From 6c9a53f9f43449464564453bffc9057cf2300b2f Mon Sep 17 00:00:00 2001 From: Sebastian Malton Date: Fri, 10 Dec 2021 15:22:42 -0500 Subject: [PATCH 1/3] Fix ERR_UNSAFE_PORT from LensProxy - Use the current list of ports from chromium as it is much easier to just reject using one of those instead of trying to handle the ERR_UNSAFE_PORT laod error from a BrowserWindow.on("did-fail-load") Signed-off-by: Sebastian Malton --- src/main/index.ts | 40 +++++++++++++++++++++++++++++++++------- src/main/lens-proxy.ts | 28 +++++++++++++++++++++++++++- 2 files changed, 60 insertions(+), 8 deletions(-) diff --git a/src/main/index.ts b/src/main/index.ts index 1c5b80042ccf..c95ae61a5443 100644 --- a/src/main/index.ts +++ b/src/main/index.ts @@ -28,7 +28,7 @@ import * as LensExtensionsCommonApi from "../extensions/common-api"; import * as LensExtensionsMainApi from "../extensions/main-api"; import { app, autoUpdater, dialog, powerMonitor } from "electron"; import { appName, isIntegrationTesting, isMac, isWindows, productName } from "../common/vars"; -import { LensProxy } from "./lens-proxy"; +import { LensProxy, UnsafePortError } from "./lens-proxy"; import { WindowManager } from "./window-manager"; import { ClusterManager } from "./cluster-manager"; import { shellSync } from "./shell-sync"; @@ -184,13 +184,39 @@ app.on("ready", async () => { initializers.initClusterMetadataDetectors(); - try { - logger.info("🔌 Starting LensProxy"); - await lensProxy.listen(); - } catch (error) { - dialog.showErrorBox("Lens Error", `Could not start proxy: ${error?.message || "unknown error"}`); + logger.info("🔌 Starting LensProxy"); + + for (let attempt = 0;; attempt += 1) { + try { + await lensProxy.listen(); + break; + } catch (error) { + if (error instanceof UnsafePortError) { + lensProxy.close(); + + if (attempt < 16) { + continue; + } + + const result = await dialog.showMessageBox({ + title: "Lens Error", + message: "Tried to start several times but only got ports that chromium considers unsafe. Would you like to continue trying?", + buttons: ["No", "Yes"], + cancelId: 0, + defaultId: 1, + type: "error", + }); + + if (result.response === 1) { + attempt = 0; + continue; + } + } + + dialog.showErrorBox("Lens Error", `Could not start proxy: ${error?.message || "unknown error"}`); - return app.exit(); + return app.exit(); + } } // test proxy connection diff --git a/src/main/lens-proxy.ts b/src/main/lens-proxy.ts index bfaaab27effa..e5361cdd5ae1 100644 --- a/src/main/lens-proxy.ts +++ b/src/main/lens-proxy.ts @@ -50,6 +50,26 @@ export function isLongRunningRequest(reqUrl: string) { return getBoolean(url.searchParams, watchParam) || getBoolean(url.searchParams, followParam); } +/** + * This is the list of ports that chrome considers unsafe to allow HTTP + * conntections to. Because they are the standard ports for processes that are + * too forgiving in the connection types they accept. + * + * If we get one of these ports, the easiest thing to do is to just try again. + * + * Source: https://chromium.googlesource.com/chromium/src.git/+/refs/heads/main/net/base/port_util.cc + */ +const disallowedPorts = new Set([ + 1, 7, 9, 11, 13, 15, 17, 19, 20, 21, 22, 23, 25, 37, 42, 43, 53, 69, 77, 79, + 87, 95, 101, 102, 103, 104, 109, 110, 111, 113, 115, 117, 119, 123, 135, 137, + 139, 143, 161, 179, 389, 427, 465, 512, 513, 514, 515, 526, 530, 531, 532, + 540, 548, 554, 556, 563, 587, 601, 636, 989, 990, 993, 995, 1719, 1720, 1723, + 2049, 3659, 4045, 5060, 5061, 6000, 6566, 6665, 6666, 6667, 6668, 6669, 6697, + 10080, +]); + +export class UnsafePortError {} + export class LensProxy extends Singleton { protected origin: string; protected proxyServer: http.Server; @@ -105,6 +125,12 @@ export class LensProxy extends Singleton { const { address, port } = this.proxyServer.address() as net.AddressInfo; + if (disallowedPorts.has(port)) { + logger.warn(`[LENS-PROXY]: Proxy server has with port known to be considered unsafe to connect to by chrome, restarting...