@gitpod/gitpod-protocol 0.1.5-wth-test.41 → 0.1.5-wth-test.80

package/src/context-url.ts

@@ -4,10 +4,62 @@
  * See License-AGPL.txt in the project root for license information.
  */
 
+import { Workspace } from ".";
+
+/**
+ * The whole point of these methods is to overcome inconsistencies in our data model.
+ * Ideally we remove it at some point once we fixed our model, as it:
+ *  - duplicates logic
+ *  - but additional burden on clients (using this, copying this to other languages!)
+ *
+ * TODO(gpl) See if we can get this into `server` code to remove the burden from clients
+ */
 export namespace ContextURL {
   export const INCREMENTAL_PREBUILD_PREFIX = "incremental-prebuild";
   export const PREBUILD_PREFIX = "prebuild";
   export const IMAGEBUILD_PREFIX = "imagebuild";
+  export const SNAPSHOT_PREFIX = "snapshot";
+  export const REFERRER_PREFIX = 'referrer:';
+
+  /**
+   * This function will (try to) return the HTTP(S) URL of the context the user originally created this workspace on.
+   * Especially it will not contain any modifiers or be of different scheme than HTTP(S).
+   *
+   * Use this function if you need to provided a _working_ URL to the original context.
+   * @param ws
+   * @returns
+   */
+  export function getNormalizedURL(ws: Pick<Workspace, "context" | "contextURL"> | undefined): URL | undefined {
+    const normalized = normalize(ws);
+    if (!normalized) {
+      return undefined;
+    }
+
+    try {
+      return new URL(normalized);
+    } catch (err) {
+      console.error(`unable to parse URL from normalized contextURL: '${normalized}'`, err);
+    }
+    return undefined;
+  }
+
+  function normalize(ws: Pick<Workspace, "context" | "contextURL"> | undefined): string | undefined {
+    if (!ws) {
+      return undefined;
+    }
+    if (ws.context.normalizedContextURL) {
+      return ws.context.normalizedContextURL;
+    }
+
+    // fallback: we do not yet set normalizedContextURL on all workspaces, yet, let alone older existing workspaces
+    let fallback: string | undefined = undefined;
+    try {
+      fallback = removePrefixes(ws.contextURL);
+    } catch (err) {
+      console.error(`unable to remove prefixes from contextURL: '${ws.contextURL}'`, err);
+    }
+    return fallback;
+  }
 
   /**
    * The field "contextUrl" might contain prefixes like:
@@ -15,29 +67,33 @@ export namespace ContextURL {
    *  - prebuild/...
    * This is the analogon to the (Prefix)ContextParser structure in "server".
    */
-  export function parseToURL(contextUrl: string | undefined): URL | undefined {
+  function removePrefixes(contextUrl: string | undefined): string | undefined {
     if (contextUrl === undefined) {
       return undefined;
     }
 
     const segments = contextUrl.split("/");
     if (segments.length === 1) {
-      return new URL(segments[0]);  // this might be something, we just try
+      return segments[0];  // this might be something, we just try
     }
 
-    const segmentsToURL = (offset: number): URL => {
+    const segmentsToURL = (offset: number): string => {
       let rest = segments.slice(offset).join("/");
+      if (/^git@[^:\/]+:/.test(rest)) {
+        rest = rest.replace(/^git@([^:\/]+):/, 'https://$1/');
+      }
       if (!rest.startsWith("http")) {
         rest = 'https://' + rest;
       }
-      return new URL(rest);
+      return rest;
     };
 
