[server,dashboard] add endpoints to get ide credentials

Author: mustard-mh

components/dashboard/src/service/service.tsx

@@ -67,8 +67,9 @@ export function getIDEFrontendService(workspaceID: string, sessionId: string, se
 export class IDEFrontendService implements IDEFrontendDashboardService.IServer {
     private instanceID: string | undefined;
     private user: User | undefined;
+    private ideCredentials!: string;
 
-    private latestStatus?: IDEFrontendDashboardService.Status;
+    private latestInfo?: IDEFrontendDashboardService.Status;
 
     private readonly onDidChangeEmitter = new Emitter<IDEFrontendDashboardService.SetStateData>();
     readonly onSetState = this.onDidChangeEmitter.event;
@@ -108,24 +109,32 @@ export class IDEFrontendService implements IDEFrontendDashboardService.IServer {
     }
 
     private async processServerInfo() {
-        this.user = await this.service.server.getLoggedInUser();
-
-        const listener = await this.service.listenToInstance(this.workspaceID);
+        const [user, listener, ideCredentials] = await Promise.all([
+            this.service.server.getLoggedInUser(),
+            this.service.listenToInstance(this.workspaceID),
+            this.service.server.getIDECredentials(this.workspaceID),
+        ]);
+        this.user = user;
+        this.ideCredentials = ideCredentials;
         const reconcile = () => {
-            const status = this.getWorkspaceStatus(listener.info);
-            this.latestStatus = status;
+            const info = this.parseInfo(listener.info);
+            this.latestInfo = info;
             const oldInstanceID = this.instanceID;
-            this.instanceID = status.instanceId;
-            if (status.instanceId && oldInstanceID !== status.instanceId) {
+            this.instanceID = info.instanceId;
+            if (info.instanceId && oldInstanceID !== info.instanceId) {
                 this.auth();
             }
-            this.sendStatusUpdate(this.latestStatus);
+
+            // TODO(hw): to be removed after IDE deployed
+            this.sendStatusUpdate(this.latestInfo);
+            // TODO(hw): end of todo
+            this.sendInfoUpdate(this.latestInfo);
         };
         reconcile();
         listener.onDidChange(reconcile);
     }
 
-    private getWorkspaceStatus(workspace: WorkspaceInfo): IDEFrontendDashboardService.Status {
+    private parseInfo(workspace: WorkspaceInfo): IDEFrontendDashboardService.Info {
         return {
             loggedUserId: this.user!.id,
             workspaceID: this.workspaceID,
@@ -134,6 +143,7 @@ export class IDEFrontendService implements IDEFrontendDashboardService.IServer {
             statusPhase: workspace.latestInstance?.status.phase,
             workspaceDescription: workspace.workspace.description,
             workspaceType: workspace.workspace.type,
+            credentialsToken: this.ideCredentials,
         };
     }
 
@@ -153,9 +163,9 @@ export class IDEFrontendService implements IDEFrontendDashboardService.IServer {
         msg.properties = {
             ...msg.properties,
             sessionId: this.sessionId,
-            instanceId: this.latestStatus?.instanceId,
+            instanceId: this.latestInfo?.instanceId,
             workspaceId: this.workspaceID,
-            type: this.latestStatus?.workspaceType,
+            type: this.latestInfo?.workspaceType,
         };
         this.service.server.trackEvent(msg);
     }
@@ -183,6 +193,7 @@ export class IDEFrontendService implements IDEFrontendDashboardService.IServer {
         }
     }
 
+    // TODO(hw): to be removed after IDE deployed
     sendStatusUpdate(status: IDEFrontendDashboardService.Status): void {
         this.clientWindow.postMessage(
             {
@@ -193,6 +204,18 @@ export class IDEFrontendService implements IDEFrontendDashboardService.IServer {
             "*",
         );
     }
+    // TODO(hw): end of todo
+
+    sendInfoUpdate(info: IDEFrontendDashboardService.Info): void {
+        this.clientWindow.postMessage(
+            {
+                version: 1,
+                type: "ide-info-update",
+                info,
+            } as IDEFrontendDashboardService.InfoUpdateEventData,
+            "*",
+        );
+    }
 
     relocate(url: string): void {
         this.clientWindow.postMessage(

components/gitpod-protocol/src/frontend-dashboard-service.ts

@@ -31,12 +31,18 @@ export namespace IDEFrontendDashboardService {
      * IServer is the server side which is using in dashboard loading screen
      */
     export interface IServer {
+        // TODO(hw): to be removed after IDE deployed
         sendStatusUpdate(status: Status): void;
+        // TODO(hw): end of todo
+        sendInfoUpdate(info: Info): void;
         relocate(url: string): void;
         openBrowserIDE(): void;
     }
 
-    export interface Status {
+    /**
+     * Info defined the information that `supervisor/frontend` requires.
+     */
+    export interface Info {
         workspaceID: string;
         loggedUserId: string;
 
