NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit2cc758f

committed

chore: add comment explaining all the ambiguity

1 parent21ffe80 commit2cc758fCopy full SHA for 2cc758f

File tree

7 files changed

+43

-25

lines changed

coderd
- apikey.go
- coderd.go
- identityprovider
  - tokens.go
- provisionerdserver
  - provisionerdserver.go
- userauth.go
- workspaceapps.go
codersdk
- deployment.go

7 files changed

+43

-25

lines changed

`‎coderd/apikey.go`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -84,7 +84,7 @@ func (api API) postToken(rw http.ResponseWriter, r http.Request) {`
`84`	`84`	`cookie,key,err:=api.createAPIKey(ctx, apikey.CreateParams{`
`85`	`85`	`UserID:user.ID,`
`86`	`86`	`LoginType:database.LoginTypeToken,`
`87`		`-DefaultLifetime:api.DeploymentValues.SessionDuration.Value(),`
	`87`	`+DefaultLifetime:api.DeploymentValues.Sessions.DefaultSessionDuration.Value(),`
`88`	`88`	`ExpiresAt:dbtime.Now().Add(lifeTime),`
`89`	`89`	`Scope:scope,`
`90`	`90`	`LifetimeSeconds:int64(lifeTime.Seconds()),`
`@@ -128,7 +128,7 @@ func (api API) postAPIKey(rw http.ResponseWriter, r http.Request) {`
`128`	`128`	`lifeTime:=time.Hour247`
`129`	`129`	`cookie,_,err:=api.createAPIKey(ctx, apikey.CreateParams{`
`130`	`130`	`UserID:user.ID,`
`131`		`-DefaultLifetime:api.DeploymentValues.SessionDuration.Value(),`
	`131`	`+DefaultLifetime:api.DeploymentValues.Sessions.DefaultSessionDuration.Value(),`
`132`	`132`	`LoginType:database.LoginTypePassword,`
`133`	`133`	`RemoteAddr:r.RemoteAddr,`
`134`	`134`	`// All api generated keys will last 1 week. Browser login tokens have`

`‎coderd/coderd.go`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -566,7 +566,7 @@ func New(options Options) API {`
`566`	`566`	`DB:options.Database,`
`567`	`567`	`OAuth2Configs:oauthConfigs,`
`568`	`568`	`RedirectToLogin:false,`
`569`		`-DisableSessionExpiryRefresh:options.DeploymentValues.DisableSessionExpiryRefresh.Value(),`
	`569`	`+DisableSessionExpiryRefresh:options.DeploymentValues.Sessions.DisableSessionExpiryRefresh.Value(),`
`570`	`570`	`Optional:false,`
`571`	`571`	`SessionTokenFunc:nil,// Default behavior`
`572`	`572`	`PostAuthAdditionalHeadersFunc:options.PostAuthAdditionalHeadersFunc,`
`@@ -576,7 +576,7 @@ func New(options Options) API {`
`576`	`576`	`DB:options.Database,`
`577`	`577`	`OAuth2Configs:oauthConfigs,`
`578`	`578`	`RedirectToLogin:true,`
`579`		`-DisableSessionExpiryRefresh:options.DeploymentValues.DisableSessionExpiryRefresh.Value(),`
	`579`	`+DisableSessionExpiryRefresh:options.DeploymentValues.Sessions.DisableSessionExpiryRefresh.Value(),`
`580`	`580`	`Optional:false,`
`581`	`581`	`SessionTokenFunc:nil,// Default behavior`
`582`	`582`	`PostAuthAdditionalHeadersFunc:options.PostAuthAdditionalHeadersFunc,`
`@@ -586,7 +586,7 @@ func New(options Options) API {`
`586`	`586`	`DB:options.Database,`
`587`	`587`	`OAuth2Configs:oauthConfigs,`
`588`	`588`	`RedirectToLogin:false,`
`589`		`-DisableSessionExpiryRefresh:options.DeploymentValues.DisableSessionExpiryRefresh.Value(),`
	`589`	`+DisableSessionExpiryRefresh:options.DeploymentValues.Sessions.DisableSessionExpiryRefresh.Value(),`
`590`	`590`	`Optional:true,`
`591`	`591`	`SessionTokenFunc:nil,// Default behavior`
`592`	`592`	`PostAuthAdditionalHeadersFunc:options.PostAuthAdditionalHeadersFunc,`

