Merge remote-tracking branch 'origin/main' into tyriar/162950_3

.yarnrc

@@ -1,5 +1,5 @@
 disturl "https://electronjs.org/headers"
 target "25.4.0"
-ms_build_id "22901934"
+ms_build_id "22958381"
 runtime "electron"
 build_from_source "true"

build/azure-pipelines/linux/product-build-linux.yml

@@ -126,6 +126,7 @@ steps:
         docker run -e GITHUB_TOKEN -e npm_config_arch -e NPM_REGISTRY \
         -e VSCODE_REMOTE_DEPENDENCIES_CONTAINER_NAME -e VSCODE_HOST_MOUNT \
         -e ELECTRON_SKIP_BINARY_DOWNLOAD -e PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD \
+        -e VSCODE_SKIP_NODE_VERSION_CHECK \
         -v /mnt/vss/_work/1/s:/home/builduser/vscode -v /mnt/vss/_work/1/s/.build/.netrc:/home/builduser/.netrc \
         -v /var/run/docker.sock:/var/run/docker.sock \
         -u 1000:1000 \
@@ -138,6 +139,7 @@ steps:
         NPM_REGISTRY: "$(NPM_REGISTRY)"
         ELECTRON_SKIP_BINARY_DOWNLOAD: 1
         PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
+        VSCODE_SKIP_NODE_VERSION_CHECK: 1
         GITHUB_TOKEN: "$(github-distro-mixin-password)"
         VSCODE_HOST_MOUNT: "/mnt/vss/_work/1/s"
         ${{ if or(eq(parameters.VSCODE_ARCH, 'x64'), eq(parameters.VSCODE_ARCH, 'arm64')) }}:

build/gulpfile.extensions.js

@@ -64,6 +64,7 @@ const compilations = [
 	'search-result/tsconfig.json',
 	'references-view/tsconfig.json',
 	'simple-browser/tsconfig.json',
+	'tunnel-forwarding/tsconfig.json',
 	'typescript-language-features/test-workspace/tsconfig.json',
 	'typescript-language-features/web/tsconfig.json',
 	'typescript-language-features/tsconfig.json',

build/lib/mangle/index.ts

@@ -278,13 +278,6 @@ function isNameTakenInFile(node: ts.Node, name: string): boolean {
 	return false;
 }
 
-const fileIdents = new class {
-	private readonly idents = new ShortIdent('$');
-
-	next() {
-		return this.idents.next();
-	}
-};
 
 const skippedExportMangledFiles = [
 	// Build
@@ -346,6 +339,7 @@ class DeclarationData {
 		readonly fileName: string,
 		readonly node: ts.FunctionDeclaration | ts.ClassDeclaration | ts.EnumDeclaration | ts.VariableDeclaration,
 		private readonly service: ts.LanguageService,
+		fileIdents: ShortIdent,
 	) {
 		// Todo: generate replacement names based on usage count, with more used names getting shorter identifiers
 		this.replacementName = fileIdents.next();
@@ -427,6 +421,8 @@ export class Mangler {
 		// - Find all classes and their field info.
 		// - Find exported symbols.
 
+		const fileIdents = new ShortIdent('$');
+
 		const visit = (node: ts.Node): void => {
 			if (this.config.manglePrivateFields) {
 				if (ts.isClassDeclaration(node) || ts.isClassExpression(node)) {
@@ -475,7 +471,7 @@ export class Mangler {
 						return;
 					}
 
-					this.allExportedSymbols.add(new DeclarationData(node.getSourceFile().fileName, node, this.service));
+					this.allExportedSymbols.add(new DeclarationData(node.getSourceFile().fileName, node, this.service, fileIdents));
 				}
 			}
 

build/npm/dirs.js

@@ -41,6 +41,7 @@ const dirs = [
 	'extensions/references-view',
 	'extensions/search-result',
 	'extensions/simple-browser',
+	'extensions/tunnel-forwarding',
 	'extensions/typescript-language-features',
 	'extensions/vscode-api-tests',
 	'extensions/vscode-colorize-tests',

build/npm/preinstall.js

@@ -9,12 +9,14 @@ const majorNodeVersion = parseInt(nodeVersion[1]);
 const minorNodeVersion = parseInt(nodeVersion[2]);
 const patchNodeVersion = parseInt(nodeVersion[3]);
 
