coder/coderPublic

NotificationsYou must be signed in to change notification settings
Fork1k
Star11.2k

Commiteb66cc9

deansheather

and

Emyrk

authored

chore: move app proxying code to workspaceapps pkg (#6998)

* chore: move app proxying code to workspaceapps pkgMoves path-app, subdomain-app and reconnecting PTY proxying to the newworkspaceapps.WorkspaceAppServer struct. This is in preparation forexternal workspace proxies.Updates app logout flow to avoid redirecting to coder-logout.${app_host}on logout. Instead, all subdomain app tokens owned by the logging-outuser will be deleted every time you logout for simplicity sake.Tests will remain in their original package, pending being moved to anapptest package (or similar).Co-authored-by: Steven Masley <stevenmasley@coder.com>

1 parent0069831 commiteb66cc9Copy full SHA for eb66cc9

File tree

28 files changed

+1236

-1334

lines changed

cli
- server.go
- server_test.go
coderd
- coderd.go
- coderdtest
  - coderdtest.go
- database
  - dbauthz
    - querier.go
  - dbfake
    - databasefake.go
  - dbgen
    - generator.go
  - querier.go
  - queries.sql.go
  - queries
    - apikeys.sql
    - siteconfig.sql
- userauth.go
- userauth_test.go
- workspaceagents.go
- workspaceapps.go
- workspaceapps_internal_test.go
- workspaceapps_test.go
- workspaceapps
go.mod
go.sum
site/src/xServices/auth
- authXService.ts

28 files changed

+1236

-1334

lines changed

`‎cli/server.go‎`

Lines changed: 21 additions & 15 deletions

Original file line number	Diff line number	Diff line change
`@@ -78,6 +78,7 @@ import (`
`78`	`78`	`"github.com/coder/coder/coderd/tracing"`
`79`	`79`	`"github.com/coder/coder/coderd/updatecheck"`
`80`	`80`	`"github.com/coder/coder/coderd/util/slice"`
	`81`	`+"github.com/coder/coder/coderd/workspaceapps"`
`81`	`82`	`"github.com/coder/coder/codersdk"`
`82`	`83`	`"github.com/coder/coder/cryptorand"`
`83`	`84`	`"github.com/coder/coder/provisioner/echo"`
`@@ -781,37 +782,42 @@ func (r RootCmd) Server(newAPI func(context.Context, coderd.Options) (*coderd.`
`781`	`782`	`}`
`782`	`783`	`}`
`783`	`784`
`784`		`-// Read the app signing key from the DB. We store it hex`
`785`		`-//encodedsince the config table uses strings for the value and`
`786`		`-//wedon't want to deal with automatic encoding issues.`
`787`		`-appSigningKeyStr,err:=tx.GetAppSigningKey(ctx)`
	`785`	`+// Read the app signing key from the DB. We store it hex encoded`
	`786`	`+// since the config table uses strings for the value and we`
	`787`	`+// don't want to deal with automatic encoding issues.`
	`788`	`+appSecurityKeyStr,err:=tx.GetAppSecurityKey(ctx)`
`788`	`789`	`iferr!=nil&&!xerrors.Is(err,sql.ErrNoRows) {`
`789`	`790`	`returnxerrors.Errorf("get app signing key: %w",err)`
`790`	`791`	`}`
`791`		`-ifappSigningKeyStr=="" {`
`792`		`-// Generate 64 byte secure random string.`
`793`		`-b:=make([]byte,64)`
	`792`	`+// If the string in the DB is an invalid hex string or the`
	`793`	`+// length is not equal to the current key length, generate a new`
	`794`	`+// one.`
	`795`	`+//`
	`796`	`+// If the key is regenerated, old signed tokens and encrypted`
	`797`	`+// strings will become invalid. New signed app tokens will be`
	`798`	`+// generated automatically on failure. Any workspace app token`
	`799`	`+// smuggling operations in progress may fail, although with a`
	`800`	`+// helpful error.`
	`801`	`+ifdecoded,err:=hex.DecodeString(appSecurityKeyStr);err!=nil\|\|len(decoded)!=len(workspaceapps.SecurityKey{}) {`
	`802`	`+b:=make([]byte,len(workspaceapps.SecurityKey{}))`
`794`	`803`	`_,err:=rand.Read(b)`
`795`	`804`	`iferr!=nil {`
`796`	`805`	`returnxerrors.Errorf("generate fresh app signing key: %w",err)`
`797`	`806`	`}`
`798`	`807`
`799`		`-appSigningKeyStr=hex.EncodeToString(b)`
`800`		`-err=tx.InsertAppSigningKey(ctx,appSigningKeyStr)`
	`808`	`+appSecurityKeyStr=hex.EncodeToString(b)`
	`809`	`+err=tx.UpsertAppSecurityKey(ctx,appSecurityKeyStr)`
`801`	`810`	`iferr!=nil {`
`802`	`811`	`returnxerrors.Errorf("insert freshly generated app signing key to database: %w",err)`
`803`	`812`	`}`
`804`	`813`	`}`
`805`	`814`
`806`		`-appSigningKey,err:=hex.DecodeString(appSigningKeyStr)`
	`815`	`+appSecurityKey,err:=workspaceapps.KeyFromString(appSecurityKeyStr)`
`807`	`816`	`iferr!=nil {`
`808`		`-returnxerrors.Errorf("decode app signing key from database as hex: %w",err)`
`809`		`-}`
`810`		`-iflen(appSigningKey)!=64 {`
`811`		`-returnxerrors.Errorf("app signing key must be 64 bytes, key in database is %d bytes",len(appSigningKey))`
	`817`	`+returnxerrors.Errorf("decode app signing key from database: %w",err)`
`812`	`818`	`}`
`813`	`819`
`814`		`-options.AppSigningKey=appSigningKey`
	`820`	`+options.AppSecurityKey=appSecurityKey`
`815`	`821`	`returnnil`
`816`	`822`	`},nil)`
`817`	`823`	`iferr!=nil {`