-
     const firstSegment = segments[0];
     if (firstSegment === PREBUILD_PREFIX ||
         firstSegment === INCREMENTAL_PREBUILD_PREFIX ||
-        firstSegment === IMAGEBUILD_PREFIX) {
+        firstSegment === IMAGEBUILD_PREFIX ||
+        firstSegment === SNAPSHOT_PREFIX ||
+        firstSegment.startsWith(REFERRER_PREFIX)) {
       return segmentsToURL(1);
     }
 

package/src/gitpod-service.ts

@@ -6,14 +6,14 @@
 
 import {
     User, WorkspaceInfo, WorkspaceCreationResult, WorkspaceInstanceUser,
-    WhitelistedRepository, WorkspaceImageBuild, AuthProviderInfo, Branding, CreateWorkspaceMode,
+    WhitelistedRepository, WorkspaceImageBuild, AuthProviderInfo, CreateWorkspaceMode,
     Token, UserEnvVarValue, ResolvePluginsParams, PreparePluginUploadParams, Terms,
     ResolvedPlugins, Configuration, InstallPluginsParams, UninstallPluginParams, UserInfo, GitpodTokenType,
-    GitpodToken, AuthProviderEntry, GuessGitTokenScopesParams, GuessedGitTokenScopes
+    GitpodToken, AuthProviderEntry, GuessGitTokenScopesParams, GuessedGitTokenScopes, ProjectEnvVar
 } from './protocol';
 import {
     Team, TeamMemberInfo,
-    TeamMembershipInvite, Project, TeamMemberRole, PrebuildWithStatus, StartPrebuildResult
+    TeamMembershipInvite, Project, TeamMemberRole, PrebuildWithStatus, StartPrebuildResult, PartialProject
 } from './teams-projects-protocol';
 import { JsonRpcProxy, JsonRpcServer } from './messaging/proxy-factory';
 import { Disposable, CancellationTokenSource } from 'vscode-jsonrpc';
@@ -29,6 +29,8 @@ import { AccountStatement, CreditAlert } from './accounting-protocol';
 import { GithubUpgradeURL, PlanCoupon } from './payment-protocol';
 import { TeamSubscription, TeamSubscriptionSlot, TeamSubscriptionSlotResolved } from './team-subscription-protocol';
 import { RemotePageMessage, RemoteTrackMessage, RemoteIdentifyMessage } from './analytics';
+import { IDEServer } from './ide-protocol';
+import { InstallationAdminSettings, TelemetryData } from './installation-admin-protocol';
 
 export interface GitpodClient {
     onInstanceUpdate(instance: WorkspaceInstance): void;
@@ -45,7 +47,7 @@ export interface GitpodClient {
 }
 
 export const GitpodServer = Symbol('GitpodServer');
-export interface GitpodServer extends JsonRpcServer<GitpodClient>, AdminServer, LicenseService {
+export interface GitpodServer extends JsonRpcServer<GitpodClient>, AdminServer, LicenseService, IDEServer {
     // User related API
     getLoggedInUser(): Promise<User>;
     getTerms(): Promise<Terms>;
@@ -54,7 +56,6 @@ export interface GitpodServer extends JsonRpcServer<GitpodClient>, AdminServer,
     getOwnAuthProviders(): Promise<AuthProviderEntry[]>;
     updateOwnAuthProvider(params: GitpodServer.UpdateOwnAuthProviderParams): Promise<AuthProviderEntry>;
     deleteOwnAuthProvider(params: GitpodServer.DeleteOwnAuthProviderParams): Promise<void>;
-    getBranding(): Promise<Branding>;
     getConfiguration(): Promise<Configuration>;
     getToken(query: GitpodServer.GetTokenSearchOptions): Promise<Token | undefined>;
     getGitpodTokenScopes(tokenHash: string): Promise<string[]>;
@@ -71,8 +72,15 @@ export interface GitpodServer extends JsonRpcServer<GitpodClient>, AdminServer,
     getWorkspaceOwner(workspaceId: string): Promise<UserInfo | undefined>;
     getWorkspaceUsers(workspaceId: string): Promise<WorkspaceInstanceUser[]>;
     getFeaturedRepositories(): Promise<WhitelistedRepository[]>;
+    getSuggestedContextURLs(): Promise<string[]>;
+    /**
+     * **Security:**
+     * Sensitive information like an owner token is erased, since it allows access for all team members.
+     * If you need to access an owner token use `getOwnerToken` instead.
+     */
     getWorkspace(id: string): Promise<WorkspaceInfo>;
     isWorkspaceOwner(workspaceId: string): Promise<boolean>;
+    getOwnerToken(workspaceId: string): Promise<string>;
 
