,
     socket: net.Socket,
     head: Buffer
@@ -93,39 +89,45 @@ export class ApiHttpProvider extends HttpProvider {
    * unauthorized.
    */
   private async login(request: http.IncomingMessage): Promise<HttpResponse<LoginResponse>> {
-    const ok = (password: string | true): HttpResponse<LoginResponse> => {
-      return {
-        content: {
-          success: true,
-        },
-        cookie: typeof password === "string" ? { key: "key", value: password } : undefined,
-      }
-    }
-
     // Already authenticated via cookies?
     const providedPassword = this.authenticated(request)
     if (providedPassword) {
-      return ok(providedPassword)
+      return { code: HttpCode.Ok }
     }
 
     const data = await this.getData(request)
-    const payload: LoginPayload = data ? querystring.parse(data) : {}
+    const payload: LoginRequest = data ? JSON.parse(data) : {}
     const password = this.authenticated(request, {
       key: typeof payload.password === "string" ? [hash(payload.password)] : undefined,
     })
     if (password) {
-      return ok(password)
+      return {
+        content: {
+          success: true,
+        },
+        cookie:
+          typeof password === "string"
+            ? {
+                key: "key",
+                value: password,
+                path: normalize(payload.basePath),
+              }
+            : undefined,
+      }
     }
 
-    console.error(
-      "Failed login attempt",
-      JSON.stringify({
-        xForwardedFor: request.headers["x-forwarded-for"],
-        remoteAddress: request.connection.remoteAddress,
-        userAgent: request.headers["user-agent"],
-        timestamp: Math.floor(new Date().getTime() / 1000),
-      })
-    )
+    // Only log if it was an actual login attempt.
+    if (payload && payload.password) {
+      console.error(
+        "Failed login attempt",
+        JSON.stringify({
+          xForwardedFor: request.headers["x-forwarded-for"],
+          remoteAddress: request.connection.remoteAddress,
+          userAgent: request.headers["user-agent"],
+          timestamp: Math.floor(new Date().getTime() / 1000),
+        })
+      )
+    }
 
     return { code: HttpCode.Unauthorized }
   }
 
@@ -1,50 +1,53 @@
 import { logger } from "@coder/logger"
 import * as http from "http"
-import * as querystring from "querystring"
 import * as React from "react"
 import * as ReactDOMServer from "react-dom/server"
 import App from "../../browser/app"
 import { Options } from "../../common/util"
-import { HttpProvider, HttpResponse } from "../http"
+import { HttpProvider, HttpResponse, Route } from "../http"
 
 /**
  * Top-level and fallback HTTP provider.
  */
 export class MainHttpProvider extends HttpProvider {
-  public async handleRequest(
-    base: string,
-    requestPath: string,
-    _query: querystring.ParsedUrlQuery,
-    request: http.IncomingMessage
-  ): Promise<HttpResponse | undefined> {
-    if (base === "/static") {
-      const response = await this.getResource(this.rootPath, requestPath)
-      if (!this.isDev) {
-        response.cache = true
+  public async handleRequest(route: Route, request: http.IncomingMessage): Promise<HttpResponse | undefined> {
+    switch (route.base) {
+      case "/static": {
+        const response = await this.getResource(this.rootPath, route.requestPath)
+        if (!this.isDev) {
+          response.cache = true
+        }
+        return response
       }
-      return response
-    }
 
-    // TEMP: Auto-load VS Code for now. In future versions we'll need to check
-    // the URL for the appropriate application to load, if any.
-    const app = {
-      name: "VS Code",
-      path: "/",
-      embedPath: "/vscode-embed",
-    }
+      case "/": {
+        const options: Options = {
+          authed: !!this.authenticated(request),
+          basePath: this.base(route),
+          logLevel: logger.level,
+        }
+
+        if (options.authed) {
+          // TEMP: Auto-load VS Code for now. In future versions we'll need to check
+          // the URL for the appropriate application to load, if any.
+          options.app = {
+            name: "VS Code",
+            path: "/",
+            embedPath: "/vscode-embed",
+          }
+        }
 
-    const options: Options = {
-      app,
-      authed: !!this.authenticated(request),
-      logLevel: logger.level,
+        const response = await this.getUtf8Resource(this.rootPath, "src/browser/index.html")
+        response.content = response.content
+          .replace(/{{COMMIT}}/g, this.options.commit)
+          .replace(/{{BASE}}/g, this.base(route))
+          .replace(/"{{OPTIONS}}"/g, `'${JSON.stringify(options)}'`)
+          .replace(/{{COMPONENT}}/g, ReactDOMServer.renderToString(<App options={options} />))
+        return response
+      }
     }
 
-    const response = await this.getUtf8Resource(this.rootPath, "src/browser/index.html")
-    response.content = response.content
-      .replace(/{{COMMIT}}/g, this.options.commit)
-      .replace(/"{{OPTIONS}}"/g, `'${JSON.stringify(options)}'`)
-      .replace(/{{COMPONENT}}/g, ReactDOMServer.renderToString(<App options={options} />))
-    return response
+    return undefined
   }
 
   public async handleWebSocket(): Promise<undefined> {
Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,11 @@ export enum SessionError {`
`22`	`22`	`Unknown,`
`23`	`23`	`}`
`24`	`24`
	`25`	`+export interface LoginRequest {`
	`26`	`+ password: string`
	`27`	`+ basePath: string`
	`28`	`+}`
	`29`	`+`
`25`	`30`	`export interface LoginResponse {`
`26`	`31`	`success: boolean`
`27`	`32`	`}`