Upgrade jsonwebtoken lib (#18634)

components/gitpod-protocol/src/gitpod-file-parser.ts

@@ -6,7 +6,7 @@
 
 import { injectable } from "inversify";
 import * as yaml from "js-yaml";
-import * as Ajv from "ajv";
+import Ajv from "ajv";
 import { log } from "./util/logging";
 import { WorkspaceConfig, PortRangeConfig } from "./protocol";
 

components/gitpod-protocol/src/messaging/node/connection.ts

@@ -5,7 +5,7 @@
  * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
  */
 
-import * as ws from "ws";
+import ws from "ws";
 import {
     IWebSocket,
     Logger,

components/gitpod-protocol/src/util/debug-app.ts

@@ -5,7 +5,7 @@
  */
 
 import * as http from "http";
-import * as express from "express";
+import express from "express";
 import { injectable, postConstruct } from "inversify";
 import { log, LogrusLogLevel } from "./logging";
 

components/gitpod-protocol/tsconfig.json

@@ -23,9 +23,10 @@
         "skipLibCheck": true,
         "rootDir": "src",
         "outDir": "lib",
-        "useUnknownInCatchVariables": false
+        "useUnknownInCatchVariables": false,
+        "esModuleInterop": true
     },
     "include": [
         "src"
     ]
-}
+}

components/server/package.json

@@ -88,7 +88,7 @@
     "redlock": "^5.0.0-beta.2",
     "reflect-metadata": "^0.1.10",
     "stripe": "^9.0.0",
-    "twilio": "^3.78.0",
+    "twilio": "^4.16.0",
     "uuid": "^8.3.2",
     "vscode-ws-jsonrpc": "^0.2.0",
     "ws": "^7.4.6"

components/server/src/api/server.ts

@@ -5,7 +5,7 @@
  */
 
 import * as http from "http";
-import * as express from "express";
+import express from "express";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
 import { inject, injectable } from "inversify";
 import { APITeamsService } from "./teams";

components/server/src/auth/auth-provider.ts

@@ -4,7 +4,7 @@
  * See License.AGPL.txt in the project root for license information.
  */
 
-import * as express from "express";
+import express from "express";
 import { AuthProviderInfo, User, OAuth2Config, AuthProviderEntry } from "@gitpod/gitpod-protocol";
 
 import { UserEnvVarValue } from "@gitpod/gitpod-protocol";

components/server/src/auth/authenticator.ts

@@ -7,9 +7,9 @@
 import { TeamDB } from "@gitpod/gitpod-db/lib";
 import { User } from "@gitpod/gitpod-protocol";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
-import * as express from "express";
+import express from "express";
 import { inject, injectable, postConstruct } from "inversify";
-import * as passport from "passport";
+import passport from "passport";
 import { Config } from "../config";
 import { reportLoginCompleted } from "../prometheus-metrics";
 import { TokenProvider } from "../user/token-provider";

components/server/src/auth/bearer-authenticator.ts

@@ -8,7 +8,7 @@ import { UserDB, PersonalAccessTokenDB } from "@gitpod/gitpod-db/lib";
 import { GitpodTokenType, User } from "@gitpod/gitpod-protocol";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
 import * as crypto from "crypto";
-import * as express from "express";
+import express from "express";
 import { IncomingHttpHeaders } from "http";
 import { inject, injectable } from "inversify";
 import { Config } from "../config";

components/server/src/auth/generic-auth-provider.ts

@@ -5,9 +5,9 @@
  */
 
 import { injectable, inject, postConstruct } from "inversify";
-import * as express from "express";
-import * as passport from "passport";
-import * as OAuth2Strategy from "passport-oauth2";
+import express from "express";
+import passport from "passport";
+import OAuth2Strategy from "passport-oauth2";
 import { UserDB } from "@gitpod/gitpod-db/lib";
 import { AuthProviderInfo, Identity, Token, User } from "@gitpod/gitpod-protocol";
 import { log, LogContext } from "@gitpod/gitpod-protocol/lib/util/logging";

components/server/src/auth/jwt.ts

@@ -4,7 +4,7 @@
  * See License.AGPL.txt in the project root for license information.
  */
 