     /**
      * Creates and starts a workspace for the given context URL.
@@ -125,6 +133,11 @@ export interface GitpodServer extends JsonRpcServer<GitpodClient>, AdminServer,
     resetGenericInvite(inviteId: string): Promise<TeamMembershipInvite>;
     deleteTeam(teamId: string, userId: string): Promise<void>;
 
+    // Admin Settings
+    adminGetSettings(): Promise<InstallationAdminSettings>;
+    adminUpdateSettings(settings: InstallationAdminSettings): Promise<void>;
+    adminGetTelemetryData(): Promise<TelemetryData>;
+
     // Projects
     getProviderRepositoriesForUser(params: GetProviderRepositoriesParams): Promise<ProviderRepository[]>;
     createProject(params: CreateProjectParams): Promise<Project>;
@@ -135,9 +148,15 @@ export interface GitpodServer extends JsonRpcServer<GitpodClient>, AdminServer,
     findPrebuilds(params: FindPrebuildsParams): Promise<PrebuildWithStatus[]>;
     triggerPrebuild(projectId: string, branchName: string | null): Promise<StartPrebuildResult>;
     cancelPrebuild(projectId: string, prebuildId: string): Promise<void>;
-    setProjectConfiguration(projectId: string, configString: string): Promise<void>;
     fetchProjectRepositoryConfiguration(projectId: string): Promise<string | undefined>;
     guessProjectConfiguration(projectId: string): Promise<string | undefined>;
+    fetchRepositoryConfiguration(cloneUrl: string): Promise<string | undefined>;
+    guessRepositoryConfiguration(cloneUrl: string): Promise<string | undefined>;
+    setProjectConfiguration(projectId: string, configString: string): Promise<void>;
+    updateProjectPartial(partialProject: PartialProject): Promise<void>;
+    setProjectEnvironmentVariable(projectId: string, name: string, value: string, censored: boolean): Promise<void>;
+    getProjectEnvironmentVariables(projectId: string): Promise<ProjectEnvVar[]>;
+    deleteProjectEnvironmentVariable(variableId: string): Promise<void>;
 
     // content service
     getContentBlobUploadUrl(name: string): Promise<string>
@@ -235,6 +254,16 @@ export interface GitpodServer extends JsonRpcServer<GitpodClient>, AdminServer,
     identifyUser(event: RemoteIdentifyMessage): Promise<void>;
 }
 
+export interface RateLimiterError {
+    method?: string,
+
+    /**
+     * Retry after this many seconds, earliest.
+     * cmp.: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Retry-After
+     */
+    retryAfter: number,
+}
+
 export interface CreateProjectParams {
     name: string;
     slug?: string;
@@ -267,7 +296,7 @@ export interface ProviderRepository {
     installationId?: number;
     installationUpdatedAt?: string;
 
-    inUse?: boolean;
+    inUse?: { userName: string };
 }
 
 export interface ClientHeaderFields {
@@ -380,10 +409,12 @@ export class GitpodCompositeClient<Client extends GitpodClient> implements Gitpo
 
     public registerClient(client: Partial<Client>): Disposable {
         this.clients.push(client);
-        const index = this.clients.length;
         return {
             dispose: () => {
-                this.clients.slice(index, 1);
+                const index = this.clients.indexOf(client);
+                if (index > -1) {
+                    this.clients.splice(index, 1);
+                }
             }
         }
     }
@@ -573,7 +604,7 @@ export class WorkspaceInstanceUpdateListener {
 }
 
 export interface GitpodServiceOptions {
-    onReconnect?: () => (void | Promise<void>)
+    onReconnect?: () => (void | Promise<void>)
 }
 
 export class GitpodServiceImpl<Client extends GitpodClient, Server extends GitpodServer> {

package/src/ide-frontend-service.ts

@@ -7,7 +7,7 @@
 import { Event } from "./util/event";
 import { Disposable } from "./util/disposable";
 
