Enhanced token support; logout security

virtuosoft-dev · Aug 14, 2024 · f2acd63 · f2acd63
1 parent 11e8273
commit f2acd63
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 9 deletions.
diff --git a/conf-web/nginx.conf b/conf-web/nginx.conf
@@ -5,8 +5,6 @@
 server {
     listen      %ip%:80;
     server_name vscode-%user%.%domain% ;
-    #auth_basic "Restricted Access";
-    #auth_basic_user_file /home/%user%/conf/web/vscode-%user%.%domain%/.htpasswd;
     return 301 https://$host$request_uri;
 
     location / {

diff --git a/conf-web/nginx.ssl.conf b/conf-web/nginx.ssl.conf
@@ -5,8 +5,6 @@
 server {
     listen      %ip%:443 ssl;
     server_name vscode-%user%.%domain% ;
-    #auth_basic "Restricted Access";
-    #auth_basic_user_file /home/%user%/conf/web/vscode-%user%.%domain%/.htpasswd;
     ssl_certificate      /home/%user%/conf/web/vscode-%user%.%domain%/ssl/vscode-%user%.%domain%.pem;
     ssl_certificate_key  /home/%user%/conf/web/vscode-%user%.%domain%/ssl/vscode-%user%.%domain%.key;
     ssl_stapling on;

diff --git a/vscode.php b/vscode.php
@@ -22,6 +22,7 @@ public function __construct() {
             $hcpp->add_action( 'post_change_user_shell', [ $this, 'post_change_user_shell' ] );
             $hcpp->add_action( 'hcpp_invoke_plugin', [ $this, 'hcpp_invoke_plugin' ] );
             $hcpp->add_action( 'post_delete_user', [ $this, 'post_delete_user' ] );
+            $hcpp->add_action( 'priv_log_user_logout', [ $this, 'priv_log_user_logout' ] );
             $hcpp->add_action( 'priv_delete_user', [ $this, 'priv_delete_user' ] );
             $hcpp->add_action( 'post_add_user', [ $this, 'post_add_user' ] );
             $hcpp->add_action( 'hcpp_rebooted', [ $this, 'hcpp_rebooted' ] );
@@ -30,6 +31,14 @@ public function __construct() {
             $hcpp->add_action( 'hcpp_render_body', [ $this, 'hcpp_render_body' ] );
         }
 
+        // Regenerate the VSCode token and restart the VSCode server on logout.
+        public function priv_log_user_logout( $args ) {
+            global $hcpp;
+            $user = $args[0];
+            $this->update_token( $user );
+            return $args;
+        }
+
         // Stop services on plugin disabled.
         public function hcpp_plugin_disabled( $plugin ) {
             if ( $plugin !== 'vscode' ) return $plugin;
@@ -363,13 +372,25 @@ public function update_token( $user ) {
             $cmd = "echo \"$token\" > \/home\/$user\/.openvscode-server\/data\/token && ";
             $cmd .= "chown $user:$user \/home\/$user\/.openvscode-server\/data\/token && ";
             $cmd .= "chmod 600 \/home\/$user\/.openvscode-server\/data\/token";
-
-            // TODO: Find vscode instance for the given user and restart it.
-            // IE: via ps aux | grep "/opt/vscode/node /opt/vscode/out/server-main.js" | grep devstia
-            // TODO: invoke update_token for the given user on hestia logout.
-
             $cmd = $hcpp->do_action( 'vscode_update_token', $cmd );
             $hcpp->log( shell_exec( $cmd ) );
+
+            // Find the node vscode pid for the given user
+            $cmd = "ps axo user:20,pid,args | grep \"/opt/vscode/node /opt/vscode/out/server-main.js\" | grep $user | awk '{print $2}'";
+            $pid = trim( shell_exec( $cmd ) );
+
+            // Restart the vscode server for the given user
+            if ( $pid ) {
+                shell_exec( "kill $pid" );
+
+                // Restart the VSCode service manually (outside of PM2).
+                $port = $hcpp->allocate_port( 'vscode', $user );
+                $cmd = 'runuser -l ' . $user . ' -c "';
+                $cmd .= "(/opt/vscode/node /opt/vscode/out/server-main.js --port $port) > /dev/null 2>&1 &";
+                $cmd .= '"';
+                $cmd = $hcpp->do_action( 'vscode_nodejs_restart_cmd', $cmd );
+                $hcpp->log( shell_exec( $cmd ) );
+            }
         }
 
         // Add VSCode Server icon to our web domain list and button to domain edit pages.