-if (majorNodeVersion < 18 || (majorNodeVersion === 18 && minorNodeVersion < 15)) {
-	console.error('\033[1;31m*** Please use node.js versions >=18.15.x and <19.\033[0;0m');
-	// err = true; enable once update unit test docker images are updated #189885
-}
-if (majorNodeVersion >= 19) {
-	console.warn('\033[1;31m*** Warning: Versions of node.js >= 19 have not been tested.\033[0;0m')
+if (!process.env['VSCODE_SKIP_NODE_VERSION_CHECK']) {
+	if (majorNodeVersion < 18 || (majorNodeVersion === 18 && minorNodeVersion < 15)) {
+		console.error('\033[1;31m*** Please use node.js versions >=18.15.x and <19.\033[0;0m');
+		err = true;
+	}
+	if (majorNodeVersion >= 19) {
+		console.warn('\033[1;31m*** Warning: Versions of node.js >= 19 have not been tested.\033[0;0m')
+	}
 }
 
 const path = require('path');

cli/src/commands/tunnels.rs

@@ -35,7 +35,7 @@ use crate::{
 		code_server::CodeServerArgs,
 		create_service_manager,
 		dev_tunnels::{self, DevTunnels},
-		forwarding, legal,
+		local_forwarding, legal,
 		paths::get_all_servers,
 		protocol, serve_stream,
 		shutdown_signal::ShutdownRequest,
@@ -444,7 +444,7 @@ pub async fn forward(
 		match acquire_singleton(&ctx.paths.forwarding_lockfile()).await {
 			Ok(SingletonConnection::Client(stream)) => {
 				debug!(ctx.log, "starting as client to singleton");
-				let r = forwarding::client(forwarding::SingletonClientArgs {
+				let r = local_forwarding::client(local_forwarding::SingletonClientArgs {
 					log: ctx.log.clone(),
 					shutdown: shutdown.clone(),
 					stream,
@@ -477,7 +477,7 @@ pub async fn forward(
 		.start_new_launcher_tunnel(None, true, &forward_args.ports)
 		.await?;
 
-	forwarding::server(ctx.log, tunnel, server, own_ports_rx, shutdown).await?;
+	local_forwarding::server(ctx.log, tunnel, server, own_ports_rx, shutdown).await?;
 
 	Ok(0)
 }

cli/src/tunnels.rs

@@ -11,7 +11,7 @@ pub mod protocol;
 pub mod shutdown_signal;
 pub mod singleton_client;
 pub mod singleton_server;
-pub mod forwarding;
+pub mod local_forwarding;
 
 mod wsl_detect;
 mod challenge;

cli/src/tunnels/dev_tunnels.rs

@@ -23,13 +23,15 @@ use std::time::Duration;
 use tokio::sync::{mpsc, watch};
 use tunnels::connections::{ForwardedPortConnection, RelayTunnelHost};
 use tunnels::contracts::{
-	Tunnel, TunnelPort, TunnelRelayTunnelEndpoint, PORT_TOKEN, TUNNEL_PROTOCOL_AUTO,
+	Tunnel, TunnelAccessControl, TunnelPort, TunnelRelayTunnelEndpoint, PORT_TOKEN,
+	TUNNEL_ACCESS_SCOPES_CONNECT, TUNNEL_PROTOCOL_AUTO,
 };
 use tunnels::management::{
 	new_tunnel_management, HttpError, TunnelLocator, TunnelManagementClient, TunnelRequestOptions,
 	NO_REQUEST_OPTIONS,
 };
 