`‎coderd/identityprovider/tokens.go`

Lines changed: 6 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,6 @@ import (`
`7`	`7`	`"fmt"`
`8`	`8`	`"net/http"`
`9`	`9`	`"net/url"`
`10`		`-"time"`
`11`	`10`
`12`	`11`	`"github.com/google/uuid"`
`13`	`12`	`"golang.org/x/oauth2"`
`@@ -199,9 +198,9 @@ func authorizationCodeGrant(ctx context.Context, db database.Store, app database`
`199`	`198`	`// TODO: We are ignoring scopes for now.`
`200`	`199`	`tokenName:=fmt.Sprintf("%s_%s_oauth_session_token",dbCode.UserID,app.ID)`
`201`	`200`	`key,sessionToken,err:=apikey.Generate(apikey.CreateParams{`
`202`		`-UserID:dbCode.UserID,`
`203`		`-LoginType:database.LoginTypeOAuth2ProviderApp,`
`204`		`-SessionCfg:lifetimes,`
	`201`	`+UserID:dbCode.UserID,`
	`202`	`+LoginType:database.LoginTypeOAuth2ProviderApp,`
	`203`	`+DefaultLifetime:lifetimes.DefaultSessionDuration.Value(),`
`205`	`204`	`// For now, we allow only one token per app and user at a time.`
`206`	`205`	`TokenName:tokenName,`
`207`	`206`	`})`
`@@ -328,9 +327,9 @@ func refreshTokenGrant(ctx context.Context, db database.Store, app database.OAut`
`328`	`327`	`// TODO: We are ignoring scopes for now.`
`329`	`328`	`tokenName:=fmt.Sprintf("%s_%s_oauth_session_token",prevKey.UserID,app.ID)`
`330`	`329`	`key,sessionToken,err:=apikey.Generate(apikey.CreateParams{`
`331`		`-UserID:prevKey.UserID,`
`332`		`-LoginType:database.LoginTypeOAuth2ProviderApp,`
`333`		`-SessionCfg:lifetimes,`
	`330`	`+UserID:prevKey.UserID,`
	`331`	`+LoginType:database.LoginTypeOAuth2ProviderApp,`
	`332`	`+DefaultLifetime:lifetimes.DefaultSessionDuration.Value(),`
`334`	`333`	`// For now, we allow only one token per app and user at a time.`
`335`	`334`	`TokenName:tokenName,`
`336`	`335`	`})`

`‎coderd/provisionerdserver/provisionerdserver.go`

Lines changed: 5 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -1723,10 +1723,11 @@ func workspaceSessionTokenName(workspace database.Workspace) string {`
`1723`	`1723`
`1724`	`1724`	`func (s*server)regenerateSessionToken(ctx context.Context,user database.User,workspace database.Workspace) (string,error) {`
`1725`	`1725`	`newkey,sessionToken,err:=apikey.Generate(apikey.CreateParams{`
`1726`		`-UserID:user.ID,`
`1727`		`-LoginType:user.LoginType,`
`1728`		`-SessionCfg:s.DeploymentValues.Sessions,`
`1729`		`-TokenName:workspaceSessionTokenName(workspace),`
	`1726`	`+UserID:user.ID,`
	`1727`	`+LoginType:user.LoginType,`
	`1728`	`+TokenName:workspaceSessionTokenName(workspace),`
	`1729`	`+DefaultLifetime:s.DeploymentValues.Sessions.DefaultSessionDuration.Value(),`
	`1730`	`+LifetimeSeconds:int64(s.DeploymentValues.Sessions.MaxTokenLifetime.Value().Seconds()),`
`1730`	`1731`	`})`
`1731`	`1732`	`iferr!=nil {`
`1732`	`1733`	`return"",xerrors.Errorf("generate API key: %w",err)`

`‎coderd/userauth.go`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -252,7 +252,7 @@ func (api API) postLogin(rw http.ResponseWriter, r http.Request) {`
`252`	`252`	`UserID:user.ID,`
`253`	`253`	`LoginType:database.LoginTypePassword,`
`254`	`254`	`RemoteAddr:r.RemoteAddr,`
`255`		`-DefaultLifetime:api.DeploymentValues.SessionDuration.Value(),`
	`255`	`+DefaultLifetime:api.DeploymentValues.Sessions.DefaultSessionDuration.Value(),`
`256`	`256`	`})`
`257`	`257`	`iferr!=nil {`
`258`	`258`	`logger.Error(ctx,"unable to create API key",slog.Error(err))`
`@@ -1612,7 +1612,7 @@ func (api API) oauthLogin(r http.Request, params oauthLoginParams) ([]http.C`
`1612`	`1612`	`cookie,newKey,err:=api.createAPIKey(dbauthz.AsSystemRestricted(ctx), apikey.CreateParams{`
`1613`	`1613`	`UserID:user.ID,`
`1614`	`1614`	`LoginType:params.LoginType,`
`1615`		`-DefaultLifetime:api.DeploymentValues.SessionDuration.Value(),`
	`1615`	`+DefaultLifetime:api.DeploymentValues.Sessions.DefaultSessionDuration.Value(),`
`1616`	`1616`	`RemoteAddr:r.RemoteAddr,`
`1617`	`1617`	`})`
`1618`	`1618`	`iferr!=nil {`

