Mar 18, 2025 · Mar 3, 2025 · Mar 3, 2025 · Mar 3, 2025 · Mar 4, 2025 · Mar 4, 2025
diff --git a/coderd/audit.go b/coderd/audit.go
 _, _ = b.WriteString("{user} ")
 }

 if alog.AuditLog.StatusCode >= 400 {
 switch {
 case alog.AuditLog.StatusCode == int32(http.StatusSeeOther):
 _, _ = b.WriteString("was redirected attempting to ")
 _, _ = b.WriteString(string(alog.AuditLog.Action))
 case alog.AuditLog.StatusCode >= 400:
 _, _ = b.WriteString("unsuccessfully attempted to ")
 _, _ = b.WriteString(string(alog.AuditLog.Action))
 } else {
 default:
 _, _ = b.WriteString(codersdk.AuditAction(alog.AuditLog.Action).Friendly())
 }

diff --git a/coderd/audit/audit.go b/coderd/audit/audit.go
 t.Logf("audit log %d: expected UserID %s, got %s", idx+1, expected.UserID, al.UserID)
 continue
 }
 if expected.OrganizationID != uuid.Nil && al.UserID != expected.UserID {
 if expected.OrganizationID != uuid.Nil && al.OrganizationID != expected.OrganizationID {
 t.Logf("audit log %d: expected OrganizationID %s, got %s", idx+1, expected.OrganizationID, al.OrganizationID)
 continue
 }
diff --git a/coderd/audit/request.go b/coderd/audit/request.go
 Action         database.AuditAction
 OrganizationID uuid.UUID
 IP             string
 UserAgent      string
 // todo: this should automatically marshal an interface{} instead of accepting a raw message.
 AdditionalFields json.RawMessage

 action = req.Action
 }

 ip :=parseIP(p.Request.RemoteAddr)
 ip :=ParseIP(p.Request.RemoteAddr)
 auditLog := database.AuditLog{
 ID:               uuid.New(),
 Time:             dbtime.Now(),
 // BackgroundAudit creates an audit log for a background event.
 // The audit log is committed upon invocation.
 func BackgroundAudit[T Auditable](ctx context.Context, p *BackgroundAuditParams[T]) {
 ip :=parseIP(p.IP)
 ip :=ParseIP(p.IP)

 diff := Diff(p.Audit, p.Old, p.New)
 var err error
 UserID:           p.UserID,
 OrganizationID:   requireOrgID[T](ctx, p.OrganizationID, p.Log),
 Ip:               ip,
 UserAgent:        sql.NullString{},
 UserAgent:        sql.NullString{Valid: p.UserAgent != "", String: p.UserAgent},
 ResourceType:     either(p.Old, p.New, ResourceType[T], p.Action),
 ResourceID:       either(p.Old, p.New, ResourceID[T], p.Action),
 ResourceTarget:   either(p.Old, p.New, ResourceTarget[T], p.Action),
 panic("both old and new are nil")
 }

 funcparseIP(ipStr string) pqtype.Inet {
 funcParseIP(ipStr string) pqtype.Inet {
 ip := net.ParseIP(ipStr)
 ipNet := net.IPNet{}
 if ip != nil {
diff --git a/coderd/coderd.go b/coderd/coderd.go
 UpdateAgentMetrics func(ctx context.Context, labels prometheusmetrics.AgentMetricLabels, metrics []*agentproto.Stats_Metric)
 StatsBatcher       workspacestats.Batcher

 // WorkspaceAppAuditSessionTimeout allows changing the timeout for audit
 // sessions. Raising or lowering this value will directly affect the write
 // load of the audit log table. This is used for testing. Default 1 hour.
 WorkspaceAppAuditSessionTimeout    time.Duration
 WorkspaceAppsStatsCollectorOptions workspaceapps.StatsCollectorOptions