+use super::protocol::PortPrivacy;
 use super::wsl_detect::is_wsl_installed;
 
 static TUNNEL_COUNT_LIMIT_NAME: &str = "TunnelsPerUserPerLocation";
@@ -164,8 +166,12 @@ impl ActiveTunnel {
 	}
 
 	/// Forwards a port over TCP.
-	pub async fn add_port_tcp(&self, port_number: u16) -> Result<(), AnyError> {
-		self.manager.add_port_tcp(port_number).await?;
+	pub async fn add_port_tcp(
+		&self,
+		port_number: u16,
+		privacy: PortPrivacy,
+	) -> Result<(), AnyError> {
+		self.manager.add_port_tcp(port_number, privacy).await?;
 		Ok(())
 	}
 
@@ -866,13 +872,18 @@ impl ActiveTunnelManager {
 
 	/// Adds a port for TCP/IP forwarding.
 	#[allow(dead_code)] // todo: port forwarding
-	pub async fn add_port_tcp(&self, port_number: u16) -> Result<(), WrappedError> {
+	pub async fn add_port_tcp(
+		&self,
+		port_number: u16,
+		privacy: PortPrivacy,
+	) -> Result<(), WrappedError> {
 		self.relay
 			.lock()
 			.await
 			.add_port(&TunnelPort {
 				port_number,
 				protocol: Some(TUNNEL_PROTOCOL_AUTO.to_owned()),
+				access_control: Some(privacy_to_tunnel_acl(privacy)),
 				..Default::default()
 			})
 			.await
@@ -1081,6 +1092,26 @@ fn vec_eq_as_set(a: &[String], b: &[String]) -> bool {
 	true
 }
 
+fn privacy_to_tunnel_acl(privacy: PortPrivacy) -> TunnelAccessControl {
+	let mut acl = TunnelAccessControl { entries: vec![] };
+
+	if privacy == PortPrivacy::Public {
+		acl.entries
+			.push(tunnels::contracts::TunnelAccessControlEntry {
+				kind: tunnels::contracts::TunnelAccessControlEntryType::Anonymous,
+				provider: None,
+				is_inherited: false,
+				is_deny: false,
+				is_inverse: false,
+				organization: None,
+				subjects: vec![],
+				scopes: vec![TUNNEL_ACCESS_SCOPES_CONNECT.to_string()],
+			});
+	}
+
+	acl
+}
+
 #[cfg(test)]
 mod test {
 	use super::*;

cli/src/tunnels/forwarding.rs → cli/src/tunnels/local_forwarding.rs

@@ -5,6 +5,7 @@
 
 use std::{
 	collections::HashMap,
+	ops::{Index, IndexMut},
 	sync::{Arc, Mutex},
 };
 
@@ -26,11 +27,52 @@ use super::{
 	protocol::{
 		self,
 		forward_singleton::{PortList, SetPortsResponse},
+		PortPrivacy,
 	},
 	shutdown_signal::ShutdownSignal,
 };
 
-type PortMap = HashMap<u16, u32>;
+#[derive(Default, Clone)]
+struct PortCount {
+	public: u32,
+	private: u32,
+}
+
+impl Index<PortPrivacy> for PortCount {
+	type Output = u32;
+
+	fn index(&self, privacy: PortPrivacy) -> &Self::Output {
+		match privacy {
+			PortPrivacy::Public => &self.public,
+			PortPrivacy::Private => &self.private,
+		}
+	}
+}
+
+impl IndexMut<PortPrivacy> for PortCount {
+	fn index_mut(&mut self, privacy: PortPrivacy) -> &mut Self::Output {
+		match privacy {
+			PortPrivacy::Public => &mut self.public,
+			PortPrivacy::Private => &mut self.private,
+		}
+	}
+}
+
+impl PortCount {
+	fn is_empty(&self) -> bool {
+		self.public == 0 && self.private == 0
+	}
+
+	fn primary_privacy(&self) -> PortPrivacy {
+		if self.public > 0 {
+			PortPrivacy::Public
+		} else {
+			PortPrivacy::Private
+		}
+	}
+}
+
+type PortMap = HashMap<u16, PortCount>;
 