`‎cli/server_test.go‎`

Lines changed: 10 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -668,8 +668,7 @@ func TestServer(t *testing.T) {`
`668`	`668`	`ifc.tlsListener {`
`669`	`669`	`accessURLParsed,err:=url.Parse(c.requestURL)`
`670`	`670`	`require.NoError(t,err)`
`671`		`-client:=codersdk.New(accessURLParsed)`
`672`		`-client.HTTPClient=&http.Client{`
	`671`	`+client:=&http.Client{`
`673`	`672`	`CheckRedirect:func(reqhttp.Request,via []http.Request)error {`
`674`	`673`	`returnhttp.ErrUseLastResponse`
`675`	`674`	`},`
`@@ -682,11 +681,15 @@ func TestServer(t *testing.T) {`
`682`	`681`	`},`
`683`	`682`	`},`
`684`	`683`	`}`
`685`		`-deferclient.HTTPClient.CloseIdleConnections()`
`686`		`-_,err=client.HasFirstUser(ctx)`
`687`		`-iferr!=nil {`
`688`		`-require.ErrorContains(t,err,"Invalid application URL")`
`689`		`-}`
	`684`	`+deferclient.CloseIdleConnections()`
	`685`	`+`
	`686`	`+req,err:=http.NewRequestWithContext(ctx,http.MethodGet,accessURLParsed.String(),nil)`
	`687`	`+require.NoError(t,err)`
	`688`	`+resp,err:=client.Do(req)`
	`689`	`+// We don't care much about the response, just that TLS`
	`690`	`+// worked.`
	`691`	`+require.NoError(t,err)`
	`692`	`+deferresp.Body.Close()`
`690`	`693`	`}`
`691`	`694`	`})`
`692`	`695`	`}`