`); + + return reject(new UnsafePortError()); + } + logger.info(`[LENS-PROXY]: Proxy server has started at ${address}:${port}`); this.proxyServer.on("error", (error) => { @@ -123,7 +149,7 @@ export class LensProxy extends Singleton { } close() { - logger.info("Closing proxy server"); + logger.info("[LENS-PROXY]: Closing server"); this.proxyServer.close(); this.closed = true; } From 40fa387b5ed12ef2ae4850545ceacad6849c2b00 Mon Sep 17 00:00:00 2001 From: Sebastian Malton Date: Mon, 13 Dec 2021 10:58:24 -0500 Subject: [PATCH 2/3] Move all port handling into LensProxy Signed-off-by: Sebastian Malton --- src/main/index.ts | 40 +++++++--------------------------------- src/main/lens-proxy.ts | 41 +++++++++++++++++++++++++++++++++++------ 2 files changed, 42 insertions(+), 39 deletions(-) diff --git a/src/main/index.ts b/src/main/index.ts index c95ae61a5443..1c5b80042ccf 100644 --- a/src/main/index.ts +++ b/src/main/index.ts @@ -28,7 +28,7 @@ import * as LensExtensionsCommonApi from "../extensions/common-api"; import * as LensExtensionsMainApi from "../extensions/main-api"; import { app, autoUpdater, dialog, powerMonitor } from "electron"; import { appName, isIntegrationTesting, isMac, isWindows, productName } from "../common/vars"; -import { LensProxy, UnsafePortError } from "./lens-proxy"; +import { LensProxy } from "./lens-proxy"; import { WindowManager } from "./window-manager"; import { ClusterManager } from "./cluster-manager"; import { shellSync } from "./shell-sync"; @@ -184,39 +184,13 @@ app.on("ready", async () => { initializers.initClusterMetadataDetectors(); - logger.info("🔌 Starting LensProxy"); - - for (let attempt = 0;; attempt += 1) { - try { - await lensProxy.listen(); - break; - } catch (error) { - if (error instanceof UnsafePortError) { - lensProxy.close(); - - if (attempt < 16) { - continue; - } - - const result = await dialog.showMessageBox({ - title: "Lens Error", - message: "Tried to start several times but only got ports that chromium considers unsafe. Would you like to continue trying?", - buttons: ["No", "Yes"], - cancelId: 0, - defaultId: 1, - type: "error", - }); - - if (result.response === 1) { - attempt = 0; - continue; - } - } - - dialog.showErrorBox("Lens Error", `Could not start proxy: ${error?.message || "unknown error"}`); + try { + logger.info("🔌 Starting LensProxy"); + await lensProxy.listen(); + } catch (error) { + dialog.showErrorBox("Lens Error", `Could not start proxy: ${error?.message || "unknown error"}`); - return app.exit(); - } + return app.exit(); } // test proxy connection diff --git a/src/main/lens-proxy.ts b/src/main/lens-proxy.ts index e5361cdd5ae1..04160fc7293a 100644 --- a/src/main/lens-proxy.ts +++ b/src/main/lens-proxy.ts @@ -68,7 +68,9 @@ const disallowedPorts = new Set([ 10080, ]); -export class UnsafePortError {} +class UnsafePortError { + constructor(public port: number) {} +} export class LensProxy extends Singleton { protected origin: string; @@ -111,11 +113,11 @@ export class LensProxy extends Singleton { } /** - * Starts the lens proxy. - * @resolves After the server is listening - * @rejects if there is an error before that happens + * Starts to listen on an OS provided port. Will reject if the server throws + * an error or if the port picked by the OS is one which chrome rejects + * connections to. */ - listen(): Promise { + private attemptToListen(): Promise { return new Promise((resolve, reject) => { this.proxyServer.listen(0, "127.0.0.1"); @@ -128,7 +130,7 @@ export class LensProxy extends Singleton { if (disallowedPorts.has(port)) { logger.warn(`[LENS-PROXY]: Proxy server has with port known to be considered unsafe to connect to by chrome, restarting...