Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: migrate from argon2 -> @node-rs/argon2 #4733

Merged
merged 5 commits into from
Jan 18, 2022
Merged

Conversation

jsjoeio
Copy link
Contributor

@jsjoeio jsjoeio commented Jan 12, 2022

This migrates our hashing password implementation from using argon2 to @node-rs/argon2.

Fixes #4422

How to Test

  1. Wait for CI to finish
  2. Download release-packages from Artifacts
  3. Unzip and then run cd into release-packages
  4. Run tar -xzf code-server* based on your arch
  5. Generate an argon2 password or use this one: "$argon2i$v=19$m=4096,t=3,p=1$cecR+o8tshB6mKzPBUG7fw$w2XFt+Ezn+CjRGTwptsjH3yj72htGLhMc3WdPs7wIOk" (equals "password")
  6. edit your config.yaml and add hashed-password: "$argon2i$v=19$m=4096,t=3,p=1$cecR+o8tshB6mKzPBUG7fw$w2XFt+Ezn+CjRGTwptsjH3yj72htGLhMc3WdPs7wIOk"
  7. Run ./code-server*/bin/code-server
  8. Login with password: "password"
  9. Everything should work

Tested on

Notes

At first, I ran into some issues with tests because I was overriding process.platform and that caused issues with any test files that required @node-rs/argon2. @code-asher had a good idea to fix this: refactor getEnvPaths() to pass in process.platform. That fixed it.

Resources

src/node/util.ts Show resolved Hide resolved
ci/build/build-standalone-release.sh Outdated Show resolved Hide resolved
ci/build/npm-postinstall.sh Outdated Show resolved Hide resolved
src/node/util.ts Show resolved Hide resolved
@jsjoeio jsjoeio force-pushed the jsjoeio-argon-change branch from d796af5 to 698c46f Compare January 12, 2022 22:53
@jsjoeio jsjoeio marked this pull request as ready for review January 12, 2022 22:54
@jsjoeio jsjoeio requested a review from a team January 12, 2022 22:54
@codecov
Copy link

codecov bot commented Jan 12, 2022

Codecov Report

Merging #4733 (c02b98a) into main (2752d95) will decrease coverage by 0.04%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #4733      +/-   ##
==========================================
- Coverage   69.23%   69.18%   -0.05%     
==========================================
  Files          29       29              
  Lines        1638     1652      +14     
  Branches      341      363      +22     
==========================================
+ Hits         1134     1143       +9     
- Misses        428      432       +4     
- Partials       76       77       +1     
Impacted Files Coverage Δ
src/node/util.ts 81.28% <100.00%> (+0.10%) ⬆️
src/node/main.ts 50.00% <0.00%> (-0.54%) ⬇️
src/node/entry.ts 0.00% <0.00%> (ø)
src/common/util.ts 100.00% <0.00%> (ø)
src/node/wrapper.ts 0.00% <0.00%> (ø)
src/node/cli.ts 83.58% <0.00%> (+0.06%) ⬆️
src/node/app.ts 98.07% <0.00%> (+0.07%) ⬆️
src/node/routes/index.ts 81.25% <0.00%> (+0.19%) ⬆️
src/node/routes/errors.ts 83.33% <0.00%> (+0.57%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2752d95...c02b98a. Read the comment docs.

src/node/util.ts Outdated Show resolved Hide resolved
test/unit/node/util.test.ts Outdated Show resolved Hide resolved
@github-actions
Copy link

github-actions bot commented Jan 13, 2022

✨ Coder.com for PR #4733 deployed! It will be updated on every commit.

@im-coder-lg
Copy link
Contributor

@yisibl any ideas why the artifact failed?

@yisibl
Copy link

yisibl commented Jan 13, 2022

@yisibl any ideas why the artifact failed?

What is the actual glibc version in Docker?

@Brooooooklyn
Copy link

@yisibl any ideas why the artifact failed?

@node-rs/argon2 doesn't support GLIBC_2.17 for now. I'm implementing the support in napi-rs/napi-rs#1025

And I'll draft a patch release after NAPI-RS toolchain supported the lower GLIBC on the Linux platform.

@yisibl
Copy link

yisibl commented Jan 13, 2022

Yeah, I see GLIBC_2.17, let's wait for the next version.

@im-coder-lg
Copy link
Contributor

Actually, idk if I could test on Termux, since whenever I tried it it didn't work. But I will try 3.9.3 and try learning how to do that.

@im-coder-lg
Copy link
Contributor

Uh oh... My Termux isn't working. From the beginning, I haven't able to get the mirrors updated, there isn't a sources.list file in my /etc dir. Idk what happened to my phone, maybe it's because I have an older phone.

@im-coder-lg
Copy link
Contributor

im-coder-lg commented Jan 13, 2022

Wait we are supposed to use @napi-rs/argon2 right? Why's it node-rs?

@Brooooooklyn
Copy link

Upgrade to @node-rs/argon2@1.0.5 to solve the GLIBC problem with centos:7

@jsjoeio
Copy link
Contributor Author

jsjoeio commented Jan 13, 2022

@Brooooooklyn will do - thank you for the quick patch!

@yisibl - thank you for the review and feedback!

