NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit0723dd3

authored

fix: ensure agent token is from latest build in middleware (#12443)

1 parent63696d7 commit0723dd3Copy full SHA for 0723dd3

File tree

15 files changed

+243

-261

lines changed

coderd
- coderd.go
- database
  - dbauthz
    - dbauthz.go
    - dbauthz_test.go
  - dbmem
    - dbmem.go
  - dbmetrics
    - dbmetrics.go
  - dbmock
    - dbmock.go
  - querier.go
  - queries
    - workspaceagents.sql
  - queries.sql.go
- httpmw
  - workspaceagent.go
  - workspaceagent_test.go
- workspaceagents.go
- workspaceagents_test.go
- workspaceagentsrpc.go
enterprise/coderd
- coderd.go

15 files changed

+243

-261

lines changed

`‎coderd/coderd.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -902,7 +902,7 @@ func New(options Options) API {`
`902`	`902`	`httpmw.RequireAPIKeyOrWorkspaceProxyAuth(),`
`903`	`903`	`).Get("/connection",api.workspaceAgentConnectionGeneric)`
`904`	`904`	`r.Route("/me",func(r chi.Router) {`
`905`		`-r.Use(httpmw.ExtractWorkspaceAgent(httpmw.ExtractWorkspaceAgentConfig{`
	`905`	`+r.Use(httpmw.ExtractWorkspaceAgentAndLatestBuild(httpmw.ExtractWorkspaceAgentAndLatestBuildConfig{`
`906`	`906`	`DB:options.Database,`
`907`	`907`	`Optional:false,`
`908`	`908`	`}))`

`‎coderd/database/dbauthz/dbauthz.go`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -1880,12 +1880,12 @@ func (q *querier) GetUsersByIDs(ctx context.Context, ids []uuid.UUID) ([]databas`
`1880`	`1880`	`returnq.db.GetUsersByIDs(ctx,ids)`
`1881`	`1881`	`}`
`1882`	`1882`
`1883`		`-func (q*querier)GetWorkspaceAgentAndOwnerByAuthToken(ctx context.Context,authToken uuid.UUID) (database.GetWorkspaceAgentAndOwnerByAuthTokenRow,error) {`
	`1883`	`+func (q*querier)GetWorkspaceAgentAndLatestBuildByAuthToken(ctx context.Context,authToken uuid.UUID) (database.GetWorkspaceAgentAndLatestBuildByAuthTokenRow,error) {`
`1884`	`1884`	`// This is a system function`
`1885`	`1885`	`iferr:=q.authorizeContext(ctx,rbac.ActionRead,rbac.ResourceSystem);err!=nil {`
`1886`		`-return database.GetWorkspaceAgentAndOwnerByAuthTokenRow{},err`
	`1886`	`+return database.GetWorkspaceAgentAndLatestBuildByAuthTokenRow{},err`
`1887`	`1887`	`}`
`1888`		`-returnq.db.GetWorkspaceAgentAndOwnerByAuthToken(ctx,authToken)`
	`1888`	`+returnq.db.GetWorkspaceAgentAndLatestBuildByAuthToken(ctx,authToken)`
`1889`	`1889`	`}`
`1890`	`1890`
`1891`	`1891`	`func (q*querier)GetWorkspaceAgentByID(ctx context.Context,id uuid.UUID) (database.WorkspaceAgent,error) {`

`‎coderd/database/dbauthz/dbauthz_test.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -2274,7 +2274,7 @@ func (s *MethodTestSuite) TestSystemFunctions() {`
`2274`	`2274`	`s.Run("GetReplicaByID",s.Subtest(func(db database.Store,check*expects) {`
`2275`	`2275`	`check.Args(uuid.New()).Asserts(rbac.ResourceSystem,rbac.ActionRead).Errors(sql.ErrNoRows)`
`2276`	`2276`	`}))`
`2277`		`-s.Run("GetWorkspaceAgentAndOwnerByAuthToken",s.Subtest(func(db database.Store,check*expects) {`
	`2277`	`+s.Run("GetWorkspaceAgentAndLatestBuildByAuthToken",s.Subtest(func(db database.Store,check*expects) {`
`2278`	`2278`	`check.Args(uuid.New()).Asserts(rbac.ResourceSystem,rbac.ActionRead).Errors(sql.ErrNoRows)`
`2279`	`2279`	`}))`
`2280`	`2280`	`s.Run("GetUserLinksByUserID",s.Subtest(func(db database.Store,check*expects) {`