 // This janky function is used in telemetry to parse fields out of the raw
 Authorizer: options.Authorizer,
 Logger:     options.Logger,
 },
 WorkspaceAppsProvider: workspaceapps.NewDBTokenProvider(
 options.Logger.Named("workspaceapps"),
 options.AccessURL,
 options.Authorizer,
 options.Database,
 options.DeploymentValues,
 oauthConfigs,
 options.AgentInactiveDisconnectTimeout,
 options.AppSigningKeyCache,
 ),
 metricsCache:                metricsCache,
 Auditor:                     atomic.Pointer[audit.Auditor]{},
 TailnetCoordinator:          atomic.Pointer[tailnet.Coordinator]{},
 ),
 dbRolluper: options.DatabaseRolluper,
 }
 api.WorkspaceAppsProvider = workspaceapps.NewDBTokenProvider(
 options.Logger.Named("workspaceapps"),
 options.AccessURL,
 options.Authorizer,
 &api.Auditor,
 options.Database,
 options.DeploymentValues,
 oauthConfigs,
 options.AgentInactiveDisconnectTimeout,
 options.WorkspaceAppAuditSessionTimeout,
 options.AppSigningKeyCache,
 )

 f := appearance.NewDefaultFetcher(api.DeploymentValues.DocsURL.String())
 api.AppearanceFetcher.Store(&f)
diff --git a/coderd/database/dbauthz/dbauthz.go b/coderd/database/dbauthz/dbauthz.go
 return q.db.UpsertWorkspaceAgentPortShare(ctx, arg)
 }

 func (q *querier) UpsertWorkspaceAppAuditSession(ctx context.Context, arg database.UpsertWorkspaceAppAuditSessionParams) (time.Time, error) {
 if err := q.authorizeContext(ctx, policy.ActionUpdate, rbac.ResourceSystem); err != nil {
 return time.Time{}, err
 }
 return q.db.UpsertWorkspaceAppAuditSession(ctx, arg)
 }

 func (q *querier) GetAuthorizedTemplates(ctx context.Context, arg database.GetTemplatesWithFilterParams, _ rbac.PreparedAuthorized) ([]database.Template, error) {
 // TODO Delete this function, all GetTemplates should be authorized. For now just call getTemplates on the authz querier.
 return q.GetTemplatesWithFilter(ctx, arg)
diff --git a/coderd/database/dbauthz/dbauthz_test.go b/coderd/database/dbauthz/dbauthz_test.go
 s.Run("InsertWorkspaceAppStats", s.Subtest(func(db database.Store, check *expects) {
 check.Args(database.InsertWorkspaceAppStatsParams{}).Asserts(rbac.ResourceSystem, policy.ActionCreate)
 }))
 s.Run("UpsertWorkspaceAppAuditSession", s.Subtest(func(db database.Store, check *expects) {
 u := dbgen.User(s.T(), db, database.User{})
 pj := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{})
 res := dbgen.WorkspaceResource(s.T(), db, database.WorkspaceResource{JobID: pj.ID})
 agent := dbgen.WorkspaceAgent(s.T(), db, database.WorkspaceAgent{ResourceID: res.ID})
 app := dbgen.WorkspaceApp(s.T(), db, database.WorkspaceApp{AgentID: agent.ID})
 check.Args(database.UpsertWorkspaceAppAuditSessionParams{
 AgentID: agent.ID,
 AppID:   app.ID,
 UserID:  u.ID,
 Ip:      "127.0.0.1",
 }).Asserts(rbac.ResourceSystem, policy.ActionUpdate)
 }))
 s.Run("InsertWorkspaceAgentScriptTimings", s.Subtest(func(db database.Store, check *expects) {
 dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
 check.Args(database.InsertWorkspaceAgentScriptTimingsParams{
diff --git a/coderd/database/dbmem/dbmem.go b/coderd/database/dbmem/dbmem.go
 workspaceAgentLogs:        make([]database.WorkspaceAgentLog, 0),
 workspaceBuilds:           make([]database.WorkspaceBuild, 0),
 workspaceApps:             make([]database.WorkspaceApp, 0),
 workspaceAppAuditSessions: make([]database.WorkspaceAppAuditSession, 0),
 workspaces:                make([]database.WorkspaceTable, 0),
 workspaceProxies:          make([]database.WorkspaceProxy, 0),
 },
 workspaceAgentMemoryResourceMonitors []database.WorkspaceAgentMemoryResourceMonitor
 workspaceAgentVolumeResourceMonitors []database.WorkspaceAgentVolumeResourceMonitor
 workspaceApps                        []database.WorkspaceApp
 workspaceAppAuditSessions            []database.WorkspaceAppAuditSession
 workspaceAppStatsLastInsertID        int64
 workspaceAppStats                    []database.WorkspaceAppStat
 workspaceBuilds                      []database.WorkspaceBuild
 return psl, nil
 }