@@ -46,8 +52,13 @@ export namespace IDEFrontendDashboardService {
 
         workspaceDescription: string;
         workspaceType: string;
+        credentialsToken: string;
     }
 
+    // TODO(hw): to be removed after IDE deployed
+    export type Status = Info;
+    // TODO(hw): end of todo
+
     export interface SetStateData {
         ideFrontendFailureCause?: string;
         desktopIDE?: {
@@ -57,15 +68,21 @@ export namespace IDEFrontendDashboardService {
         };
     }
 
-    /**
-     * interface for post message that send status update from dashboard to supervisor
-     */
+    // TODO(hw): to be removed after IDE deployed
     export interface StatusUpdateEventData {
         // protocol version
         version?: number;
         type: "ide-status-update";
         status: Status;
     }
+    // TODO(hw): end of todo
+
+    export interface InfoUpdateEventData {
+        // protocol version
+        version?: number;
+        type: "ide-info-update";
+        info: Info;
+    }
 
     export interface HeartbeatEventData {
         type: "ide-heartbeat";
@@ -95,9 +112,15 @@ export namespace IDEFrontendDashboardService {
         url: string;
     }
 
+    // TODO(hw): to be removed after IDE deployed
     export function isStatusUpdateEventData(obj: any): obj is StatusUpdateEventData {
         return obj != null && typeof obj === "object" && obj.type === "ide-status-update";
     }
+    // TODO(hw): end of todo
+
+    export function isInfoUpdateEventData(obj: any): obj is InfoUpdateEventData {
+        return obj != null && typeof obj === "object" && obj.type === "ide-info-update";
+    }
 
     export function isHeartbeatEventData(obj: any): obj is HeartbeatEventData {
         return obj != null && typeof obj === "object" && obj.type === "ide-heartbeat";

components/gitpod-protocol/src/gitpod-service.ts

@@ -117,6 +117,7 @@ export interface GitpodServer extends JsonRpcServer<GitpodClient>, AdminServer,
     getWorkspace(id: string): Promise<WorkspaceInfo>;
     isWorkspaceOwner(workspaceId: string): Promise<boolean>;
     getOwnerToken(workspaceId: string): Promise<string>;
+    getIDECredentials(workspaceId: string): Promise<string>;
 
     /**
      * Creates and starts a workspace for the given context URL.

components/gitpod-protocol/src/protocol.ts

@@ -842,6 +842,7 @@ export interface WorkspaceConfig {
     vscode?: VSCodeConfig;
     jetbrains?: JetBrainsConfig;
     coreDump?: CoreDumpConfig;
+    ideCredentials?: string;
 
     /** deprecated. Enabled by default **/
     experimentalNetwork?: boolean;

components/server/src/auth/rate-limiter.ts

@@ -71,6 +71,7 @@ const defaultFunctions: FunctionsConfig = {
     getWorkspace: { group: "default", points: 1 },
     isWorkspaceOwner: { group: "default", points: 1 },
     getOwnerToken: { group: "default", points: 1 },
+    getIDECredentials: { group: "default", points: 1 },
     createWorkspace: { group: "createWorkspace", points: 1 },
     startWorkspace: { group: "startWorkspace", points: 1 },
     stopWorkspace: { group: "default", points: 1 },

components/server/src/workspace/config-provider.ts

@@ -7,6 +7,7 @@
 import { inject, injectable } from "inversify";
 import fetch from "node-fetch";
 import * as path from "path";
+import * as crypto from "crypto";
 
 import { log, LogContext } from "@gitpod/gitpod-protocol/lib/util/logging";
 import {
@@ -243,6 +244,7 @@ export class ConfigProvider {
             ports: [],
             tasks: [],
             image: this.config.workspaceDefaults.workspaceImage,
+            ideCredentials: crypto.randomBytes(32).toString("base64"),
         };
     }
 

components/server/src/workspace/gitpod-server-impl.ts

@@ -692,6 +692,28 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
         return ownerToken;
     }
 
+    public async getIDECredentials(ctx: TraceContext, workspaceId: string): Promise<string> {
+        traceAPIParams(ctx, { workspaceId });
+        traceWI(ctx, { workspaceId });
+
+        this.checkAndBlockUser("getIDECredentials");
+
+        const workspace = await this.workspaceDb.trace(ctx).findById(workspaceId);
+        if (!workspace) {
+            throw new Error("workspace not found");
+        }
+        await this.guardAccess({ kind: "workspace", subject: workspace }, "get");
+        if (workspace.config.ideCredentials) {
+            return workspace.config.ideCredentials;
+        }
+        return this.workspaceDb.trace(ctx).transaction(async (db) => {
+            const ws = await this.internalGetWorkspace(workspaceId, db);
+            ws.config.ideCredentials = crypto.randomBytes(32).toString("base64");
+            await db.store(ws);
+            return ws.config.ideCredentials;
+        });
+    }
+
     public async startWorkspace(
         ctx: TraceContext,
         workspaceId: string,