`‎coderd/database/dbmem/dbmem.go`

Lines changed: 34 additions & 44 deletions

Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ func New() database.Store {`
`69`	`69`	`templates:make([]database.TemplateTable,0),`
`70`	`70`	`workspaceAgentStats:make([]database.WorkspaceAgentStat,0),`
`71`	`71`	`workspaceAgentLogs:make([]database.WorkspaceAgentLog,0),`
`72`		`-workspaceBuilds:make([]database.WorkspaceBuildTable,0),`
	`72`	`+workspaceBuilds:make([]database.WorkspaceBuild,0),`
`73`	`73`	`workspaceApps:make([]database.WorkspaceApp,0),`
`74`	`74`	`workspaces:make([]database.Workspace,0),`
`75`	`75`	`licenses:make([]database.License,0),`
`@@ -171,7 +171,7 @@ type data struct {`
`171`	`171`	`workspaceApps []database.WorkspaceApp`
`172`	`172`	`workspaceAppStatsLastInsertIDint64`
`173`	`173`	`workspaceAppStats []database.WorkspaceAppStat`
`174`		`-workspaceBuilds []database.WorkspaceBuildTable`
	`174`	`+workspaceBuilds []database.WorkspaceBuild`
`175`	`175`	`workspaceBuildParameters []database.WorkspaceBuildParameter`
`176`	`176`	`workspaceResourceMetadata []database.WorkspaceResourceMetadatum`
`177`	`177`	`workspaceResources []database.WorkspaceResource`
`@@ -542,7 +542,7 @@ func (q *FakeQuerier) templateVersionWithUserNoLock(tpl database.TemplateVersion`
`542`	`542`	`returnwithUser`
`543`	`543`	`}`
`544`	`544`
`545`		`-func (q*FakeQuerier)workspaceBuildWithUserNoLock(tpl database.WorkspaceBuildTable) database.WorkspaceBuild {`
	`545`	`+func (q*FakeQuerier)workspaceBuildWithUserNoLock(tpl database.WorkspaceBuild) database.WorkspaceBuild {`
`546`	`546`	`varuser database.User`
`547`	`547`	`for_,_user:=rangeq.users {`
`548`	`548`	`if_user.ID==tpl.InitiatorID {`
`@@ -2801,7 +2801,7 @@ func (q *FakeQuerier) GetQuotaConsumedForUser(_ context.Context, userID uuid.UUI`
`2801`	`2801`	`continue`
`2802`	`2802`	`}`
`2803`	`2803`
`2804`		`-varlastBuild database.WorkspaceBuildTable`
	`2804`	`+varlastBuild database.WorkspaceBuild`
`2805`	`2805`	`for_,build:=rangeq.workspaceBuilds {`
`2806`	`2806`	`ifbuild.WorkspaceID!=workspace.ID {`
`2807`	`2807`	`continue`
`@@ -3488,7 +3488,7 @@ func (q *FakeQuerier) GetTemplateParameterInsights(ctx context.Context, arg data`
`3488`	`3488`	`deferq.mutex.RUnlock()`
`3489`	`3489`
`3490`	`3490`	`// WITH latest_workspace_builds ...`
`3491`		`-latestWorkspaceBuilds:=make(map[uuid.UUID]database.WorkspaceBuildTable)`
	`3491`	`+latestWorkspaceBuilds:=make(map[uuid.UUID]database.WorkspaceBuild)`
`3492`	`3492`	`for_,wb:=rangeq.workspaceBuilds {`
`3493`	`3493`	`ifwb.CreatedAt.Before(arg.StartTime)\|\|wb.CreatedAt.Equal(arg.EndTime)\|\|wb.CreatedAt.After(arg.EndTime) {`
`3494`	`3494`	`continue`