 func (q *FakeQuerier) UpsertWorkspaceAppAuditSession(_ context.Context, arg database.UpsertWorkspaceAppAuditSessionParams) (time.Time, error) {
 err := validateDatabaseType(arg)
 if err != nil {
 return time.Time{}, err
 }

 q.mutex.Lock()
 defer q.mutex.Unlock()

 for i, s := range q.workspaceAppAuditSessions {
 if s.AgentID != arg.AgentID {
 continue
 }
 if s.AppID != arg.AppID {
 continue
 }
 if s.UserID != arg.UserID {
 continue
 }
 if s.Ip != arg.Ip {
 continue
 }
 if s.UserAgent != arg.UserAgent {
 continue
 }
 if s.SlugOrPort != arg.SlugOrPort {
 continue
 }
 if s.StatusCode != arg.StatusCode {
 continue
 }

 staleTime := dbtime.Now().Add(-(time.Duration(arg.StaleIntervalMS) * time.Millisecond))
 fresh := s.UpdatedAt.After(staleTime)

 q.workspaceAppAuditSessions[i].UpdatedAt = arg.UpdatedAt
 if !fresh {
 q.workspaceAppAuditSessions[i].StartedAt = arg.StartedAt
 return arg.StartedAt, nil
 }
 return s.StartedAt, nil
 }

 q.workspaceAppAuditSessions = append(q.workspaceAppAuditSessions, database.WorkspaceAppAuditSession{
 AgentID:    arg.AgentID,
 AppID:      arg.AppID,
 UserID:     arg.UserID,
 Ip:         arg.Ip,
 UserAgent:  arg.UserAgent,
 SlugOrPort: arg.SlugOrPort,
 StatusCode: arg.StatusCode,
 StartedAt:  arg.StartedAt,
 UpdatedAt:  arg.UpdatedAt,
 })
 return arg.StartedAt, nil
 }

 func (q *FakeQuerier) GetAuthorizedTemplates(ctx context.Context, arg database.GetTemplatesWithFilterParams, prepared rbac.PreparedAuthorized) ([]database.Template, error) {
 if err := validateDatabaseType(arg); err != nil {
 return nil, err
diff --git a/coderd/database/dbmetrics/querymetrics.go b/coderd/database/dbmetrics/querymetrics.go
diff --git a/coderd/database/dbmock/dbmock.go b/coderd/database/dbmock/dbmock.go
diff --git a/coderd/database/dump.sql b/coderd/database/dump.sql
diff --git a/coderd/database/foreign_key_constraint.go b/coderd/database/foreign_key_constraint.go
diff --git a/coderd/database/migrations/000301_add_workspace_app_audit_sessions.down.sql b/coderd/database/migrations/000301_add_workspace_app_audit_sessions.down.sql
 DROP TABLE workspace_app_audit_sessions;
Original file line number	Diff line number	Diff line change
Expand Up		@@ -282,10 +282,14 @@ func auditLogDescription(alog database.GetAuditLogsOffsetRow) string {
		_, _ = b.WriteString("{user} ")
		}

		if alog.AuditLog.StatusCode >= 400 {
		switch {
		case alog.AuditLog.StatusCode == int32(http.StatusSeeOther):
		_, _ = b.WriteString("was redirected attempting to ")
		_, _ = b.WriteString(string(alog.AuditLog.Action))
		case alog.AuditLog.StatusCode >= 400:
		_, _ = b.WriteString("unsuccessfully attempted to ")
		_, _ = b.WriteString(string(alog.AuditLog.Action))
		} else {
		default:
Comment on lines +285 to +292 Copy link Member johnstcnMar 18, 2025 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. 👍
		_, _ = b.WriteString(codersdk.AuditAction(alog.AuditLog.Action).Friendly())
		}

Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -93,7 +93,7 @@ func (a *MockAuditor) Contains(t testing.TB, expected database.AuditLog) bool {
		t.Logf("audit log %d: expected UserID %s, got %s", idx+1, expected.UserID, al.UserID)
		continue
		}
		if expected.OrganizationID != uuid.Nil && al.UserID != expected.UserID {
		if expected.OrganizationID != uuid.Nil && al.OrganizationID != expected.OrganizationID {
johnstcn marked this conversation as resolved. Show resolvedHide resolved
		t.Logf("audit log %d: expected OrganizationID %s, got %s", idx+1, expected.OrganizationID, al.OrganizationID)
		continue
		}
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -71,6 +71,7 @@ type BackgroundAuditParams[T Auditable] struct {
		Action database.AuditAction
		OrganizationID uuid.UUID
		IP string
		UserAgent string
		// todo: this should automatically marshal an interface{} instead of accepting a raw message.
		AdditionalFields json.RawMessage