-import * as jsonwebtoken from "jsonwebtoken";
+import jsonwebtoken from "jsonwebtoken";
 import { Config } from "../config";
 import { inject, injectable, postConstruct } from "inversify";
 import { AuthFlow } from "./auth-provider";
@@ -130,7 +130,7 @@ export async function verify(
             if (err || !decoded) {
                 return reject(err);
             }
-            resolve(decoded);
+            resolve(decoded as jsonwebtoken.JwtPayload);
         });
     });
 }

components/server/src/auth/login-completion-handler.ts

@@ -5,7 +5,7 @@
  */
 
 import { inject, injectable } from "inversify";
-import * as express from "express";
+import express from "express";
 import { User } from "@gitpod/gitpod-protocol";
 import { log, LogContext } from "@gitpod/gitpod-protocol/lib/util/logging";
 import { Config } from "../config";

components/server/src/bitbucket-server/bitbucket-server-auth-provider.ts

@@ -6,7 +6,7 @@
 
 import { AuthProviderInfo } from "@gitpod/gitpod-protocol";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
-import * as express from "express";
+import express from "express";
 import { inject, injectable } from "inversify";
 import { AuthUserSetup } from "../auth/auth-provider";
 import { GenericAuthProvider } from "../auth/generic-auth-provider";

components/server/src/bitbucket/bitbucket-auth-provider.ts

@@ -7,7 +7,7 @@
 import { AuthProviderInfo } from "@gitpod/gitpod-protocol";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
 import { Bitbucket } from "bitbucket";
-import * as express from "express";
+import express from "express";
 import { injectable } from "inversify";
 import { AuthUserSetup } from "../auth/auth-provider";
 import { GenericAuthProvider } from "../auth/generic-auth-provider";

components/server/src/code-sync/code-sync-service.ts

@@ -8,7 +8,7 @@ import { status } from "@grpc/grpc-js";
 import fetch from "node-fetch";
 import { User } from "@gitpod/gitpod-protocol/lib/protocol";
 import * as util from "util";
-import * as express from "express";
+import express from "express";
 import { inject, injectable } from "inversify";
 import { BearerAuth } from "../auth/bearer-authenticator";
 import { isWithFunctionAccessGuard } from "../auth/function-access";

components/server/src/dev/authenticator-dev.ts

@@ -5,7 +5,7 @@
  */
 
 import { AuthProviderInfo } from "@gitpod/gitpod-protocol";
-import * as express from "express";
+import express from "express";
 import { injectable } from "inversify";
 import { Strategy as DummyStrategy } from "passport-dummy";
 import { AuthProvider } from "../auth/auth-provider";

components/server/src/dev/passport-dummy.d.ts

@@ -5,7 +5,7 @@
  */
 
 declare module "passport-dummy" {
-    import * as passport from "passport";
+    import passport from "passport";
 
     export class Strategy extends passport.Strategy {
         constructor(verify: (done: (error: any, user: any) => void) => void);

components/server/src/express-util.ts

@@ -5,7 +5,7 @@
  */
 
 import { URL } from "url";
-import * as express from "express";
+import express from "express";
 import * as crypto from "crypto";
 
 export const query = (...tuples: [string, string][]) => {

components/server/src/express/ws-connection-handler.ts

@@ -4,8 +4,8 @@
  * See License.AGPL.txt in the project root for license information.
  */
 
-import * as express from "express";
-import * as websocket from "ws";
+import express from "express";
+import websocket from "ws";
 import { Disposable, DisposableCollection } from "@gitpod/gitpod-protocol";
 import { repeat } from "@gitpod/gitpod-protocol/lib/util/repeat";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";

components/server/src/express/ws-handler.ts

@@ -4,8 +4,8 @@
  * See License.AGPL.txt in the project root for license information.
  */
 
