Fix issue where tests lack cookie key.

Author: GirlBossRush

src/common/http.ts

@@ -18,3 +18,7 @@ export class HttpError extends Error {
     this.name = this.constructor.name
   }
 }
+
+export enum CookieKeys {
+  Session = "code-server-session",
+}

src/node/http.ts

@@ -6,7 +6,7 @@ import * as net from "net"
 import path from "path"
 import qs from "qs"
 import { Disposable } from "../common/emitter"
-import { HttpCode, HttpError } from "../common/http"
+import { CookieKeys, HttpCode, HttpError } from "../common/http"
 import { normalize } from "../common/util"
 import { AuthType, DefaultedArgs } from "./cli"
 import { version as codeServerVersion } from "./constants"
@@ -62,10 +62,6 @@ export const replaceTemplates = <T extends object>(
     .replace("{{OPTIONS}}", () => escapeJSON(serverOptions))
 }
 
-export enum Cookie {
-  SessionKey = "code-server-session",
-}
-
 /**
  * Throw an error if not authorized. Call `next` if provided.
  */
@@ -97,7 +93,7 @@ export const authenticated = async (req: express.Request): Promise<boolean> => {
       const passwordMethod = getPasswordMethod(hashedPasswordFromArgs)
       const isCookieValidArgs: IsCookieValidArgs = {
         passwordMethod,
-        cookieKey: sanitizeString(req.cookies[Cookie.SessionKey]),
+        cookieKey: sanitizeString(req.cookies[CookieKeys.Session]),
         passwordFromArgs: req.args.password || "",
         hashedPasswordFromArgs: req.args["hashed-password"],
       }

src/node/routes/login.ts

@@ -3,8 +3,9 @@ import { promises as fs } from "fs"
 import { RateLimiter as Limiter } from "limiter"
 import * as os from "os"
 import * as path from "path"
+import { CookieKeys } from "../../common/http"
 import { rootPath } from "../constants"
-import { authenticated, Cookie, getCookieDomain, redirect, replaceTemplates } from "../http"
+import { authenticated, getCookieDomain, redirect, replaceTemplates } from "../http"
 import { getPasswordMethod, handlePasswordValidation, humanPath, sanitizeString, escapeHtml } from "../util"
 
 // RateLimiter wraps around the limiter library for logins.
@@ -83,7 +84,7 @@ router.post<{}, string, { password: string; base?: string }, { to?: string }>("/
     if (isPasswordValid) {
       // The hash does not add any actual security but we do it for
       // obfuscation purposes (and as a side effect it handles escaping).
-      res.cookie(Cookie.SessionKey, hashedPassword, {
+      res.cookie(CookieKeys.Session, hashedPassword, {
         domain: getCookieDomain(req.headers.host || "", req.args["proxy-domain"]),
         // Browsers do not appear to allow cookies to be set relatively so we
         // need to get the root path from the browser since the proxy rewrites

src/node/routes/logout.ts

@@ -1,5 +1,7 @@
 import { Router } from "express"
-import { Cookie, getCookieDomain, redirect } from "../http"
+import { CookieKeys } from "../../common/http"
+import { getCookieDomain, redirect } from "../http"
+
 import { sanitizeString } from "../util"
 
 export const router = Router()
@@ -9,7 +11,7 @@ router.get<{}, undefined, undefined, { base?: string; to?: string }>("/", async
   const to = sanitizeString(req.query.to) || "/"
 
   // Must use the *identical* properties used to set the cookie.
-  res.clearCookie(Cookie.SessionKey, {
+  res.clearCookie(CookieKeys.Session, {
     domain: getCookieDomain(req.headers.host || "", req.args["proxy-domain"]),
     path: decodeURIComponent(path),
     sameSite: "lax",

test/utils/globalSetup.ts

@@ -1,4 +1,5 @@
 import { Cookie } from "playwright"
+import { CookieKeys } from "../../src/common/http"
 import { hash } from "../../src/node/util"
 import { PASSWORD, workspaceDir } from "./constants"
 import { clean } from "./helpers"
@@ -27,7 +28,7 @@ export default async function () {
       domain: "localhost",
       expires: -1,
       httpOnly: false,
-      name: "key",
+      name: CookieKeys.Session,
       path: "/",
       sameSite: "Lax",
       secure: false,