`@@ -4270,20 +4270,14 @@ func (q *FakeQuerier) GetUsersByIDs(_ context.Context, ids []uuid.UUID) ([]datab`
`4270`	`4270`	`returnusers,nil`
`4271`	`4271`	`}`
`4272`	`4272`
`4273`		`-func (q*FakeQuerier)GetWorkspaceAgentAndOwnerByAuthToken(_ context.Context,authToken uuid.UUID) (database.GetWorkspaceAgentAndOwnerByAuthTokenRow,error) {`
	`4273`	`+func (q*FakeQuerier)GetWorkspaceAgentAndLatestBuildByAuthToken(_ context.Context,authToken uuid.UUID) (database.GetWorkspaceAgentAndLatestBuildByAuthTokenRow,error) {`
`4274`	`4274`	`q.mutex.RLock()`
`4275`	`4275`	`deferq.mutex.RUnlock()`
`4276`		`-`
`4277`		`-// map of build number -> row`
`4278`		`-rows:=make(map[int32]database.GetWorkspaceAgentAndOwnerByAuthTokenRow)`
`4279`		`-`
`4280`		`-// We want to return the latest build number`
`4281`		`-varlatestBuildNumberint32`
	`4276`	`+rows:= []database.GetWorkspaceAgentAndLatestBuildByAuthTokenRow{}`
	`4277`	`+// We want to return the latest build number for each workspace`
	`4278`	`+latestBuildNumber:=make(map[uuid.UUID]int32)`
`4282`	`4279`
`4283`	`4280`	`for_,agt:=rangeq.workspaceAgents {`
`4284`		`-ifagt.AuthToken!=authToken {`
`4285`		`-continue`
`4286`		`-}`
`4287`	`4281`	`// get the related workspace and user`
`4288`	`4282`	`for_,res:=rangeq.workspaceResources {`
`4289`	`4283`	`ifagt.ResourceID!=res.ID {`
`@@ -4300,47 +4294,43 @@ func (q *FakeQuerier) GetWorkspaceAgentAndOwnerByAuthToken(_ context.Context, au`
`4300`	`4294`	`ifws.Deleted {`
`4301`	`4295`	`continue`
`4302`	`4296`	`}`
`4303`		`-varrow database.GetWorkspaceAgentAndOwnerByAuthTokenRow`
`4304`		`-row.WorkspaceID=ws.ID`
`4305`		`-row.TemplateID=ws.TemplateID`
	`4297`	`+row:= database.GetWorkspaceAgentAndLatestBuildByAuthTokenRow{`
	`4298`	`+Workspace: database.Workspace{`
	`4299`	`+ID:ws.ID,`
	`4300`	`+TemplateID:ws.TemplateID,`
	`4301`	`+},`
	`4302`	`+WorkspaceAgent:agt,`
	`4303`	`+WorkspaceBuild:build,`
	`4304`	`+}`
`4306`	`4305`	`usr,err:=q.getUserByIDNoLock(ws.OwnerID)`
`4307`	`4306`	`iferr!=nil {`
`4308`		`-return database.GetWorkspaceAgentAndOwnerByAuthTokenRow{},sql.ErrNoRows`
`4309`		`-}`
`4310`		`-row.OwnerID=usr.ID`
`4311`		`-row.OwnerRoles=append(usr.RBACRoles,"member")`
`4312`		`-// We also need to get org roles for the user`
`4313`		`-row.OwnerName=usr.Username`
`4314`		`-row.WorkspaceAgent=agt`
`4315`		`-row.TemplateVersionID=build.TemplateVersionID`
`4316`		`-for_,mem:=rangeq.organizationMembers {`
`4317`		`-ifmem.UserID==usr.ID {`
`4318`		`-row.OwnerRoles=append(row.OwnerRoles,fmt.Sprintf("organization-member:%s",mem.OrganizationID.String()))`
`4319`		`-}`
`4320`		`-}`
`4321`		`-// And group memberships`
`4322`		`-for_,groupMem:=rangeq.groupMembers {`
`4323`		`-ifgroupMem.UserID==usr.ID {`