`‎coderd/coderd.go‎`

Lines changed: 32 additions & 24 deletions

Original file line number	Diff line number	Diff line change
`@@ -123,9 +123,9 @@ type Options struct {`
`123`	`123`	`SwaggerEndpointbool`
`124`	`124`	`SetUserGroupsfunc(ctx context.Context,tx database.Store,userID uuid.UUID,groupNames []string)error`
`125`	`125`	`TemplateScheduleStore*atomic.Pointer[schedule.TemplateScheduleStore]`
`126`		`-//AppSigningKey denotes thesymmetric key touse for signing temporary app`
`127`		`-//tokens. The key must be 64 bytes long.`
`128`		`-AppSigningKey []byte`
	`126`	`+//AppSecurityKey is thecrypto keyusedtosign and encrypt tokens related to`
	`127`	`+//workspace applications. It consists of both a signing and encryption key.`
	`128`	`+AppSecurityKeyworkspaceapps.SecurityKey`
`129`	`129`	`HealthcheckFuncfunc(ctx context.Context) (*healthcheck.Report,error)`
`130`	`130`	`HealthcheckTimeout time.Duration`
`131`	`131`	`HealthcheckRefresh time.Duration`
`@@ -241,9 +241,6 @@ func New(options Options) API {`
`241`	`241`	`v:=schedule.NewAGPLTemplateScheduleStore()`
`242`	`242`	`options.TemplateScheduleStore.Store(&v)`
`243`	`243`	`}`
`244`		`-iflen(options.AppSigningKey)!=64 {`
`245`		`-panic("coderd: AppSigningKey must be 64 bytes long")`
`246`		`-}`
`247`	`244`	`ifoptions.HealthcheckFunc==nil {`
`248`	`245`	`options.HealthcheckFunc=func(ctx context.Context) (*healthcheck.Report,error) {`
`249`	`246`	`returnhealthcheck.Run(ctx,&healthcheck.ReportOptions{`
`@@ -309,7 +306,7 @@ func New(options Options) API {`
`309`	`306`	`options.DeploymentValues,`
`310`	`307`	`oauthConfigs,`
`311`	`308`	`options.AgentInactiveDisconnectTimeout,`
`312`		`-options.AppSigningKey,`
	`309`	`+options.AppSecurityKey,`
`313`	`310`	`),`
`314`	`311`	`metricsCache:metricsCache,`
`315`	`312`	`Auditor: atomic.Pointer[audit.Auditor]{},`
`@@ -334,6 +331,21 @@ func New(options Options) API {`
`334`	`331`	`api.workspaceAgentCache=wsconncache.New(api.dialWorkspaceAgentTailnet,0)`
`335`	`332`	`api.TailnetCoordinator.Store(&options.TailnetCoordinator)`
`336`	`333`
	`334`	`+api.workspaceAppServer=&workspaceapps.Server{`
	`335`	`+Logger:options.Logger.Named("workspaceapps"),`
	`336`	`+`
	`337`	`+DashboardURL:api.AccessURL,`
	`338`	`+AccessURL:api.AccessURL,`
	`339`	`+Hostname:api.AppHostname,`
	`340`	`+HostnameRegex:api.AppHostnameRegex,`
	`341`	`+DeploymentValues:options.DeploymentValues,`
	`342`	`+RealIPConfig:options.RealIPConfig,`
	`343`	`+`
	`344`	`+SignedTokenProvider:api.WorkspaceAppsProvider,`
	`345`	`+WorkspaceConnCache:api.workspaceAgentCache,`
	`346`	`+AppSecurityKey:options.AppSecurityKey,`
	`347`	`+}`
	`348`	`+`
`337`	`349`	`apiKeyMiddleware:=httpmw.ExtractAPIKeyMW(httpmw.ExtractAPIKeyConfig{`
`338`	`350`	`DB:options.Database,`
`339`	`351`	`OAuth2Configs:oauthConfigs,`
`@@ -366,11 +378,12 @@ func New(options Options) API {`
`366`	`378`	`httpmw.ExtractRealIP(api.RealIPConfig),`
`367`	`379`	`httpmw.Logger(api.Logger),`
`368`	`380`	`httpmw.Prometheus(options.PrometheusRegistry),`
`369`		`-//handleSubdomainApplications checks if the first subdomain is a valid`
`370`		`-//app URL. Ifit is, it will serve that application.`
	`381`	`+//SubdomainAppMW checks if the first subdomain is a valid app URL. If`
	`382`	`+// it is, it will serve that application.`
`371`	`383`	`//`
`372`		`-// Workspace apps do their own auth.`
`373`		`-api.handleSubdomainApplications(apiRateLimiter),`
	`384`	`+// Workspace apps do their own auth and must be BEFORE the auth`
	`385`	`+// middleware.`
	`386`	`+api.workspaceAppServer.SubdomainAppMW(apiRateLimiter),`
`374`	`387`	`// Build-Version is helpful for debugging.`
`375`	`388`	`func(next http.Handler) http.Handler {`
`376`	`389`	`returnhttp.HandlerFunc(func(w http.ResponseWriter,r*http.Request) {`
`@@ -393,16 +406,12 @@ func New(options Options) API {`
`393`	`406`
`394`	`407`	`r.Get("/healthz",func(w http.ResponseWriter,r*http.Request) {_,_=w.Write([]byte("OK")) })`
`395`	`408`
`396`		`-apps:=func(r chi.Router) {`
`397`		`-// Workspace apps do their own auth.`
	`409`	`+// Attach workspace apps routes.`
	`410`	`+r.Group(func(r chi.Router) {`
`398`	`411`	`r.Use(apiRateLimiter)`
`399`		`-r.HandleFunc("/*",api.workspaceAppsProxyPath)`
`400`		`-}`
`401`		`-// %40 is the encoded character of the @ symbol. VS Code Web does`
`402`		`-// not handle character encoding properly, so it's safe to assume`
`403`		`-// other applications might not as well.`
`404`		`-r.Route("/%40{user}/{workspace_and_agent}/apps/{workspaceapp}",apps)`
`405`		`-r.Route("/@{user}/{workspace_and_agent}/apps/{workspaceapp}",apps)`
	`412`	`+api.workspaceAppServer.Attach(r)`
	`413`	`+})`
	`414`	`+`
`406`	`415`	`r.Route("/derp",func(r chi.Router) {`
`407`	`416`	`r.Get("/",derpHandler.ServeHTTP)`
`408`	`417`	`// This is used when UDP is blocked, and latency must be checked via HTTP(s).`
`@@ -644,9 +653,6 @@ func New(options Options) API {`
`644`	`653`	`r.Post("/report-lifecycle",api.workspaceAgentReportLifecycle)`
`645`	`654`	`r.Post("/metadata/{key}",api.workspaceAgentPostMetadata)`
`646`	`655`	`})`
`647`		`-// No middleware on the PTY endpoint since it uses workspace`
`648`		`-// application auth and signed app tokens.`
`649`		`-r.Get("/{workspaceagent}/pty",api.workspaceAgentPTY)`
`650`	`656`	`r.Route("/{workspaceagent}",func(r chi.Router) {`
`651`	`657`	`r.Use(`
`652`	`658`	`apiKeyMiddleware,`
`@@ -655,11 +661,12 @@ func New(options Options) API {`
`655`	`661`	`)`
`656`	`662`	`r.Get("/",api.workspaceAgent)`
`657`	`663`	`r.Get("/watch-metadata",api.watchWorkspaceAgentMetadata)`
`658`		`-r.Get("/pty",api.workspaceAgentPTY)`
`659`	`664`	`r.Get("/startup-logs",api.workspaceAgentStartupLogs)`
`660`	`665`	`r.Get("/listening-ports",api.workspaceAgentListeningPorts)`
`661`	`666`	`r.Get("/connection",api.workspaceAgentConnection)`
`662`	`667`	`r.Get("/coordinate",api.workspaceAgentClientCoordinate)`
	`668`	`+`
	`669`	`+// PTY is part of workspaceAppServer.`
`663`	`670`	`})`
`664`	`671`	`})`
`665`	`672`	`r.Route("/workspaces",func(r chi.Router) {`
`@@ -792,6 +799,7 @@ type API struct {`
`792`	`799`	`workspaceAgentCache*wsconncache.Cache`
`793`	`800`	`updateChecker*updatecheck.Checker`
`794`	`801`	`WorkspaceAppsProvider workspaceapps.SignedTokenProvider`
	`802`	`+workspaceAppServer*workspaceapps.Server`
`795`	`803`
`796`	`804`	`// Experiments contains the list of experiments currently enabled.`
`797`	`805`	`// This is used to gate features that are not yet ready for production.`

`‎coderd/coderdtest/coderdtest.go‎`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,6 @@ import (`
`11`	`11`	`"crypto/x509"`
`12`	`12`	`"crypto/x509/pkix"`
`13`	`13`	`"encoding/base64"`
`14`		`-"encoding/hex"`
`15`	`14`	`"encoding/json"`
`16`	`15`	`"encoding/pem"`
`17`	`16`	`"errors"`
`@@ -69,6 +68,7 @@ import (`
`69`	`68`	`"github.com/coder/coder/coderd/telemetry"`
`70`	`69`	`"github.com/coder/coder/coderd/updatecheck"`
`71`	`70`	`"github.com/coder/coder/coderd/util/ptr"`
	`71`	`+"github.com/coder/coder/coderd/workspaceapps"`
`72`	`72`	`"github.com/coder/coder/codersdk"`
`73`	`73`	`"github.com/coder/coder/codersdk/agentsdk"`
`74`	`74`	`"github.com/coder/coder/cryptorand"`
`@@ -81,9 +81,9 @@ import (`
`81`	`81`	`"github.com/coder/coder/testutil"`
`82`	`82`	`)`
`83`	`83`
`84`		`-//AppSigningKey is a64-byte key used to sign JWTsfor workspace app tokens in`
`85`		`-// tests.`
`86`		`-varAppSigningKey=must(hex.DecodeString("64656164626565666465616462656566646561646265656664656164626565666465616462656566646561646265656664656164626565666465616462656566"))`
	`84`	`+//AppSecurityKey is a96-byte key used to sign JWTsand encrypt JWEs for`
	`85`	`+//workspace app tokens intests.`
	`86`	`+varAppSecurityKey=must(workspaceapps.KeyFromString("6465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e2077617320686572"))`
`87`	`87`
`88`	`88`	`typeOptionsstruct {`
`89`	`89`	`// AccessURL denotes a custom access URL. By default we use the httptest`
`@@ -346,7 +346,7 @@ func NewOptions(t testing.T, options Options) (func(http.Handler), context.Can`
`346`	`346`	`DeploymentValues:options.DeploymentValues,`
`347`	`347`	`UpdateCheckOptions:options.UpdateCheckOptions,`
`348`	`348`	`SwaggerEndpoint:options.SwaggerEndpoint,`
`349`		`-AppSigningKey:AppSigningKey,`
	`349`	`+AppSecurityKey:AppSecurityKey,`
`350`	`350`	`SSHConfig:options.ConfigSSH,`
`351`	`351`	`HealthcheckFunc:options.HealthcheckFunc,`
`352`	`352`	`HealthcheckTimeout:options.HealthcheckTimeout,`

`‎coderd/database/dbauthz/querier.go‎`

Lines changed: 14 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -379,14 +379,14 @@ func (q *querier) GetLogoURL(ctx context.Context) (string, error) {`
`379`	`379`	`returnq.db.GetLogoURL(ctx)`
`380`	`380`	`}`
`381`	`381`
`382`		`-func (q*querier)GetAppSigningKey(ctx context.Context) (string,error) {`
	`382`	`+func (q*querier)GetAppSecurityKey(ctx context.Context) (string,error) {`
`383`	`383`	`// No authz checks`
`384`		`-returnq.db.GetAppSigningKey(ctx)`
	`384`	`+returnq.db.GetAppSecurityKey(ctx)`
`385`	`385`	`}`
`386`	`386`
`387`		`-func (q*querier)InsertAppSigningKey(ctx context.Context,datastring)error {`
	`387`	`+func (q*querier)UpsertAppSecurityKey(ctx context.Context,datastring)error {`
`388`	`388`	`// No authz checks as this is done during startup`
`389`		`-returnq.db.InsertAppSigningKey(ctx,data)`
	`389`	`+returnq.db.UpsertAppSecurityKey(ctx,data)`
`390`	`390`	`}`
`391`	`391`
`392`	`392`	`func (q*querier)GetServiceBanner(ctx context.Context) (string,error) {`
`@@ -994,6 +994,16 @@ func (q *querier) GetTemplateUserRoles(ctx context.Context, id uuid.UUID) ([]dat`
`994`	`994`	`returnq.db.GetTemplateUserRoles(ctx,id)`
`995`	`995`	`}`
`996`	`996`
	`997`	`+func (q*querier)DeleteApplicationConnectAPIKeysByUserID(ctx context.Context,userID uuid.UUID)error {`
	`998`	`+// TODO: This is not 100% correct because it omits apikey IDs.`
	`999`	`+err:=q.authorizeContext(ctx,rbac.ActionDelete,`
	`1000`	`+rbac.ResourceAPIKey.WithOwner(userID.String()))`
	`1001`	`+iferr!=nil {`
	`1002`	`+returnerr`
	`1003`	`+}`
	`1004`	`+returnq.db.DeleteApplicationConnectAPIKeysByUserID(ctx,userID)`
	`1005`	`+}`
	`1006`	`+`
`997`	`1007`	`func (q*querier)DeleteAPIKeysByUserID(ctx context.Context,userID uuid.UUID)error {`
`998`	`1008`	`// TODO: This is not 100% correct because it omits apikey IDs.`
`999`	`1009`	`err:=q.authorizeContext(ctx,rbac.ActionDelete,`