-import * as websocket from "ws";
-import * as express from "express";
+import WebSocket from "ws";
+import express from "express";
 import * as http from "http";
 import * as https from "https";
 import * as url from "url";
@@ -24,27 +24,27 @@ export interface WsNextFunction {
     (err?: any): MaybePromise;
 }
 export interface WsRequestHandler {
-    (ws: websocket, req: express.Request, next: WsNextFunction): MaybePromise;
+    (ws: WebSocket, req: express.Request, next: WsNextFunction): MaybePromise;
 }
 export interface WsErrorHandler {
-    (err: any | undefined, ws: websocket, req: express.Request, next: WsNextFunction): MaybePromise;
+    (err: any | undefined, ws: WebSocket, req: express.Request, next: WsNextFunction): MaybePromise;
 }
 export type WsHandler = WsRequestHandler | WsErrorHandler;
 
-export type WsConnectionFilter = websocket.VerifyClientCallbackAsync | websocket.VerifyClientCallbackSync;
+export type WsConnectionFilter = WebSocket.VerifyClientCallbackAsync | WebSocket.VerifyClientCallbackSync;
 
 interface Route {
     matcher: RouteMatcher;
-    handler: (ws: websocket, req: express.Request) => void;
+    handler: (ws: WebSocket, req: express.Request) => void;
 }
 
 export class WsExpressHandler implements Disposable {
-    protected readonly wss: websocket.Server;
+    protected readonly wss: WebSocket.Server;
     protected readonly routes: Route[] = [];
     private disposables = new DisposableCollection();
 
     constructor(protected readonly httpServer: HttpServer, protected readonly verifyClient?: WsConnectionFilter) {
-        this.wss = new websocket.Server({
+        this.wss = new WebSocket.Server({
             verifyClient,
             noServer: true,
             // disabling to reduce memory consumption, cf.
@@ -78,11 +78,11 @@ export class WsExpressHandler implements Disposable {
 
     ws(
         matcher: RouteMatcher,
-        handler: (ws: websocket, request: express.Request) => void,
+        handler: (ws: WebSocket, request: express.Request) => void,
         ...handlers: WsHandler[]
     ): void {
         const stack = WsLayer.createStack(...handlers);
-        const dispatch = (ws: websocket, request: express.Request) => {
+        const dispatch = (ws: WebSocket, request: express.Request) => {
             handler(ws, request);
             stack
                 .dispatch(ws, request)

components/server/src/express/ws-layer.spec.ts

@@ -6,8 +6,8 @@
 
 require("reflect-metadata");
 
-import * as ws from "ws";
-import * as express from "express";
+import ws from "ws";
+import express from "express";
 
 import { suite, test } from "@testdeck/mocha";
 import * as chai from "chai";

components/server/src/express/ws-layer.ts

@@ -4,8 +4,8 @@
  * See License.AGPL.txt in the project root for license information.
  */
 
-import * as websocket from "ws";
-import * as express from "express";
+import websocket from "ws";
+import express from "express";
 import { WsHandler, WsRequestHandler, WsErrorHandler, WsNextFunction, MaybePromise } from "./ws-handler";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
 

components/server/src/github/github-auth-provider.ts

@@ -5,7 +5,7 @@
  */
 
 import { injectable } from "inversify";
-import * as express from "express";
+import express from "express";
 import { AuthProviderInfo } from "@gitpod/gitpod-protocol";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
 import { GitHubScope } from "./scopes";

components/server/src/gitlab/gitlab-auth-provider.ts

@@ -4,7 +4,7 @@
  * See License.AGPL.txt in the project root for license information.
  */
 
-import * as express from "express";
+import express from "express";
 import { injectable } from "inversify";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
 import { AuthProviderInfo } from "@gitpod/gitpod-protocol";

components/server/src/iam/iam-session-app.spec.ts

@@ -12,9 +12,9 @@ import { Config } from "../config";
 import { Authenticator } from "../auth/authenticator";
 import { UserAuthentication } from "../user/user-authentication";
 