`4324`		`-row.OwnerGroups=append(row.OwnerGroups,groupMem.GroupID.String())`
`4325`		`-}`
	`4307`	`+return database.GetWorkspaceAgentAndLatestBuildByAuthTokenRow{},sql.ErrNoRows`
`4326`	`4308`	`}`
	`4309`	`+row.Workspace.OwnerID=usr.ID`
`4327`	`4310`
`4328`	`4311`	`// Keep track of the latest build number`
`4329`		`-rows[build.BuildNumber]=row`
`4330`		`-ifbuild.BuildNumber>latestBuildNumber {`
`4331`		`-latestBuildNumber=build.BuildNumber`
	`4312`	`+rows=append(rows,row)`
	`4313`	`+ifbuild.BuildNumber>latestBuildNumber[ws.ID] {`
	`4314`	`+latestBuildNumber[ws.ID]=build.BuildNumber`
`4332`	`4315`	`}`
`4333`	`4316`	`}`
`4334`	`4317`	`}`
`4335`	`4318`	`}`
`4336`	`4319`	`}`
`4337`	`4320`
`4338`		`-iflen(rows)==0 {`
`4339`		`-return database.GetWorkspaceAgentAndOwnerByAuthTokenRow{},sql.ErrNoRows`
	`4321`	`+fori:=rangerows {`
	`4322`	`+ifrows[i].WorkspaceAgent.AuthToken!=authToken {`
	`4323`	`+continue`
	`4324`	`+}`
	`4325`	`+`
	`4326`	`+ifrows[i].WorkspaceBuild.BuildNumber!=latestBuildNumber[rows[i].Workspace.ID] {`
	`4327`	`+continue`
	`4328`	`+}`
	`4329`	`+`
	`4330`	`+returnrows[i],nil`
`4340`	`4331`	`}`
`4341`	`4332`
`4342`		`-// Return the row related to the latest build`
`4343`		`-returnrows[latestBuildNumber],nil`
	`4333`	`+return database.GetWorkspaceAgentAndLatestBuildByAuthTokenRow{},sql.ErrNoRows`
`4344`	`4334`	`}`
`4345`	`4335`
`4346`	`4336`	`func (q*FakeQuerier)GetWorkspaceAgentByID(ctx context.Context,id uuid.UUID) (database.WorkspaceAgent,error) {`
`@@ -6243,7 +6233,7 @@ func (q *FakeQuerier) InsertWorkspaceBuild(_ context.Context, arg database.Inser`
`6243`	`6233`	`q.mutex.Lock()`
`6244`	`6234`	`deferq.mutex.Unlock()`
`6245`	`6235`
`6246`		`-workspaceBuild:= database.WorkspaceBuildTable{`
	`6236`	`+workspaceBuild:= database.WorkspaceBuild{`
`6247`	`6237`	`ID:arg.ID,`
`6248`	`6238`	`CreatedAt:arg.CreatedAt,`
`6249`	`6239`	`UpdatedAt:arg.UpdatedAt,`

`‎coderd/database/dbmetrics/dbmetrics.go`

Lines changed: 3 additions & 3 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/dbmock/dbmock.go`

Lines changed: 7 additions & 7 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/querier.go`

Lines changed: 1 addition & 1 deletion

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries.sql.go`

Lines changed: 66 additions & 72 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit0723dd3

File tree

15 files changed

15 files changed

`‎coderd/coderd.go`

`‎coderd/database/dbauthz/dbauthz.go`

`‎coderd/database/dbauthz/dbauthz_test.go`

`‎coderd/database/dbmem/dbmem.go`

`‎coderd/database/dbmetrics/dbmetrics.go`

`‎coderd/database/dbmock/dbmock.go`

`‎coderd/database/querier.go`

`‎coderd/database/queries.sql.go`

0 commit comments