From 0ce86ea2684c7d19f8ab275690a69359838ede81 Mon Sep 17 00:00:00 2001
From: coryb <cbennett@netflix.com>
Date: Mon, 21 Aug 2023 15:31:17 -0700
Subject: [PATCH] feat: add options to support client tls

adding configuration properties:
  coder.tlsCertFile
  coder.tlsKeyFile
  coder.tlsCaFile
---
 package.json     | 15 +++++++++++++++
 src/extension.ts | 30 +++++++++++++++++++++++-------
 2 files changed, 38 insertions(+), 7 deletions(-)

diff --git a/package.json b/package.json
index b0784628..9f1be006 100644
--- a/package.json
+++ b/package.json
@@ -62,6 +62,21 @@
           "markdownDescription": "An external command that outputs additional HTTP headers added to all requests. The command must output each header as `key=value` on its own line. The following environment variables will be available to the process: `CODER_URL`.",
           "type": "string",
           "default": ""
+        },
+        "coder.tlsCertFile": {
+          "markdownDescription": "Path to file for TLS client cert",
+          "type": "string",
+          "default": ""
+        },
+        "coder.tlsKeyFile": {
+          "markdownDescription": "Path to file for TLS client key",
+          "type": "string",
+          "default": ""
+        },
+        "coder.tlsCaFile": {
+          "markdownDescription": "Path to file for TLS certificate authority",
+          "type": "string",
+          "default": ""
         }
       }
     },
diff --git a/src/extension.ts b/src/extension.ts
index 7345569b..c5b8ecd3 100644
--- a/src/extension.ts
+++ b/src/extension.ts
@@ -1,6 +1,7 @@
 "use strict"
 import axios from "axios"
 import { getAuthenticatedUser } from "coder/site/src/api/api"
+import fs from "fs"
 import * as https from "https"
 import * as module from "module"
 import * as vscode from "vscode"
@@ -30,13 +31,21 @@ export async function activate(ctx: vscode.ExtensionContext): Promise<void> {
     false,
   )
 
-  // updateInsecure is called on extension activation and when the insecure
-  // setting is changed. It updates the https agent to allow self-signed
-  // certificates if the insecure setting is true.
-  const applyInsecure = () => {
-    const insecure = Boolean(vscode.workspace.getConfiguration().get("coder.insecure"))
+  // applyHttpProperties is called on extension activation and when the
+  // insecure or TLS setting are changed. It updates the https agent to allow
+  // self-signed certificates if the insecure setting is true, as well as
+  // adding cert/key/ca properties for TLS.
+  const applyHttpProperties = () => {
+    const cfg = vscode.workspace.getConfiguration()
+    const insecure = Boolean(cfg.get("coder.insecure"))
+    const certFile = String(cfg.get("coder.tlsCertFile"))
+    const keyFile = String(cfg.get("coder.tlsKeyFile"))
+    const caFile = String(cfg.get("coder.tlsCaFile"))
 
     axios.defaults.httpsAgent = new https.Agent({
+      cert: certFile === "" ? undefined : fs.readFileSync(certFile),
+      key: keyFile === "" ? undefined : fs.readFileSync(keyFile),
+      ca: caFile === "" ? undefined : fs.readFileSync(caFile),
       // rejectUnauthorized defaults to true, so we need to explicitly set it to false
       // if we want to allow self-signed certificates.
       rejectUnauthorized: !insecure,
@@ -51,9 +60,16 @@ export async function activate(ctx: vscode.ExtensionContext): Promise<void> {
   )
 
   vscode.workspace.onDidChangeConfiguration((e) => {
-    e.affectsConfiguration("coder.insecure") && applyInsecure()
+    if (
+      e.affectsConfiguration("coder.insecure") ||
+      e.affectsConfiguration("coder.tlsCertFile") ||
+      e.affectsConfiguration("coder.tlsKeyFile") ||
+      e.affectsConfiguration("coder.tlsCaFile")
+    ) {
+      applyHttpProperties()
+    }
   })
-  applyInsecure()
+  applyHttpProperties()
 
   const output = vscode.window.createOutputChannel("Coder")
   const storage = new Storage(output, ctx.globalState, ctx.secrets, ctx.globalStorageUri, ctx.logUri)

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/coder/vscode-coder/pull/128.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/coder/vscode-coder/pull/128.patch" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/coder/vscode-coder/pull/128.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/coder/vscode-coder/pull/128.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>