Expand DownExpand Up		@@ -422,7 +423,7 @@ func InitRequest[T Auditable](w http.ResponseWriter, p RequestParams) (Request
		action = req.Action
		}

		ip :=parseIP(p.Request.RemoteAddr)
		ip :=ParseIP(p.Request.RemoteAddr)
		auditLog := database.AuditLog{
		ID: uuid.New(),
		Time: dbtime.Now(),
Expand DownExpand Up		@@ -453,7 +454,7 @@ func InitRequest[T Auditable](w http.ResponseWriter, p RequestParams) (Request
		// BackgroundAudit creates an audit log for a background event.
		// The audit log is committed upon invocation.
		func BackgroundAudit[T Auditable](ctx context.Context, p *BackgroundAuditParams[T]) {
		ip :=parseIP(p.IP)
		ip :=ParseIP(p.IP)

		diff := Diff(p.Audit, p.Old, p.New)
		var err error
Expand All		@@ -479,7 +480,7 @@ func BackgroundAudit[T Auditable](ctx context.Context, p *BackgroundAuditParams[
		UserID: p.UserID,
		OrganizationID: requireOrgID[T](ctx, p.OrganizationID, p.Log),
		Ip: ip,
		UserAgent: sql.NullString{},
		UserAgent: sql.NullString{Valid: p.UserAgent != "", String: p.UserAgent},
mafredri marked this conversation as resolved. Show resolvedHide resolved
		ResourceType: either(p.Old, p.New, ResourceType[T], p.Action),
		ResourceID: either(p.Old, p.New, ResourceID[T], p.Action),
		ResourceTarget: either(p.Old, p.New, ResourceTarget[T], p.Action),
Expand DownExpand Up		@@ -566,7 +567,7 @@ func either[T Auditable, R any](old, new T, fn func(T) R, auditAction database.A
		panic("both old and new are nil")
		}

		funcparseIP(ipStr string) pqtype.Inet {
		funcParseIP(ipStr string) pqtype.Inet {
		ip := net.ParseIP(ipStr)
		ipNet := net.IPNet{}
		if ip != nil {
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -226,6 +226,10 @@ type Options struct {
		UpdateAgentMetrics func(ctx context.Context, labels prometheusmetrics.AgentMetricLabels, metrics []*agentproto.Stats_Metric)
		StatsBatcher workspacestats.Batcher

		// WorkspaceAppAuditSessionTimeout allows changing the timeout for audit
		// sessions. Raising or lowering this value will directly affect the write
		// load of the audit log table. This is used for testing. Default 1 hour.
		WorkspaceAppAuditSessionTimeout time.Duration
mafredri marked this conversation as resolved. Show resolvedHide resolved
		WorkspaceAppsStatsCollectorOptions workspaceapps.StatsCollectorOptions

		// This janky function is used in telemetry to parse fields out of the raw
Expand DownExpand Up		@@ -534,16 +538,6 @@ func New(options Options) API {
		Authorizer: options.Authorizer,
		Logger: options.Logger,
		},
		WorkspaceAppsProvider: workspaceapps.NewDBTokenProvider(
		options.Logger.Named("workspaceapps"),
		options.AccessURL,
		options.Authorizer,
		options.Database,
		options.DeploymentValues,
		oauthConfigs,
		options.AgentInactiveDisconnectTimeout,
		options.AppSigningKeyCache,
		),
		metricsCache: metricsCache,
		Auditor: atomic.Pointer[audit.Auditor]{},
		TailnetCoordinator: atomic.Pointer[tailnet.Coordinator]{},
Expand All		@@ -561,6 +555,18 @@ func New(options Options) API {
		),
		dbRolluper: options.DatabaseRolluper,
		}
		api.WorkspaceAppsProvider = workspaceapps.NewDBTokenProvider(
		options.Logger.Named("workspaceapps"),
		options.AccessURL,
		options.Authorizer,
		&api.Auditor,
		options.Database,
		options.DeploymentValues,
		oauthConfigs,
		options.AgentInactiveDisconnectTimeout,
		options.WorkspaceAppAuditSessionTimeout,
		options.AppSigningKeyCache,
		)