@im-coder-lg no worries, I will test on Termux

@jsjoeio
Copy link
Contributor Author

jsjoeio commented Jan 13, 2022

This should fix the audit/code scanning CI failing (I'll rebase once merged): #4742

@im-coder-lg
Copy link
Contributor

Testing this now!

@jsjoeio
Copy link
Contributor Author

jsjoeio commented Jan 14, 2022

the total size of the build artifacts are nearing 2 GB. How are you all managing it?

😅 I wish I had a good answer for that...

@jsjoeio
Copy link
Contributor Author

jsjoeio commented Jan 14, 2022

@code-asher brought up a good point. our e2e tests run on Linux so those are passing which means this is good on Linux.

@jsjoeio
Copy link
Contributor Author

jsjoeio commented Jan 14, 2022

@im-coder-lg any updates?

@jsjoeio
Copy link
Contributor Author

jsjoeio commented Jan 14, 2022

Termux

Previously, installing the project would fail on Termux due to argon2 issues. From what I can tell, it seems as though those problems are resolved with this PR!

Screenshot_20220114-121950

I couldn't successfully downgrade Node to v14 on Termux so code-server wouldn't actually run. So assuming someone can downgrade, it should work.

@jsjoeio jsjoeio requested a review from code-asher January 14, 2022 19:26
@im-coder-lg
Copy link
Contributor

I'll just test again. Since I didn't install Node 14 before running, I got into errors. I will try again and hopefully succeed.

@jsjoeio
Copy link
Contributor Author

jsjoeio commented Jan 14, 2022

I'll just test again. Since I didn't install Node 14 before running, I got into errors. I will try again and hopefully succeed.

No worries at all. What I did was upload the npm-package to Google Drive, then download directly on my device, unzip/untar and then yarn in that (yarn install --production) and was able to get it to work.

@jsjoeio
Copy link
Contributor Author

jsjoeio commented Jan 14, 2022

Here's a link to the npm-package.zip if you want to download: https://drive.google.com/file/d/1VyB0i4GMf9yAo8n_DU-YkfPGRKnzb9Nf/view?usp=sharing

@im-coder-lg
Copy link
Contributor

Heads up: I'll be testing two architectures, the first one is AARCH64 aka. ARM64 and then ARMV7L which is integrated to Raspberry Pi OS Bullseye.

@im-coder-lg
Copy link
Contributor

LOLZ, all I needed to test was the package.tar.gz tarball? I couldn't unzip the ZIP file, maybe it's due to that.

@im-coder-lg
Copy link
Contributor

This absolutely works. I am testing this once again with the hashed password and maybe again on armv7l.

@im-coder-lg
Copy link
Contributor

I can say this works successfully, although 4.0.1 is still in development, some simple errors pop up.
Logged in, opened folders, tested the typing, everything works.
Maybe now I'll try a simple webserver. Docusaurus v2?

Copy link
Contributor

@im-coder-lg im-coder-lg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can merge! LGTM!

package.json Outdated Show resolved Hide resolved
test/package.json Outdated Show resolved Hide resolved
@jsjoeio jsjoeio temporarily deployed to CI January 18, 2022 17:34 Inactive
@jsjoeio
Copy link
Contributor Author

jsjoeio commented Jan 18, 2022

@im-coder-lg thanks so much for helping test!!! I will merge this once CI passes

@jsjoeio jsjoeio merged commit 723469a into main Jan 18, 2022
@jsjoeio jsjoeio deleted the jsjoeio-argon-change branch January 18, 2022 23:13
jsjoeio added a commit that referenced this pull request Feb 4, 2022
jsjoeio added a commit that referenced this pull request Feb 4, 2022
jsjoeio added a commit that referenced this pull request Feb 4, 2022
This reverts part of the changes introduced in refactor: migrate from argon2 ->
@node-rs/argon2 (#4733)

Switching to @node-rs/argon2 introduced bugs that we couldn't solve due to
limitations in npm.

see here
#4804 (comment)
jsjoeio added a commit that referenced this pull request Feb 4, 2022
* revert: partial revert of 723469a

This reverts part of the changes introduced in refactor: migrate from argon2 ->
@node-rs/argon2 (#4733)

Switching to @node-rs/argon2 introduced bugs that we couldn't solve due to
limitations in npm.

see here
#4804 (comment)
TinLe pushed a commit to TinLe/code-server that referenced this pull request Apr 23, 2022
* chore(deps): replace argon2 w/@node-rs/argon2

* refactor: clean up hashPassword functions

* refactor(util): pass in process.platform

* fix: use correct settings for test-extension

Before, it was running into errors with an @types package.

Now, we're correctly running `tsc` so it picks up our `tsconfig.json` and we're
telling TypeScript to not typecheck our lib and exclude `node_modules`
TinLe pushed a commit to TinLe/code-server that referenced this pull request Apr 23, 2022
* revert: partial revert of 723469a

This reverts part of the changes introduced in refactor: migrate from argon2 ->
@node-rs/argon2 (coder#4733)

Switching to @node-rs/argon2 introduced bugs that we couldn't solve due to
limitations in npm.

see here
coder#4804 (comment)
@im-coder-lg im-coder-lg mentioned this pull request Aug 9, 2022
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Investigate argon2 issue (Termux/Raspberry Pi)
5 participants