-export type IDEFrontendState = 'init' | 'ready' | 'terminated';
+export type IDEFrontendState = 'init' | 'ready' | 'terminated';
 
 export interface IDEFrontendService {
     readonly state: IDEFrontendState;

package/src/ide-protocol.ts

@@ -0,0 +1,119 @@
+/**
+ * Copyright (c) 2021 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License-AGPL.txt in the project root for license information.
+ */
+
+/**
+ * `IDEServer` provides a list of available IDEs.
+ */
+export interface IDEServer {
+    /**
+     * Returns the IDE preferences.
+     */
+    getIDEOptions(): Promise<IDEOptions>;
+}
+
+export interface IDEOptions {
+    /**
+     * A list of available IDEs.
+     */
+    options: { [key: string]: IDEOption };
+
+    /**
+     * The default (browser) IDE when the user has not specified one.
+     */
+    defaultIde: string;
+
+    /**
+     * The default desktop IDE when the user has not specified one.
+     */
+    defaultDesktopIde: string;
+
+    /**
+     * Client specific IDE options.
+     */
+    clients?: { [id: string]: IDEClient };
+}
+
+export interface IDEClient {
+    /**
+     * The default desktop IDE when the user has not specified one.
+     */
+    defaultDesktopIDE?: string;
+
+    /**
+     * Desktop IDEs supported by the client.
+     */
+    desktopIDEs?: string[]
+
+    /**
+     * Steps to install the client on user machine.
+     */
+    installationSteps?: string[]
+}
+
+export interface IDEOption {
+    /**
+     * To ensure a stable order one can set an `orderKey`.
+     */
+    orderKey?: string;
+
+    /**
+     * Human readable title text of the IDE (plain text only).
+     */
+    title: string;
+
+    /**
+     * The type of the IDE, currently 'browser' or 'desktop'.
+     */
+    type: 'browser' | 'desktop';
+
+    /**
+    * The logo for the IDE. That could be a key in (see
+    * components/dashboard/src/images/ideLogos.ts) or a URL.
+    */
+    logo: string;
+
+    /**
+     * Text of an optional tooltip (plain text only).
+     */
+    tooltip?: string;
+
+    /**
+     * Text of an optional label next to the IDE option like “Insiders” (plain
+     * text only).
+     */
+    label?: string;
+
+    /**
+     * Notes to the IDE option that are renderd in the preferences when a user
+     * chooses this IDE.
+     */
+    notes?: string[];
+
+    /**
+    * If `true` this IDE option is not visible in the IDE preferences.
+    */
+    hidden?: boolean;
+
+    /**
+     * The image ref to the IDE image.
+     */
+    image: string;
+
+    /**
+     * The latest image ref to the IDE image, this image ref always resolve to digest.
+     */
+    latestImage?: string;
+
+    /**
+     * When this is `true`, the tag of this image is resolved to the latest
+     * image digest regularly.
+     *
+     * This is useful if this image points to a tag like `nightly` that will be
+     * updated regularly. When `resolveImageDigest` is `true`, we make sure that
+     * we resolve the tag regularly to the most recent image version.
+     */
+    resolveImageDigest?: boolean;
+}

package/src/index.ts

@@ -18,3 +18,5 @@ export * from './headless-workspace-log';
 export * from './context-url';
 export * from './teams-projects-protocol';
 export * from './snapshot-url';
+export * from './oss-allowlist';
+export * from './installation-admin-protocol';

