NotificationsYou must be signed in to change notification settings
Fork1.1k
Star11.4k

Commitc3eb94d

committed

reuse apikey generate for more places

1 parenta955690 commitc3eb94dCopy full SHA for c3eb94d

File tree

8 files changed

+25

-32

lines changed

coderd
- apikey
  - apikey.go
- database/dbgen
  - dbgen.go
- httpmw
- provisionerkey
  - provisionerkey.go
enterprise
- coderd
  - workspaceproxy.go
- x/aibridgedserver
  - aibridgedserver_test.go

8 files changed

+25

-32

lines changed

`‎coderd/apikey/apikey.go‎`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -154,19 +154,19 @@ func GenerateSecret(length int) (secret string, hashed []byte, err error) {`
`154`	`154`	`iferr!=nil {`
`155`	`155`	`return"",nil,err`
`156`	`156`	`}`
`157`		`-hash:=hashSecret(secret)`
	`157`	`+hash:=HashSecret(secret)`
`158`	`158`	`returnsecret,hash[:],nil`
`159`	`159`	`}`
`160`	`160`
`161`	`161`	`// ValidateHash compares a secret against an expected hashed secret.`
`162`	`162`	`funcValidateHash(hashedSecret []byte,secretstring)bool {`
`163`		`-hash:=hashSecret(secret)`
	`163`	`+hash:=HashSecret(secret)`
`164`	`164`	`returnsubtle.ConstantTimeCompare(hashedSecret,hash[:])==1`
`165`	`165`	`}`
`166`	`166`
`167`		`-//hashSecret is the single function used to hash API key secrets.`
	`167`	`+//HashSecret is the single function used to hash API key secrets.`
`168`	`168`	`// Use this to ensure a consistent hashing algorithm.`
`169`		`-funchashSecret(secretstring) []byte {`
	`169`	`+funcHashSecret(secretstring) []byte {`
`170`	`170`	`hash:=sha256.Sum256([]byte(secret))`
`171`	`171`	`returnhash[:]`
`172`	`172`	`}`

`‎coderd/database/dbgen/dbgen.go‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@ import (`
`20`	`20`	`"github.com/stretchr/testify/require"`
`21`	`21`	`"golang.org/x/xerrors"`
`22`	`22`
	`23`	`+"github.com/coder/coder/v2/coderd/apikey"`
`23`	`24`	`"github.com/coder/coder/v2/coderd/database"`
`24`	`25`	`"github.com/coder/coder/v2/coderd/database/db2sdk"`
`25`	`26`	`"github.com/coder/coder/v2/coderd/database/dbauthz"`
`@@ -980,9 +981,8 @@ func WorkspaceResourceMetadatums(t testing.TB, db database.Store, seed database.`
`980`	`981`	`}`
`981`	`982`
`982`	`983`	`funcWorkspaceProxy(t testing.TB,db database.Store,orig database.WorkspaceProxy) (database.WorkspaceProxy,string) {`
`983`		`-secret,err:=cryptorand.HexString(64)`
	`984`	`+secret,hashedSecret,err:=apikey.GenerateSecret(64)`
`984`	`985`	`require.NoError(t,err,"generate secret")`
`985`		`-hashedSecret:=sha256.Sum256([]byte(secret))`
`986`	`986`
`987`	`987`	`proxy,err:=db.InsertWorkspaceProxy(genCtx, database.InsertWorkspaceProxyParams{`
`988`	`988`	`ID:takeFirst(orig.ID,uuid.New()),`

`‎coderd/httpmw/apikey_test.go‎`

Lines changed: 8 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,7 @@ import (`
`19`	`19`	`"golang.org/x/exp/slices"`
`20`	`20`	`"golang.org/x/oauth2"`
`21`	`21`
	`22`	`+"github.com/coder/coder/v2/coderd/apikey"`
`22`	`23`	`"github.com/coder/coder/v2/coderd/database"`
`23`	`24`	`"github.com/coder/coder/v2/coderd/database/dbauthz"`
`24`	`25`	`"github.com/coder/coder/v2/coderd/database/dbgen"`
`@@ -32,10 +33,10 @@ import (`
`32`	`33`	`"github.com/coder/coder/v2/testutil"`
`33`	`34`	`)`
`34`	`35`
`35`		`-funcrandomAPIKeyParts() (idstring,secretstring) {`
	`36`	`+funcrandomAPIKeyParts() (idstring,secretstring,hashedSecret []byte) {`
`36`	`37`	`id,_=cryptorand.String(10)`
`37`		`-secret,_=cryptorand.String(22)`
`38`		`-returnid,secret`
	`38`	`+secret,hashedSecret,_=apikey.GenerateSecret(22)`
	`39`	`+returnid,secret,hashedSecret`
`39`	`40`	`}`
`40`	`41`
`41`	`42`	`funcTestAPIKey(t*testing.T) {`
`@@ -171,10 +172,10 @@ func TestAPIKey(t *testing.T) {`
`171`	`172`	`t.Run("NotFound",func(t*testing.T) {`
`172`	`173`	`t.Parallel()`
`173`	`174`	`var (`
`174`		`-db,_=dbtestutil.NewDB(t)`
`175`		`-id,secret=randomAPIKeyParts()`
`176`		`-r=httptest.NewRequest("GET","/",nil)`
`177`		`-rw=httptest.NewRecorder()`
	`175`	`+db,_=dbtestutil.NewDB(t)`
	`176`	`+id,secret,_=randomAPIKeyParts()`
	`177`	`+r=httptest.NewRequest("GET","/",nil)`
	`178`	`+rw=httptest.NewRecorder()`
`178`	`179`	`)`
`179`	`180`	`r.Header.Set(codersdk.SessionTokenHeader,fmt.Sprintf("%s-%s",id,secret))`
`180`	`181`

