NotificationsYou must be signed in to change notification settings
Fork1k
Star11.1k

Commit71fd196

authored

feat: Warn on coderd startup if access URL is localhost (#2248)

1 parentf79ab7f commit71fd196Copy full SHA for 71fd196

File tree

2 files changed

+72

-0

lines changed

cli
- server.go
- server_test.go

2 files changed

+72

-0

lines changed

`‎cli/server.go‎`

Lines changed: 43 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -203,6 +203,28 @@ func server() *cobra.Command {`
`203`	`203`	`_,_=fmt.Fprintln(cmd.ErrOrStderr())`
`204`	`204`	`}`
`205`	`205`
	`206`	`+// Warn the user if the access URL appears to be a loopback address.`
	`207`	`+isLocal,err:=isLocalURL(cmd.Context(),accessURL)`
	`208`	`+ifisLocal\|\|err!=nil {`
	`209`	`+varreasonstring`
	`210`	`+ifisLocal {`
	`211`	`+reason="appears to be a loopback address"`
	`212`	`+}else {`
	`213`	`+reason="could not be resolved"`
	`214`	`+}`
	`215`	`+_,_=fmt.Fprintf(cmd.ErrOrStderr(),cliui.Styles.Wrap.Render(`
	`216`	`+cliui.Styles.Warn.Render("Warning:")+" The current access URL:")+"\n\n")`
	`217`	`+_,_=fmt.Fprintf(cmd.ErrOrStderr()," "+cliui.Styles.Field.Render(accessURL)+"\n\n")`
	`218`	`+_,_=fmt.Fprintf(cmd.ErrOrStderr(),cliui.Styles.Wrap.Render(`
	`219`	`+reason+". Provisioned workspaces are unlikely to be able to "+`
	`220`	`+"connect to Coder. Please consider changing your "+`
	`221`	`+"access URL using the --access-url option, or directly "+`
	`222`	`+"specifying access URLs on templates.",`
	`223`	`+)+"\n\n")`
	`224`	`+_,_=fmt.Fprintf(cmd.ErrOrStderr(),"For more information, see "+`
	`225`	`+"https://github.com/coder/coder/issues/1528\n\n")`
	`226`	`+}`
	`227`	`+`
`206`	`228`	`validator,err:=idtoken.NewValidator(cmd.Context(),option.WithoutAuthentication())`
`207`	`229`	`iferr!=nil {`
`208`	`230`	`returnerr`
`@@ -803,3 +825,24 @@ func serveHandler(ctx context.Context, logger slog.Logger, handler http.Handler,`
`803`	`825`
`804`	`826`	`returnfunc() {_=srv.Close() }`
`805`	`827`	`}`
	`828`	`+`
	`829`	`+// isLocalURL returns true if the hostname of the provided URL appears to`
	`830`	`+// resolve to a loopback address.`
	`831`	`+funcisLocalURL(ctx context.Context,urlStringstring) (bool,error) {`
	`832`	`+parsedURL,err:=url.Parse(urlString)`
	`833`	`+iferr!=nil {`
	`834`	`+returnfalse,err`
	`835`	`+}`
	`836`	`+resolver:=&net.Resolver{}`
	`837`	`+ips,err:=resolver.LookupIPAddr(ctx,parsedURL.Hostname())`
	`838`	`+iferr!=nil {`
	`839`	`+returnfalse,err`
	`840`	`+}`
	`841`	`+`
	`842`	`+for_,ip:=rangeips {`
	`843`	`+ifip.IP.IsLoopback() {`
	`844`	`+returntrue,nil`
	`845`	`+}`
	`846`	`+}`
	`847`	`+returnfalse,nil`
	`848`	`+}`

`‎cli/server_test.go‎`

Lines changed: 29 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -118,6 +118,9 @@ func TestServer(t *testing.T) {`
`118`	`118`	`}else {`
`119`	`119`	`t.Error("expected password line output; got no match")`
`120`	`120`	`}`
	`121`	`+`
	`122`	`+// Verify that we warned the user about the default access URL possibly not being what they want.`
	`123`	`+assert.Contains(t,buf.String(),"coder/coder/issues/1528")`
`121`	`124`	`})`
`122`	`125`
`123`	`126`	`// Duplicated test from "Development" above to test setting email/password via env.`
`@@ -163,6 +166,32 @@ func TestServer(t *testing.T) {`
`163`	`166`	`assert.Contains(t,buf.String(),fmt.Sprintf("password: %s",wantPassword),"expected output %q; got no match",wantPassword)`
`164`	`167`	`})`
`165`	`168`
	`169`	`+t.Run("NoWarningWithRemoteAccessURL",func(t*testing.T) {`
	`170`	`+t.Parallel()`
	`171`	`+ctx,cancelFunc:=context.WithCancel(context.Background())`
	`172`	`+defercancelFunc()`
	`173`	`+`
	`174`	`+root,cfg:=clitest.New(t,"server","--dev","--tunnel=false","--address",":0","--access-url","http://1.2.3.4:3000/")`
	`175`	`+varbuf strings.Builder`
	`176`	`+errC:=make(chanerror)`
	`177`	`+root.SetOutput(&buf)`
	`178`	`+gofunc() {`
	`179`	`+errC<-root.ExecuteContext(ctx)`
	`180`	`+}()`
	`181`	`+`
	`182`	`+// Just wait for startup`
	`183`	`+require.Eventually(t,func()bool {`
	`184`	`+varerrerror`
	`185`	`+_,err=cfg.URL().Read()`
	`186`	`+returnerr==nil`
	`187`	`+},15time.Second,25time.Millisecond)`
	`188`	`+`
	`189`	`+cancelFunc()`
	`190`	`+require.ErrorIs(t,<-errC,context.Canceled)`
	`191`	`+`
	`192`	`+assert.NotContains(t,buf.String(),"coder/coder/issues/1528")`
	`193`	`+})`
	`194`	`+`
`166`	`195`	`t.Run("TLSBadVersion",func(t*testing.T) {`
`167`	`196`	`t.Parallel()`
`168`	`197`	`ctx,cancelFunc:=context.WithCancel(context.Background())`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit71fd196

File tree

2 files changed

2 files changed

`‎cli/server.go‎`

`‎cli/server_test.go‎`

0 commit comments