package/src/installation-admin-protocol.ts

@@ -0,0 +1,42 @@
+/**
+ * Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License-AGPL.txt in the project root for license information.
+ */
+
+import { v4 as uuidv4 } from 'uuid';
+
+const InstallationAdminSettingsPrototype = {
+    sendTelemetry: true
+}
+
+export type InstallationAdminSettings = typeof InstallationAdminSettingsPrototype;
+
+export namespace InstallationAdminSettings {
+    export function fields(): (keyof InstallationAdminSettings)[] {
+        return Object.keys(InstallationAdminSettingsPrototype) as (keyof InstallationAdminSettings)[];
+    }
+}
+
+export interface InstallationAdmin {
+    id: string;
+    settings: InstallationAdminSettings;
+}
+
+export interface TelemetryData {
+    installationAdmin: InstallationAdmin
+    totalUsers: number
+    totalWorkspaces: number
+    totalInstances: number
+}
+
+export namespace InstallationAdmin {
+    export function createDefault(): InstallationAdmin {
+        return {
+            id: uuidv4(),
+            settings: {
+                ...InstallationAdminSettingsPrototype,
+            }
+        };
+    }
+}

package/src/messaging/error.ts

@@ -78,4 +78,7 @@ export namespace ErrorCodes {
 
     // 630 Snapshot Error
     export const SNAPSHOT_ERROR = 630;
+
+    // 640 Headless logs are not available (yet)
+    export const HEADLESS_LOG_NOT_YET_AVAILABLE = 640;
 }

package/src/messaging/node/connection.ts

@@ -6,81 +6,34 @@
  */
 
 import * as ws from "ws";
-import * as http from "http";
-import * as https from "https";
-import * as url from "url";
-import * as net from "net";
-import { MessageConnection } from "vscode-jsonrpc";
-import { createWebSocketConnection, IWebSocket } from "vscode-ws-jsonrpc";
-import { log } from '../../util/logging';
+import { IWebSocket } from "vscode-ws-jsonrpc";
 
-export interface IServerOptions {
-    readonly server: http.Server | https.Server;
-    readonly path?: string;
-    matches?(request: http.IncomingMessage): boolean;
-}
-
-export function createServerWebSocketConnection(options: IServerOptions, onConnect: (connection: MessageConnection) => void): void {
-    openJsonRpcSocket(options, socket => {
-        onConnect(createWebSocketConnection(socket, console));
-    });
-}
-
-export function openJsonRpcSocket(options: IServerOptions, onOpen: (socket: IWebSocket) => void): void {
-    openSocket(options, socket => {
-        const webSocket = toIWebSocket(socket);
-        onOpen(webSocket);
-    });
-}
-
-export interface OnOpen {
-    (webSocket: ws, request: http.IncomingMessage, socket: net.Socket, head: Buffer): void;
-}
-
-export function openSocket(options: IServerOptions, onOpen: OnOpen): void {
-    const wss = new ws.Server({
-        noServer: true,
-            perMessageDeflate: {
-                // don't compress if a message is less than 256kb
-                threshold: 256 * 1024
-            }
-    });
-    options.server.on('upgrade', (request: http.IncomingMessage, socket: net.Socket, head: Buffer) => {
-        const pathname = request.url ? url.parse(request.url).pathname : undefined;
-        if (options.path && pathname === options.path || options.matches && options.matches(request)) {
-            wss.handleUpgrade(request, socket, head, webSocket => {
-                if (webSocket.readyState === webSocket.OPEN) {
-                    onOpen(webSocket, request, socket, head);
-                } else {
-                    webSocket.on('open', () => onOpen(webSocket, request, socket, head));
-                }
-            });
-        }
-    });
-}
-
-export function toIWebSocket(webSocket: ws) {
-    let sendsAfterOpen = 0;
+export function toIWebSocket(ws: ws) {
     return <IWebSocket>{
         send: content => {
-            if (webSocket.readyState !== ws.OPEN) {
-                if (sendsAfterOpen++ > 3) {
-                    //log.debug(`Repeated try to send on closed web socket (readyState was ${webSocket.readyState})`, { ws });
-                }
+            if (ws.readyState >= ws.CLOSING) {
+                // ws is already CLOSING/CLOSED, send() would just return an error.
                 return;
             }
-            webSocket.send(content, err => {
-                if (err) {
-                    log.error('error in ws.send()', err, { ws });
-                }
-            })
+
+            // in general send-errors should trigger an 'error' event already, we just make sure it actually happens.
+            try {
+                ws.send(content, err => {
+                    if (!err) {
+                        return;
+                    }
+                    ws.emit('error', err);
+                });
+            } catch (err) {
+                ws.emit('error', err);
+            }
         },
-        onMessage: cb => webSocket.on('message', cb),
-        onError: cb => webSocket.on('error', cb),
-        onClose: cb => webSocket.on('close', cb),
+        onMessage: cb => ws.on('message', cb),
+        onError: cb => ws.on('error', cb),
+        onClose: cb => ws.on('close', cb),
         dispose: () => {
-            if (webSocket.readyState < ws.CLOSING) {
-                webSocket.close();
+            if (ws.readyState < ws.CLOSING) {
+                ws.close();
             }
         }
     };