 /// The PortForwardingHandle is given out to multiple consumers to allow
 /// them to set_ports that they want to be forwarded.
@@ -56,23 +98,25 @@ impl PortForwardingSender {
 		self.sender.lock().unwrap().send_modify(|v| {
 			for p in current.iter() {
 				if !ports.contains(p) {
-					match v.get(p) {
-						Some(1) => {
-							v.remove(p);
-						}
-						Some(n) => {
-							v.insert(*p, n - 1);
-						}
-						None => unreachable!("removed port not in map"),
+					let n = v.get_mut(&p.number).expect("expected port in map");
+					n[p.privacy] -= 1;
+					if n.is_empty() {
+						v.remove(&p.number);
 					}
 				}
 			}
 
 			for p in ports.iter() {
 				if !current.contains(p) {
-					match v.get(p) {
-						Some(n) => v.insert(*p, n + 1),
-						None => v.insert(*p, 1),
+					match v.get_mut(&p.number) {
+						Some(n) => {
+							n[p.privacy] += 1;
+						}
+						None => {
+							let mut pc = PortCount::default();
+							pc[p.privacy] += 1;
+							v.insert(p.number, pc);
+						}
 					};
 				}
 			}
@@ -116,23 +160,26 @@ impl PortForwardingReceiver {
 
 	/// Applies all changes from PortForwardingHandles to the tunnel.
 	pub async fn apply_to(&mut self, log: log::Logger, tunnel: Arc<ActiveTunnel>) {
-		let mut current = vec![];
+		let mut current: PortMap = HashMap::new();
 		while self.receiver.changed().await.is_ok() {
-			let next = self.receiver.borrow().keys().copied().collect::<Vec<_>>();
-
-			for p in current.iter() {
-				if !next.contains(p) {
-					match tunnel.remove_port(*p).await {
-						Ok(_) => info!(log, "stopped forwarding port {}", p),
-						Err(e) => error!(log, "failed to stop forwarding port {}: {}", p, e),
+			let next = self.receiver.borrow().clone();
+
+			for (port, count) in current.iter() {
+				let privacy = count.primary_privacy();
+				if !matches!(next.get(port), Some(n) if n.primary_privacy() == privacy) {
+					match tunnel.remove_port(*port).await {
+						Ok(_) => info!(log, "stopped forwarding port {} at {:?}", *port, privacy),
+						Err(e) => error!(log, "failed to stop forwarding port {}: {}", port, e),
 					}
 				}
 			}
-			for p in next.iter() {
-				if !current.contains(p) {
-					match tunnel.add_port_tcp(*p).await {
-						Ok(_) => info!(log, "forwarding port {}", p),
-						Err(e) => error!(log, "failed to forward port {}: {}", p, e),
+
+			for (port, count) in next.iter() {
+				let privacy = count.primary_privacy();
+				if !matches!(current.get(port), Some(n) if n.primary_privacy() == privacy) {
+					match tunnel.add_port_tcp(*port, privacy).await {
+						Ok(_) => info!(log, "forwarding port {} at {:?}", port, privacy),
+						Err(e) => error!(log, "failed to forward port {}: {}", port, e),
 					}
 				}
 			}

cli/src/tunnels/port_forwarder.rs

@@ -12,7 +12,7 @@ use crate::{
 	util::errors::{AnyError, CannotForwardControlPort, ServerHasClosed},
 };
 
-use super::dev_tunnels::ActiveTunnel;
+use super::{dev_tunnels::ActiveTunnel, protocol::PortPrivacy};
 
 pub enum PortForwardingRec {
 	Forward(u16, oneshot::Sender<Result<String, AnyError>>),
@@ -87,7 +87,7 @@ impl PortForwardingProcessor {
 		}
 
 		if !self.forwarded.contains(&port) {
-			tunnel.add_port_tcp(port).await?;
+			tunnel.add_port_tcp(port, PortPrivacy::Private).await?;
 			self.forwarded.insert(port);
 		}