`‎coderd/httpmw/authorize_test.go‎`

Lines changed: 1 addition & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,6 @@ package httpmw_test`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"context"`
`5`		`-"crypto/sha256"`
`6`	`5`	`"fmt"`
`7`	`6`	`"net"`
`8`	`7`	`"net/http"`
`@@ -143,8 +142,7 @@ func TestExtractUserRoles(t *testing.T) {`
`143`	`142`
`144`	`143`	`funcaddUser(t*testing.T,db database.Store,roles...string) (database.User,string) {`
`145`	`144`	`var (`
`146`		`-id,secret=randomAPIKeyParts()`
`147`		`-hashed=sha256.Sum256([]byte(secret))`
	`145`	`+id,secret,hashed=randomAPIKeyParts()`
`148`	`146`	`)`
`149`	`147`	`ifroles==nil {`
`150`	`148`	`roles= []string{}`

`‎coderd/httpmw/workspaceparam_test.go‎`

Lines changed: 1 addition & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,6 @@ package httpmw_test`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"context"`
`5`		`-"crypto/sha256"`
`6`	`5`	`"encoding/json"`
`7`	`6`	`"fmt"`
`8`	`7`	`"net"`
`@@ -32,8 +31,7 @@ func TestWorkspaceParam(t *testing.T) {`
`32`	`31`
`33`	`32`	`setup:=func(db database.Store) (*http.Request, database.User) {`
`34`	`33`	`var (`
`35`		`-id,secret=randomAPIKeyParts()`
`36`		`-hashed=sha256.Sum256([]byte(secret))`
	`34`	`+id,secret,hashed=randomAPIKeyParts()`
`37`	`35`	`)`
`38`	`36`	`r:=httptest.NewRequest("GET","/",nil)`
`39`	`37`	`r.Header.Set(codersdk.SessionTokenHeader,fmt.Sprintf("%s-%s",id,secret))`

`‎coderd/provisionerkey/provisionerkey.go‎`

Lines changed: 4 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,23 +1,22 @@`
`1`	`1`	`package provisionerkey`
`2`	`2`
`3`	`3`	`import (`
`4`		`-"crypto/sha256"`
`5`	`4`	`"crypto/subtle"`
`6`	`5`
`7`	`6`	`"github.com/google/uuid"`
`8`	`7`	`"golang.org/x/xerrors"`
`9`	`8`
	`9`	`+"github.com/coder/coder/v2/coderd/apikey"`
`10`	`10`	`"github.com/coder/coder/v2/coderd/database"`
`11`	`11`	`"github.com/coder/coder/v2/coderd/database/dbtime"`
`12`		`-"github.com/coder/coder/v2/cryptorand"`
`13`	`12`	`)`
`14`	`13`
`15`	`14`	`const (`
`16`	`15`	`secretLength=43`
`17`	`16`	`)`
`18`	`17`
`19`	`18`	`funcNew(organizationID uuid.UUID,namestring,tagsmap[string]string) (database.InsertProvisionerKeyParams,string,error) {`
`20`		`-secret,err:=cryptorand.String(secretLength)`
	`19`	`+secret,hashed,err:=apikey.GenerateSecret(secretLength)`
`21`	`20`	`iferr!=nil {`
`22`	`21`	`return database.InsertProvisionerKeyParams{},"",xerrors.Errorf("generate secret: %w",err)`
`23`	`22`	`}`
`@@ -31,7 +30,7 @@ func New(organizationID uuid.UUID, name string, tags map[string]string) (databas`
`31`	`30`	`CreatedAt:dbtime.Now(),`
`32`	`31`	`OrganizationID:organizationID,`
`33`	`32`	`Name:name,`
`34`		`-HashedSecret:HashSecret(secret),`
	`33`	`+HashedSecret:hashed,`
`35`	`34`	`Tags:tags,`
`36`	`35`	`},secret,nil`
`37`	`36`	`}`
`@@ -45,8 +44,7 @@ func Validate(token string) error {`
`45`	`44`	`}`
`46`	`45`
`47`	`46`	`funcHashSecret(secretstring) []byte {`
`48`		`-h:=sha256.Sum256([]byte(secret))`
`49`		`-returnh[:]`
	`47`	`+returnapikey.HashSecret(secret)`
`50`	`48`	`}`
`51`	`49`
`52`	`50`	`funcCompare(a []byte,b []byte)bool {`