`‎coderd/workspaceapps.go`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -102,14 +102,14 @@ func (api API) workspaceApplicationAuth(rw http.ResponseWriter, r http.Request`
`102`	`102`	`// the current session.`
`103`	`103`	`exp:=apiKey.ExpiresAt`
`104`	`104`	`lifetimeSeconds:=apiKey.LifetimeSeconds`
`105`		`-ifexp.IsZero()\|\|time.Until(exp)>api.DeploymentValues.SessionDuration.Value() {`
`106`		`-exp=dbtime.Now().Add(api.DeploymentValues.SessionDuration.Value())`
`107`		`-lifetimeSeconds=int64(api.DeploymentValues.SessionDuration.Value().Seconds())`
	`105`	`+ifexp.IsZero()\|\|time.Until(exp)>api.DeploymentValues.Sessions.DefaultSessionDuration.Value() {`
	`106`	`+exp=dbtime.Now().Add(api.DeploymentValues.Sessions.DefaultSessionDuration.Value())`
	`107`	`+lifetimeSeconds=int64(api.DeploymentValues.Sessions.DefaultSessionDuration.Value().Seconds())`
`108`	`108`	`}`
`109`	`109`	`cookie,_,err:=api.createAPIKey(ctx, apikey.CreateParams{`
`110`	`110`	`UserID:apiKey.UserID,`
`111`	`111`	`LoginType:database.LoginTypePassword,`
`112`		`-DefaultLifetime:api.DeploymentValues.SessionDuration.Value(),`
	`112`	`+DefaultLifetime:api.DeploymentValues.Sessions.DefaultSessionDuration.Value(),`
`113`	`113`	`ExpiresAt:exp,`
`114`	`114`	`LifetimeSeconds:lifetimeSeconds,`
`115`	`115`	`Scope:database.APIKeyScopeApplicationConnect,`

`‎codersdk/deployment.go`

Lines changed: 21 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -242,11 +242,29 @@ func ParseSSHConfigOption(opt string) (key string, value string, err error) {`
`242`	`242`	`returnopt[:idx],opt[idx+1:],nil`
`243`	`243`	`}`
`244`	`244`
`245`		`-// SessionLifetime should be any configuration related to creating apikeys and tokens.`
	`245`	`+// SessionLifetime refers to "sessions" authenticating into Coderd. Coder has`
	`246`	`+// multiple different session types: api keys, tokens, workspace app tokens,`
	`247`	`+// agent tokens, etc. This configuration struct should be used to group all`
	`248`	`+// settings referring to any of these session lifetime controls.`
	`249`	`+// TODO: These config options were created back when coder only had api keys.`
	`250`	`+// Today, the config is ambigously used for all of them. For example:`
	`251`	`+// - cli based api keys ignore all settings`
	`252`	`+// - login uses the default lifetime, not the MaxTokenLifetime`
	`253`	`+// - Tokens use the Default & MaxTokenLifetime`
	`254`	`+// - ... etc ...`
	`255`	`+// The rational behind each decision is undocumented. The naming behind these`
	`256`	`+// config options is also confusing without any clear documentation.`
	`257`	`+// 'CreateAPIKey' is used to make all sessions, and it's parameters are just`
	`258`	`+// 'LifetimeSeconds' and 'DefaultLifetime'. Which does not directly correlate to`
	`259`	`+// the config options here.`
`246`	`260`	`typeSessionLifetimestruct {`
	`261`	`+// DisableSessionExpiryRefresh will disable automatically refreshing api`
	`262`	`+// keys when they are used from the api. This means the api key lifetime at`
	`263`	`+// creation is the lifetime of the api key.`
	`264`	+DisableSessionExpiryRefresh serpent.Bool`json:"disable_session_expiry_refresh,omitempty" typescript:",notnull"`
	`265`	`+`
`247`	`266`	`// DefaultSessionDuration is for api keys, not tokens.`
`248`		-DefaultSessionDuration serpent.Duration`json:"max_session_expiry" typescript:",notnull"`
`249`		-DisableSessionExpiryRefresh serpent.Bool`json:"disable_session_expiry_refresh,omitempty" typescript:",notnull"`
	`267`	+DefaultSessionDuration serpent.Duration`json:"max_session_expiry" typescript:",notnull"`
`250`	`268`
`251`	`269`	MaxTokenLifetime serpent.Duration`json:"max_token_lifetime,omitempty" typescript:",notnull"`
`252`	`270`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit2cc758f

File tree

7 files changed

7 files changed

`‎coderd/apikey.go`

`‎coderd/coderd.go`

`‎coderd/identityprovider/tokens.go`

`‎coderd/provisionerdserver/provisionerdserver.go`

`‎coderd/userauth.go`

`‎coderd/workspaceapps.go`

`‎codersdk/deployment.go`

0 commit comments