-import * as passport from "passport";
-import * as express from "express";
-import * as request from "supertest";
+import passport from "passport";
+import express from "express";
+import request from "supertest";
 
 import * as chai from "chai";
 import { OIDCCreateSessionPayload } from "./iam-oidc-create-session-payload";

components/server/src/iam/iam-session-app.ts

@@ -5,7 +5,7 @@
  */
 
 import { injectable, inject } from "inversify";
-import * as express from "express";
+import express from "express";
 import { SessionHandler } from "../session-handler";
 import { Authenticator } from "../auth/authenticator";
 import { UserAuthentication } from "../user/user-authentication";

components/server/src/init.ts

@@ -51,7 +51,7 @@ if (typeof (Symbol as any).asyncIterator === "undefined") {
     (Symbol as any).asyncIterator = Symbol.asyncIterator || Symbol("asyncIterator");
 }
 
-import * as express from "express";
+import express from "express";
 import { Container } from "inversify";
 import { Server } from "./server";
 import { log, LogrusLogLevel } from "@gitpod/gitpod-protocol/lib/util/logging";

components/server/src/liveness/liveness-controller.ts

@@ -5,7 +5,7 @@
  */
 
 import { injectable, inject } from "inversify";
-import * as express from "express";
+import express from "express";
 import * as prom from "prom-client";
 import { Config } from "../config";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";

components/server/src/monitoring-endpoints.ts

@@ -4,7 +4,7 @@
  * See License.AGPL.txt in the project root for license information.
  */
 
-import * as express from "express";
+import express from "express";
 import { injectable } from "inversify";
 import * as prometheusClient from "prom-client";
 import { redisMetricsRegistry, registerDBMetrics } from "@gitpod/gitpod-db/lib";

components/server/src/oauth-server/oauth-controller.ts

@@ -10,7 +10,7 @@ import { User } from "@gitpod/gitpod-protocol";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
 import { OAuthRequest, OAuthResponse } from "@jmondi/oauth2-server";
 import { handleExpressResponse, handleExpressError } from "@jmondi/oauth2-server/dist/adapters/express";
-import * as express from "express";
+import express from "express";
 import { inject, injectable } from "inversify";
 import { URL } from "url";
 import { Config } from "../config";

components/server/src/one-time-secret-server.ts

@@ -5,7 +5,7 @@
  */
 
 import { injectable, inject } from "inversify";
-import * as express from "express";
+import express from "express";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
 import { OneTimeSecretDB, DBWithTracing, TracedOneTimeSecretDB } from "@gitpod/gitpod-db/lib";
 import { Disposable } from "@gitpod/gitpod-protocol";

components/server/src/prebuilds/bitbucket-app.ts

@@ -4,7 +4,7 @@
  * See License.AGPL.txt in the project root for license information.
  */
 
-import * as express from "express";
+import express from "express";
 import { postConstruct, injectable, inject } from "inversify";
 import { ProjectDB, TeamDB, WebhookEventDB } from "@gitpod/gitpod-db/lib";
 import { User, StartPrebuildResult, CommitContext, CommitInfo, Project, WebhookEvent } from "@gitpod/gitpod-protocol";

components/server/src/prebuilds/bitbucket-server-app.ts

@@ -4,7 +4,7 @@
  * See License.AGPL.txt in the project root for license information.
  */
 
-import * as express from "express";
+import express from "express";
 import { postConstruct, injectable, inject } from "inversify";
 import { ProjectDB, TeamDB, WebhookEventDB } from "@gitpod/gitpod-db/lib";
 import { PrebuildManager } from "./prebuild-manager";

components/server/src/prebuilds/github-app-rules.ts

@@ -6,7 +6,7 @@
 
 import { injectable } from "inversify";
 import { WorkspaceConfig, GithubAppConfig } from "@gitpod/gitpod-protocol";
-import * as deepmerge from "deepmerge";
+import deepmerge from "deepmerge";
 import { log } from "@gitpod/gitpod-protocol/lib/util/logging";
 
 const defaultConfig: GithubAppConfig = {

components/server/src/prebuilds/github-app.ts

@@ -19,7 +19,7 @@ import {
     TeamDB,
     WebhookEventDB,
 } from "@gitpod/gitpod-db/lib";
-import * as express from "express";
+import express from "express";
 import { log, LogContext, LogrusLogLevel } from "@gitpod/gitpod-protocol/lib/util/logging";
 import {
     WorkspaceConfig,