Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

feat: add proxy authorization to aibridgeproxyd#21342

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
ssncferreira wants to merge1 commit intossncferreira/feat-add-aiproxy-core
base:ssncferreira/feat-add-aiproxy-core
Choose a base branch
Loading
fromssncferreira/feat-aiproxy-proxy-authorization

Conversation

@ssncferreira
Copy link
Contributor

@ssncferreirassncferreira commentedDec 19, 2025
edited
Loading

Description

This PR adds proxy authorization to the AI Bridge Proxy server. Clients provide their Coder session token via the proxy password field on the HTTP Proxy settings (HTTPS_PROXY=http://ignored:<coder-session-token>@host:port), which is then used for forwarding to aibridged to handle authorization.

Changes

  • Extract Coder session token fromProxy-Authorization header during CONNECT
  • Reject requests without valid credentials
  • Store token inctx.UserData for downstream request handlers
  • AddAddr() method to get the actual listening address (useful for tests with port 0)

Related to:coder/internal#1181

@ssncferreiraGraphite App
Copy link
ContributorAuthor

ssncferreira commentedDec 19, 2025
edited
Loading

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stackon Graphite.
Learn more

This stack of pull requests is managed byGraphite. Learn more aboutstacking.

slog.F("host",host),
slog.F("port",port),
)
// return goproxy.RejectConnect, host
Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Note: this port restriction makes it harder to test, as the test useshttptest.NewTLSServer, which picks a random port, but this rejects anything that's not port 80 or 443. Should we apply this restriction check only to known AI provider hosts?

@ssncferreirassncferreiraforce-pushed thessncferreira/feat-aiproxy-proxy-authorization branch from43258db toe956851CompareDecember 19, 2025 19:03
@ssncferreirassncferreiraforce-pushed thessncferreira/feat-add-aiproxy-core branch fromfdd4a44 toe4d1ca1CompareDecember 19, 2025 19:03
@ssncferreirassncferreiraforce-pushed thessncferreira/feat-aiproxy-proxy-authorization branch frome956851 to5b8fc18CompareDecember 19, 2025 19:09
@ssncferreirassncferreiraforce-pushed thessncferreira/feat-add-aiproxy-core branch frome4d1ca1 toca7e3a6CompareDecember 19, 2025 19:09
@ssncferreirassncferreiraforce-pushed thessncferreira/feat-aiproxy-proxy-authorization branch from5b8fc18 to23485a1CompareDecember 19, 2025 19:15
@ssncferreirassncferreira marked this pull request as ready for reviewDecember 19, 2025 22:40
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

No reviews

Assignees

@ssncferreirassncferreira

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ssncferreira
[8]ページ先頭
©2009-2025 Movatter.jp