Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit4dfc69d

Browse files
committed
Break out workspace app cors handler
This will make it easier to test.
1 parented41edd commit4dfc69d

File tree

2 files changed

+35
-33
lines changed

2 files changed

+35
-33
lines changed

‎coderd/httpmw/cors.go

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,12 @@ package httpmw
22

33
import (
44
"net/http"
5+
"net/url"
6+
"regexp"
57

68
"github.com/go-chi/cors"
9+
10+
"github.com/coder/coder/coderd/httpapi"
711
)
812

913
//nolint:revive
@@ -25,3 +29,33 @@ func Cors(allowAll bool, origins ...string) func(next http.Handler) http.Handler
2529
AllowCredentials:false,
2630
})
2731
}
32+
33+
funcWorkspaceAppCors(regex*regexp.Regexp,app httpapi.ApplicationURL)func(next http.Handler) http.Handler {
34+
returncors.Handler(cors.Options{
35+
AllowOriginFunc:func(r*http.Request,rawOriginstring)bool {
36+
origin,err:=url.Parse(rawOrigin)
37+
ifrawOrigin==""||origin.Host==""||err!=nil {
38+
returnfalse
39+
}
40+
subdomain,ok:=httpapi.ExecuteHostnamePattern(regex,origin.Host)
41+
if!ok {
42+
returnfalse
43+
}
44+
originApp,err:=httpapi.ParseSubdomainAppURL(subdomain)
45+
iferr!=nil {
46+
returnfalse
47+
}
48+
returnok&&originApp.Username==app.Username
49+
},
50+
AllowedMethods: []string{
51+
http.MethodHead,
52+
http.MethodGet,
53+
http.MethodPost,
54+
http.MethodPut,
55+
http.MethodPatch,
56+
http.MethodDelete,
57+
},
58+
AllowedHeaders: []string{"*"},
59+
AllowCredentials:true,
60+
})
61+
}

‎coderd/workspaceapps/proxy.go

Lines changed: 1 addition & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@ import (
1313
"sync"
1414

1515
"github.com/go-chi/chi/v5"
16-
"github.com/go-chi/cors"
1716
"github.com/google/uuid"
1817
"go.opentelemetry.io/otel/trace"
1918
"nhooyr.io/websocket"
@@ -364,22 +363,7 @@ func (s *Server) HandleSubdomain(middlewares ...func(http.Handler) http.Handler)
364363

365364
// Use the passed in app middlewares before checking authentication and
366365
// passing to the proxy app.
367-
mws:=chi.Middlewares(append(middlewares,cors.Handler(cors.Options{
368-
AllowOriginFunc:func(r*http.Request,originstring)bool {
369-
originApp,ok:=s.parseOrigin(origin)
370-
returnok&&originApp.Username==app.Username
371-
},
372-
AllowedMethods: []string{
373-
http.MethodHead,
374-
http.MethodGet,
375-
http.MethodPost,
376-
http.MethodPut,
377-
http.MethodPatch,
378-
http.MethodDelete,
379-
},
380-
AllowedHeaders: []string{"*"},
381-
AllowCredentials:true,
382-
})))
366+
mws:=chi.Middlewares(append(middlewares,httpmw.WorkspaceAppCors(s.HostnameRegex,app)))
383367
mws.Handler(http.HandlerFunc(func(rw http.ResponseWriter,r*http.Request) {
384368
if!s.handleAPIKeySmuggling(rw,r,AccessMethodSubdomain) {
385369
return
@@ -411,22 +395,6 @@ func (s *Server) HandleSubdomain(middlewares ...func(http.Handler) http.Handler)
411395
}
412396
}
413397

414-
func (s*Server)parseOrigin(rawOriginstring) (httpapi.ApplicationURL,bool) {
415-
origin,err:=url.Parse(rawOrigin)
416-
ifrawOrigin==""||origin.Host==""||err!=nil {
417-
return httpapi.ApplicationURL{},false
418-
}
419-
subdomain,ok:=httpapi.ExecuteHostnamePattern(s.HostnameRegex,origin.Host)
420-
if!ok {
421-
return httpapi.ApplicationURL{},false
422-
}
423-
app,err:=httpapi.ParseSubdomainAppURL(subdomain)
424-
iferr!=nil {
425-
return httpapi.ApplicationURL{},false
426-
}
427-
returnapp,true
428-
}
429-
430398
// parseHostname will return if a given request is attempting to access a
431399
// workspace app via a subdomain. If it is, the hostname of the request is parsed
432400
// into an httpapi.ApplicationURL and true is returned. If the request is not

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp