NotificationsYou must be signed in to change notification settings
Fork1k
Star11.1k

Commitfe28e42

committed

chore: Rename AppSigningKey to AppSecurityKey

1 parenta933d6d commitfe28e42Copy full SHA for fe28e42

File tree

14 files changed

+84

-74

lines changed

cli
- server.go
coderd
- coderd.go
- coderdtest
  - coderdtest.go
- database
  - dbauthz
    - querier.go
  - dbfake
    - databasefake.go
  - querier.go
  - queries.sql.go
  - queries
    - siteconfig.sql
- workspaceapps.go
- workspaceapps

14 files changed

+84

-74

lines changed

`‎cli/server.go‎`

Lines changed: 7 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -781,7 +781,7 @@ func (r RootCmd) Server(newAPI func(context.Context, coderd.Options) (*coderd.`
`781`	`781`	`// Read the app signing key from the DB. We store it hex encoded`
`782`	`782`	`// since the config table uses strings for the value and we`
`783`	`783`	`// don't want to deal with automatic encoding issues.`
`784`		`-appSigningKeyStr,err:=tx.GetAppSigningKey(ctx)`
	`784`	`+appSecurityKeyStr,err:=tx.GetAppSecurityKey(ctx)`
`785`	`785`	`iferr!=nil&&!xerrors.Is(err,sql.ErrNoRows) {`
`786`	`786`	`returnxerrors.Errorf("get app signing key: %w",err)`
`787`	`787`	`}`
`@@ -794,26 +794,26 @@ func (r RootCmd) Server(newAPI func(context.Context, coderd.Options) (*coderd.`
`794`	`794`	`// generated automatically on failure. Any workspace app token`
`795`	`795`	`// smuggling operations in progress may fail, although with a`
`796`	`796`	`// helpful error.`
`797`		`-ifdecoded,err:=hex.DecodeString(appSigningKeyStr);err!=nil\|\|len(decoded)!=len(workspaceapps.SigningKey{}) {`
`798`		`-b:=make([]byte,len(workspaceapps.SigningKey{}))`
	`797`	`+ifdecoded,err:=hex.DecodeString(appSecurityKeyStr);err!=nil\|\|len(decoded)!=len(workspaceapps.SecurityKey{}) {`
	`798`	`+b:=make([]byte,len(workspaceapps.SecurityKey{}))`
`799`	`799`	`_,err:=rand.Read(b)`
`800`	`800`	`iferr!=nil {`
`801`	`801`	`returnxerrors.Errorf("generate fresh app signing key: %w",err)`
`802`	`802`	`}`
`803`	`803`
`804`		`-appSigningKeyStr=hex.EncodeToString(b)`
`805`		`-err=tx.UpsertAppSigningKey(ctx,appSigningKeyStr)`
	`804`	`+appSecurityKeyStr=hex.EncodeToString(b)`
	`805`	`+err=tx.UpsertAppSecurityKey(ctx,appSecurityKeyStr)`
`806`	`806`	`iferr!=nil {`
`807`	`807`	`returnxerrors.Errorf("insert freshly generated app signing key to database: %w",err)`
`808`	`808`	`}`
`809`	`809`	`}`
`810`	`810`
`811`		`-appSigningKey,err:=workspaceapps.KeyFromString(appSigningKeyStr)`
	`811`	`+appSecurityKey,err:=workspaceapps.KeyFromString(appSecurityKeyStr)`
`812`	`812`	`iferr!=nil {`
`813`	`813`	`returnxerrors.Errorf("decode app signing key from database: %w",err)`
`814`	`814`	`}`
`815`	`815`
`816`		`-options.AppSigningKey=appSigningKey`
	`816`	`+options.AppSecurityKey=appSecurityKey`
`817`	`817`	`returnnil`
`818`	`818`	`},nil)`
`819`	`819`	`iferr!=nil {`

`‎coderd/coderd.go‎`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -123,9 +123,9 @@ type Options struct {`
`123`	`123`	`SwaggerEndpointbool`
`124`	`124`	`SetUserGroupsfunc(ctx context.Context,tx database.Store,userID uuid.UUID,groupNames []string)error`
`125`	`125`	`TemplateScheduleStore schedule.TemplateScheduleStore`
`126`		`-//AppSigningKey denotes thesymmetric key touse for signing temporary app`
`127`		`-//tokens.`
`128`		`-AppSigningKeyworkspaceapps.SigningKey`
	`126`	`+//AppSecurityKey is thecrypto keyusedtosign and encrypt tokens related to`
	`127`	`+//workspace applications. It consists of both a signing and encryption key.`
	`128`	`+AppSecurityKey workspaceapps.SecurityKey`
`129`	`129`	`HealthcheckFuncfunc(ctx context.Context) (*healthcheck.Report,error)`
`130`	`130`	`HealthcheckTimeout time.Duration`
`131`	`131`	`HealthcheckRefresh time.Duration`
`@@ -302,7 +302,7 @@ func New(options Options) API {`
`302`	`302`	`options.DeploymentValues,`
`303`	`303`	`oauthConfigs,`
`304`	`304`	`options.AgentInactiveDisconnectTimeout,`
`305`		`-options.AppSigningKey,`
	`305`	`+options.AppSecurityKey,`
`306`	`306`	`),`
`307`	`307`	`metricsCache:metricsCache,`
`308`	`308`	`Auditor: atomic.Pointer[audit.Auditor]{},`
`@@ -340,7 +340,7 @@ func New(options Options) API {`
`340`	`340`
`341`	`341`	`SignedTokenProvider:api.WorkspaceAppsProvider,`
`342`	`342`	`WorkspaceConnCache:api.workspaceAgentCache,`
`343`		`-AppSigningKey:options.AppSigningKey,`
	`343`	`+AppSecurityKey:options.AppSecurityKey,`
`344`	`344`	`}`
`345`	`345`
`346`	`346`	`apiKeyMiddleware:=httpmw.ExtractAPIKeyMW(httpmw.ExtractAPIKeyConfig{`

`‎coderd/coderdtest/coderdtest.go‎`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -80,9 +80,9 @@ import (`
`80`	`80`	`"github.com/coder/coder/testutil"`
`81`	`81`	`)`
`82`	`82`
`83`		`-//AppSigningKey is a64-byte key used to sign JWTs and encrypt JWEs for`
	`83`	`+//AppSecurityKey is a96-byte key used to sign JWTs and encrypt JWEs for`
`84`	`84`	`// workspace app tokens in tests.`
`85`		`-varAppSigningKey=must(workspaceapps.KeyFromString("6465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e2077617320686572"))`
	`85`	`+varAppSecurityKey=must(workspaceapps.KeyFromString("6465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e2077617320686572"))`
`86`	`86`
`87`	`87`	`typeOptionsstruct {`
`88`	`88`	`// AccessURL denotes a custom access URL. By default we use the httptest`
`@@ -338,7 +338,7 @@ func NewOptions(t testing.T, options Options) (func(http.Handler), context.Can`
`338`	`338`	`DeploymentValues:options.DeploymentValues,`
`339`	`339`	`UpdateCheckOptions:options.UpdateCheckOptions,`
`340`	`340`	`SwaggerEndpoint:options.SwaggerEndpoint,`
`341`		`-AppSigningKey:AppSigningKey,`
	`341`	`+AppSecurityKey:AppSecurityKey,`
`342`	`342`	`SSHConfig:options.ConfigSSH,`
`343`	`343`	`HealthcheckFunc:options.HealthcheckFunc,`
`344`	`344`	`HealthcheckTimeout:options.HealthcheckTimeout,`

`‎coderd/database/dbauthz/querier.go‎`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -379,14 +379,14 @@ func (q *querier) GetLogoURL(ctx context.Context) (string, error) {`
`379`	`379`	`returnq.db.GetLogoURL(ctx)`
`380`	`380`	`}`
`381`	`381`
`382`		`-func (q*querier)GetAppSigningKey(ctx context.Context) (string,error) {`
	`382`	`+func (q*querier)GetAppSecurityKey(ctx context.Context) (string,error) {`
`383`	`383`	`// No authz checks`
`384`		`-returnq.db.GetAppSigningKey(ctx)`
	`384`	`+returnq.db.GetAppSecurityKey(ctx)`
`385`	`385`	`}`
`386`	`386`
`387`		`-func (q*querier)UpsertAppSigningKey(ctx context.Context,datastring)error {`
	`387`	`+func (q*querier)UpsertAppSecurityKey(ctx context.Context,datastring)error {`
`388`	`388`	`// No authz checks as this is done during startup`
`389`		`-returnq.db.UpsertAppSigningKey(ctx,data)`
	`389`	`+returnq.db.UpsertAppSecurityKey(ctx,data)`
`390`	`390`	`}`
`391`	`391`
`392`	`392`	`func (q*querier)GetServiceBanner(ctx context.Context) (string,error) {`