`); - return reject(new UnsafePortError()); + return reject(new UnsafePortError(port)); } logger.info(`[LENS-PROXY]: Proxy server has started at ${address}:${port}`); @@ -148,6 +150,33 @@ export class LensProxy extends Singleton { }); } + /** + * Starts the lens proxy. + * @resolves After the server is listening on a good port + * @rejects if there is an error before that happens + */ + async listen(): Promise { + const seenPorts = new Set(); + + for(;;) { + try { + this.proxyServer?.close(); + await this.attemptToListen(); + break; + } catch (error) { + if (error instanceof UnsafePortError) { + if (seenPorts.has(error.port)) { + throw new Error("Failed to start LensProxy due to seeing too many unsafe ports. Please restart Lens."); + } + + continue; + } + + throw error; + } + } + } + close() { logger.info("[LENS-PROXY]: Closing server"); this.proxyServer.close(); From 29e675b6304f509aa61c098458fdcb7708aa8748 Mon Sep 17 00:00:00 2001 From: Sebastian Malton Date: Mon, 13 Dec 2021 17:15:13 -0500 Subject: [PATCH 3/3] don't use so many exceptions Signed-off-by: Sebastian Malton --- src/main/lens-proxy.ts | 52 +++++++++++++++++++----------------------- 1 file changed, 24 insertions(+), 28 deletions(-) diff --git a/src/main/lens-proxy.ts b/src/main/lens-proxy.ts index 04160fc7293a..a9982d5cb727 100644 --- a/src/main/lens-proxy.ts +++ b/src/main/lens-proxy.ts @@ -68,10 +68,6 @@ const disallowedPorts = new Set([ 10080, ]); -class UnsafePortError { - constructor(public port: number) {} -} - export class LensProxy extends Singleton { protected origin: string; protected proxyServer: http.Server; @@ -114,11 +110,12 @@ export class LensProxy extends Singleton { /** * Starts to listen on an OS provided port. Will reject if the server throws - * an error or if the port picked by the OS is one which chrome rejects - * connections to. + * an error. + * + * Resolves with the port number that was picked */ - private attemptToListen(): Promise { - return new Promise((resolve, reject) => { + private attemptToListen(): Promise { + return new Promise((resolve, reject) => { this.proxyServer.listen(0, "127.0.0.1"); this.proxyServer @@ -127,12 +124,6 @@ export class LensProxy extends Singleton { const { address, port } = this.proxyServer.address() as net.AddressInfo; - if (disallowedPorts.has(port)) { - logger.warn(`[LENS-PROXY]: Proxy server has with port known to be considered unsafe to connect to by chrome, restarting...`); - - return reject(new UnsafePortError(port)); - } - logger.info(`[LENS-PROXY]: Proxy server has started at ${address}:${port}`); this.proxyServer.on("error", (error) => { @@ -141,7 +132,7 @@ export class LensProxy extends Singleton { this.port = port; appEventBus.emit({ name: "lens-proxy", action: "listen", params: { port }}); - resolve(); + resolve(port); }) .once("error", (error) => { logger.info(`[LENS-PROXY]: Proxy server failed to start: ${error}`); @@ -158,21 +149,26 @@ export class LensProxy extends Singleton { async listen(): Promise { const seenPorts = new Set(); - for(;;) { - try { - this.proxyServer?.close(); - await this.attemptToListen(); - break; - } catch (error) { - if (error instanceof UnsafePortError) { - if (seenPorts.has(error.port)) { - throw new Error("Failed to start LensProxy due to seeing too many unsafe ports. Please restart Lens."); - } + while(true) { + this.proxyServer?.close(); + const port = await this.attemptToListen(); - continue; - } + if (!disallowedPorts.has(port)) { + // We didn't get a port that would result in an ERR_UNSAFE_PORT error, use it + return; + } - throw error; + logger.warn(`[LENS-PROXY]: Proxy server has with port known to be considered unsafe to connect to by chrome, restarting...`); + + if (seenPorts.has(port)) { + /** + * Assume that if we have seen the port before, then the OS has looped + * through all the ports possible and we will not be able to get a safe + * port. + */ + throw new Error("Failed to start LensProxy due to seeing too many unsafe ports. Please restart Lens."); + } else { + seenPorts.add(port); } } }