`‎enterprise/coderd/workspaceproxy.go‎`

Lines changed: 3 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,6 @@ package coderd`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"context"`
`5`		`-"crypto/sha256"`
`6`	`5`	`"database/sql"`
`7`	`6`	`"fmt"`
`8`	`7`	`"net/http"`
`@@ -16,6 +15,7 @@ import (`
`16`	`15`
`17`	`16`	`"cdr.dev/slog"`
`18`	`17`	`agpl"github.com/coder/coder/v2/coderd"`
	`18`	`+"github.com/coder/coder/v2/coderd/apikey"`
`19`	`19`	`"github.com/coder/coder/v2/coderd/audit"`
`20`	`20`	`"github.com/coder/coder/v2/coderd/database"`
`21`	`21`	`"github.com/coder/coder/v2/coderd/database/db2sdk"`
`@@ -28,7 +28,6 @@ import (`
`28`	`28`	`"github.com/coder/coder/v2/coderd/workspaceapps"`
`29`	`29`	`"github.com/coder/coder/v2/coderd/workspaceapps/appurl"`
`30`	`30`	`"github.com/coder/coder/v2/codersdk"`
`31`		`-"github.com/coder/coder/v2/cryptorand"`
`32`	`31`	`"github.com/coder/coder/v2/enterprise/coderd/proxyhealth"`
`33`	`32`	`"github.com/coder/coder/v2/enterprise/replicasync"`
`34`	`33`	`"github.com/coder/coder/v2/enterprise/wsproxy/wsproxysdk"`
`@@ -934,11 +933,11 @@ func (api API) reconnectingPTYSignedToken(rw http.ResponseWriter, r http.Reque`
`934`	`933`	`}`
`935`	`934`
`936`	`935`	`funcgenerateWorkspaceProxyToken(id uuid.UUID) (tokenstring,hashed []byte,errerror) {`
`937`		`-secret,err:=cryptorand.HexString(64)`
	`936`	`+secret,hashedSecret,err:=apikey.GenerateSecret(64)`
`938`	`937`	`iferr!=nil {`
`939`	`938`	`return"",nil,xerrors.Errorf("generate token: %w",err)`
`940`	`939`	`}`
`941`		`-hashedSecret:=sha256.Sum256([]byte(secret))`
	`940`	`+`
`942`	`941`	`fullToken:=fmt.Sprintf("%s:%s",id,secret)`
`943`	`942`	`returnfullToken,hashedSecret[:],nil`
`944`	`943`	`}`

`‎enterprise/x/aibridgedserver/aibridgedserver_test.go‎`

Lines changed: 2 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,6 @@ package aibridgedserver_test`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"context"`
`5`		`-"crypto/sha256"`
`6`	`5`	`"database/sql"`
`7`	`6`	`"encoding/json"`
`8`	`7`	`"fmt"`
`@@ -21,6 +20,7 @@ import (`
`21`	`20`	`"google.golang.org/protobuf/types/known/structpb"`
`22`	`21`	`"google.golang.org/protobuf/types/known/timestamppb"`
`23`	`22`
	`23`	`+"github.com/coder/coder/v2/coderd/apikey"`
`24`	`24`	`"github.com/coder/coder/v2/coderd/database"`
`25`	`25`	`"github.com/coder/coder/v2/coderd/database/dbmock"`
`26`	`26`	`"github.com/coder/coder/v2/coderd/database/dbtime"`
`@@ -138,9 +138,8 @@ func TestAuthorization(t *testing.T) {`
`138`	`138`	`}`
`139`	`139`
`140`	`140`	`keyID,_:=cryptorand.String(10)`
`141`		`-keySecret,_:=cryptorand.String(22)`
	`141`	`+keySecret,keySecretHashed,_:=apikey.GenerateSecret(22)`
`142`	`142`	`token:=fmt.Sprintf("%s-%s",keyID,keySecret)`
`143`		`-keySecretHashed:=sha256.Sum256([]byte(keySecret))`
`144`	`143`	`apiKey:= database.APIKey{`
`145`	`144`	`ID:keyID,`
`146`	`145`	`LifetimeSeconds:86400,// default in db`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitc3eb94d

File tree

8 files changed

8 files changed

`‎coderd/apikey/apikey.go‎`

`‎coderd/database/dbgen/dbgen.go‎`

`‎coderd/httpmw/apikey_test.go‎`

`‎coderd/httpmw/authorize_test.go‎`

`‎coderd/httpmw/workspaceparam_test.go‎`

`‎coderd/provisionerkey/provisionerkey.go‎`

`‎enterprise/coderd/workspaceproxy.go‎`

`‎enterprise/x/aibridgedserver/aibridgedserver_test.go‎`

0 commit comments