`‎coderd/database/dbfake/databasefake.go‎`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -141,7 +141,7 @@ type data struct {`
`141`	`141`	`lastUpdateCheck []byte`
`142`	`142`	`serviceBanner []byte`
`143`	`143`	`logoURLstring`
`144`		`-appSigningKeystring`
	`144`	`+appSecurityKeystring`
`145`	`145`	`lastLicenseIDint32`
`146`	`146`	`}`
`147`	`147`
`@@ -4444,18 +4444,18 @@ func (q *fakeQuerier) GetLogoURL(_ context.Context) (string, error) {`
`4444`	`4444`	`returnq.logoURL,nil`
`4445`	`4445`	`}`
`4446`	`4446`
`4447`		`-func (q*fakeQuerier)GetAppSigningKey(_ context.Context) (string,error) {`
	`4447`	`+func (q*fakeQuerier)GetAppSecurityKey(_ context.Context) (string,error) {`
`4448`	`4448`	`q.mutex.RLock()`
`4449`	`4449`	`deferq.mutex.RUnlock()`
`4450`	`4450`
`4451`		`-returnq.appSigningKey,nil`
	`4451`	`+returnq.appSecurityKey,nil`
`4452`	`4452`	`}`
`4453`	`4453`
`4454`		`-func (q*fakeQuerier)UpsertAppSigningKey(_ context.Context,datastring)error {`
	`4454`	`+func (q*fakeQuerier)UpsertAppSecurityKey(_ context.Context,datastring)error {`
`4455`	`4455`	`q.mutex.Lock()`
`4456`	`4456`	`deferq.mutex.Unlock()`
`4457`	`4457`
`4458`		`-q.appSigningKey=data`
	`4458`	`+q.appSecurityKey=data`
`4459`	`4459`	`returnnil`
`4460`	`4460`	`}`
`4461`	`4461`

`‎coderd/database/querier.go‎`

Lines changed: 2 additions & 2 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries.sql.go‎`

Lines changed: 6 additions & 6 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/database/queries/siteconfig.sql‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -31,9 +31,9 @@ ON CONFLICT (key) DO UPDATE SET value = $1 WHERE site_configs.key = 'logo_url';`
`31`	`31`	`-- name: GetLogoURL :one`
`32`	`32`	`SELECT valueFROM site_configsWHERE key='logo_url';`
`33`	`33`
`34`		`--- name:GetAppSigningKey :one`
	`34`	`+-- name:GetAppSecurityKey :one`
`35`	`35`	`SELECT valueFROM site_configsWHERE key='app_signing_key';`
`36`	`36`
`37`		`--- name:UpsertAppSigningKey :exec`
	`37`	`+-- name:UpsertAppSecurityKey :exec`
`38`	`38`	`INSERT INTO site_configs (key, value)VALUES ('app_signing_key', $1)`
`39`	`39`	`ON CONFLICT (key) DOUPDATEset value= $1WHEREsite_configs.key='app_signing_key';`

`‎coderd/workspaceapps.go‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -123,7 +123,7 @@ func (api API) workspaceApplicationAuth(rw http.ResponseWriter, r http.Request`
`123`	`123`	`}`
`124`	`124`
`125`	`125`	`// Encrypt the API key.`
`126`		`-encryptedAPIKey,err:=api.AppSigningKey.EncryptAPIKey(workspaceapps.EncryptedAPIKeyPayload{`
	`126`	`+encryptedAPIKey,err:=api.AppSecurityKey.EncryptAPIKey(workspaceapps.EncryptedAPIKeyPayload{`
`127`	`127`	`APIKey:cookie.Value,`
`128`	`128`	`})`
`129`	`129`	`iferr!=nil {`

`‎coderd/workspaceapps/db.go‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -32,12 +32,12 @@ type DBTokenProvider struct {`
`32`	`32`	`DeploymentValues*codersdk.DeploymentValues`
`33`	`33`	`OAuth2Configs*httpmw.OAuth2Configs`
`34`	`34`	`WorkspaceAgentInactiveTimeout time.Duration`
`35`		`-SigningKeySigningKey`
	`35`	`+SigningKeySecurityKey`
`36`	`36`	`}`
`37`	`37`
`38`	`38`	`var_SignedTokenProvider=&DBTokenProvider{}`
`39`	`39`
`40`		`-funcNewDBTokenProvider(log slog.Logger,accessURLurl.URL,authz rbac.Authorizer,db database.Store,cfgcodersdk.DeploymentValues,oauth2Cfgs*httpmw.OAuth2Configs,workspaceAgentInactiveTimeout time.Duration,signingKeySigningKey)SignedTokenProvider {`
	`40`	`+funcNewDBTokenProvider(log slog.Logger,accessURLurl.URL,authz rbac.Authorizer,db database.Store,cfgcodersdk.DeploymentValues,oauth2Cfgs*httpmw.OAuth2Configs,workspaceAgentInactiveTimeout time.Duration,signingKeySecurityKey)SignedTokenProvider {`
`41`	`41`	`ifworkspaceAgentInactiveTimeout==0 {`
`42`	`42`	`workspaceAgentInactiveTimeout=1*time.Minute`
`43`	`43`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitfe28e42

File tree

14 files changed

14 files changed

`‎cli/server.go‎`

`‎coderd/coderd.go‎`

`‎coderd/coderdtest/coderdtest.go‎`

`‎coderd/database/dbauthz/querier.go‎`

`‎coderd/database/dbfake/databasefake.go‎`

`‎coderd/database/querier.go‎`

`‎coderd/database/queries.sql.go‎`

`‎coderd/database/queries/siteconfig.sql‎`

`‎coderd/workspaceapps.go‎`

`‎coderd/workspaceapps/db.go‎`

0 commit comments