package/src/oss-allowlist.ts

@@ -0,0 +1,15 @@
+/**
+ * Copyright (c) 2021 Gitpod GmbH. All rights reserved.
+ * Licensed under the GNU Affero General Public License (AGPL).
+ * See License-AGPL.txt in the project root for license information.
+ */
+
+export interface OssAllowList {
+    /**
+     * A string that identifies a GitHub/GitLab/Bitbucket identity of the form "<host>/<profilename>"
+     * E.g., "github.com/geropl"
+     */
+    identity: string,
+
+    deleted?: boolean,
+}

package/src/permission.ts

@@ -13,6 +13,7 @@ export const Permissions = {
     "registry-access": undefined,
     "admin-users": undefined,
     "admin-workspaces": undefined,
+    "admin-projects": undefined,
     "admin-api": undefined,
     "ide-settings": undefined,
     "new-workspace-cluster": undefined,
@@ -34,6 +35,22 @@ export interface Role {
     permissions: PermissionName[],
 }
 
+export namespace RolesOrPermissions {
+    export function toPermissionSet(rolesOrPermissions: RoleOrPermission[] | undefined): Set<PermissionName> {
+        rolesOrPermissions = rolesOrPermissions || [];
+
+        const permissions = new Set<PermissionName>();
+        for (const rop of rolesOrPermissions) {
+            if (Permission.is(rop)) {
+                permissions.add(rop);
+            } else if (RoleName.is(rop)) {
+                Role.getByName(rop).permissions.forEach(p => permissions.add(p));
+            }
+        }
+        return permissions;
+    };
+}
+
 export namespace Permission {
     /** The permission to monitor the (live) state of a Gitpod installation */
     export const MONITOR: PermissionName = "monitor";
@@ -50,6 +67,9 @@ export namespace Permission {
     /** The permission for accessing all workspace data */
     export const ADMIN_WORKSPACES: PermissionName = "admin-workspaces";
 
+    /** The permission for accessing all projects data */
+    export const ADMIN_PROJECTS: PermissionName = "admin-projects";
+
     /** The permission to access the admin API */
     export const ADMIN_API: PermissionName = "admin-api";
 
@@ -62,9 +82,7 @@ export namespace Permission {
     }
 
     export const all = (): PermissionName[] => {
-        return Object.keys(Permission)
-            .map(k => (Permission as any)[k])
-            .filter(k => typeof(k) === 'string');
+        return Object.keys(Permissions) as PermissionName[];
     };
 }
 
@@ -94,6 +112,7 @@ export namespace Role {
         permissions: [
             Permission.ADMIN_USERS,
             Permission.ADMIN_WORKSPACES,
+            Permission.ADMIN_PROJECTS,
             Permission.ADMIN_API,
             Permission.ENFORCEMENT,
         ]