`‎coderd/database/dbfake/databasefake.go‎`

Lines changed: 18 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -143,7 +143,7 @@ type data struct {`
`143`	`143`	`lastUpdateCheck []byte`
`144`	`144`	`serviceBanner []byte`
`145`	`145`	`logoURLstring`
`146`		`-appSigningKeystring`
	`146`	`+appSecurityKeystring`
`147`	`147`	`lastLicenseIDint32`
`148`	`148`	`}`
`149`	`149`
`@@ -679,6 +679,19 @@ func (q *fakeQuerier) DeleteAPIKeyByID(_ context.Context, id string) error {`
`679`	`679`	`returnsql.ErrNoRows`
`680`	`680`	`}`
`681`	`681`
	`682`	`+func (q*fakeQuerier)DeleteApplicationConnectAPIKeysByUserID(_ context.Context,userID uuid.UUID)error {`
	`683`	`+q.mutex.Lock()`
	`684`	`+deferq.mutex.Unlock()`
	`685`	`+`
	`686`	`+fori:=len(q.apiKeys)-1;i>=0;i-- {`
	`687`	`+ifq.apiKeys[i].UserID==userID&&q.apiKeys[i].Scope==database.APIKeyScopeApplicationConnect {`
	`688`	`+q.apiKeys=append(q.apiKeys[:i],q.apiKeys[i+1:]...)`
	`689`	`+}`
	`690`	`+}`
	`691`	`+`
	`692`	`+returnnil`
	`693`	`+}`
	`694`	`+`
`682`	`695`	`func (q*fakeQuerier)DeleteAPIKeysByUserID(_ context.Context,userID uuid.UUID)error {`
`683`	`696`	`q.mutex.Lock()`
`684`	`697`	`deferq.mutex.Unlock()`
`@@ -4463,18 +4476,18 @@ func (q *fakeQuerier) GetLogoURL(_ context.Context) (string, error) {`
`4463`	`4476`	`returnq.logoURL,nil`
`4464`	`4477`	`}`
`4465`	`4478`
`4466`		`-func (q*fakeQuerier)GetAppSigningKey(_ context.Context) (string,error) {`
	`4479`	`+func (q*fakeQuerier)GetAppSecurityKey(_ context.Context) (string,error) {`
`4467`	`4480`	`q.mutex.RLock()`
`4468`	`4481`	`deferq.mutex.RUnlock()`
`4469`	`4482`
`4470`		`-returnq.appSigningKey,nil`
	`4483`	`+returnq.appSecurityKey,nil`
`4471`	`4484`	`}`
`4472`	`4485`
`4473`		`-func (q*fakeQuerier)InsertAppSigningKey(_ context.Context,datastring)error {`
	`4486`	`+func (q*fakeQuerier)UpsertAppSecurityKey(_ context.Context,datastring)error {`
`4474`	`4487`	`q.mutex.Lock()`
`4475`	`4488`	`deferq.mutex.Unlock()`
`4476`	`4489`
`4477`		`-q.appSigningKey=data`
	`4490`	`+q.appSecurityKey=data`
`4478`	`4491`	`returnnil`
`4479`	`4492`	`}`
`4480`	`4493`

`‎coderd/database/dbgen/generator.go‎`

Lines changed: 12 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -77,12 +77,23 @@ func APIKey(t testing.TB, db database.Store, seed database.APIKey) (key database`
`77`	`77`	`secret,_:=cryptorand.String(22)`
`78`	`78`	`hashed:=sha256.Sum256([]byte(secret))`
`79`	`79`
	`80`	`+ip:=seed.IPAddress`
	`81`	`+if!ip.Valid {`
	`82`	`+ip= pqtype.Inet{`
	`83`	`+IPNet: net.IPNet{`
	`84`	`+IP:net.IPv4(127,0,0,1),`
	`85`	`+Mask:net.IPv4Mask(255,255,255,255),`
	`86`	`+},`
	`87`	`+Valid:true,`
	`88`	`+}`
	`89`	`+}`
	`90`	`+`
`80`	`91`	`key,err:=db.InsertAPIKey(context.Background(), database.InsertAPIKeyParams{`
`81`	`92`	`ID:takeFirst(seed.ID,id),`
`82`	`93`	`// 0 defaults to 86400 at the db layer`
`83`	`94`	`LifetimeSeconds:takeFirst(seed.LifetimeSeconds,0),`
`84`	`95`	`HashedSecret:takeFirstSlice(seed.HashedSecret,hashed[:]),`
`85`		`-IPAddress:pqtype.Inet{},`
	`96`	`+IPAddress:ip,`
`86`	`97`	`UserID:takeFirst(seed.UserID,uuid.New()),`
`87`	`98`	`LastUsed:takeFirst(seed.LastUsed,database.Now()),`
`88`	`99`	`ExpiresAt:takeFirst(seed.ExpiresAt,database.Now().Add(time.Hour)),`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commiteb66cc9

File tree

28 files changed

28 files changed

`‎cli/server.go‎`

`‎cli/server_test.go‎`

`‎coderd/coderd.go‎`

`‎coderd/coderdtest/coderdtest.go‎`

`‎coderd/database/dbauthz/querier.go‎`

`‎coderd/database/dbfake/databasefake.go‎`

`‎coderd/database/dbgen/generator.go‎`

0 commit comments