		f := appearance.NewDefaultFetcher(api.DeploymentValues.DocsURL.String())
		api.AppearanceFetcher.Store(&f)
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -4615,6 +4615,13 @@ func (q *querier) UpsertWorkspaceAgentPortShare(ctx context.Context, arg databas
		return q.db.UpsertWorkspaceAgentPortShare(ctx, arg)
		}

		func (q *querier) UpsertWorkspaceAppAuditSession(ctx context.Context, arg database.UpsertWorkspaceAppAuditSessionParams) (time.Time, error) {
		if err := q.authorizeContext(ctx, policy.ActionUpdate, rbac.ResourceSystem); err != nil {
		return time.Time{}, err
		}
		return q.db.UpsertWorkspaceAppAuditSession(ctx, arg)
		}

		func (q *querier) GetAuthorizedTemplates(ctx context.Context, arg database.GetTemplatesWithFilterParams, _ rbac.PreparedAuthorized) ([]database.Template, error) {
		// TODO Delete this function, all GetTemplates should be authorized. For now just call getTemplates on the authz querier.
		return q.GetTemplatesWithFilter(ctx, arg)
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -4065,6 +4065,19 @@ func (s *MethodTestSuite) TestSystemFunctions() {
		s.Run("InsertWorkspaceAppStats", s.Subtest(func(db database.Store, check *expects) {
		check.Args(database.InsertWorkspaceAppStatsParams{}).Asserts(rbac.ResourceSystem, policy.ActionCreate)
		}))
		s.Run("UpsertWorkspaceAppAuditSession", s.Subtest(func(db database.Store, check *expects) {
		u := dbgen.User(s.T(), db, database.User{})
		pj := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{})
		res := dbgen.WorkspaceResource(s.T(), db, database.WorkspaceResource{JobID: pj.ID})
		agent := dbgen.WorkspaceAgent(s.T(), db, database.WorkspaceAgent{ResourceID: res.ID})
		app := dbgen.WorkspaceApp(s.T(), db, database.WorkspaceApp{AgentID: agent.ID})
		check.Args(database.UpsertWorkspaceAppAuditSessionParams{
		AgentID: agent.ID,
		AppID: app.ID,
		UserID: u.ID,
		Ip: "127.0.0.1",
		}).Asserts(rbac.ResourceSystem, policy.ActionUpdate)
		}))
		s.Run("InsertWorkspaceAgentScriptTimings", s.Subtest(func(db database.Store, check *expects) {
		dbtestutil.DisableForeignKeysAndTriggers(s.T(), db)
		check.Args(database.InsertWorkspaceAgentScriptTimingsParams{
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -92,6 +92,7 @@ func New() database.Store {
		workspaceAgentLogs: make([]database.WorkspaceAgentLog, 0),
		workspaceBuilds: make([]database.WorkspaceBuild, 0),
		workspaceApps: make([]database.WorkspaceApp, 0),
		workspaceAppAuditSessions: make([]database.WorkspaceAppAuditSession, 0),
		workspaces: make([]database.WorkspaceTable, 0),
		workspaceProxies: make([]database.WorkspaceProxy, 0),
		},
Expand DownExpand Up		@@ -237,6 +238,7 @@ type data struct {
		workspaceAgentMemoryResourceMonitors []database.WorkspaceAgentMemoryResourceMonitor
		workspaceAgentVolumeResourceMonitors []database.WorkspaceAgentVolumeResourceMonitor
		workspaceApps []database.WorkspaceApp
		workspaceAppAuditSessions []database.WorkspaceAppAuditSession
		workspaceAppStatsLastInsertID int64
		workspaceAppStats []database.WorkspaceAppStat
		workspaceBuilds []database.WorkspaceBuild
Expand DownExpand Up		@@ -12263,6 +12265,63 @@ func (q *FakeQuerier) UpsertWorkspaceAgentPortShare(_ context.Context, arg datab
		return psl, nil
		}

		func (q *FakeQuerier) UpsertWorkspaceAppAuditSession(_ context.Context, arg database.UpsertWorkspaceAppAuditSessionParams) (time.Time, error) {
		err := validateDatabaseType(arg)
		if err != nil {
		return time.Time{}, err
		}

		q.mutex.Lock()
		defer q.mutex.Unlock()

		for i, s := range q.workspaceAppAuditSessions {
		if s.AgentID != arg.AgentID {
		continue
		}
		if s.AppID != arg.AppID {
		continue
		}
		if s.UserID != arg.UserID {
		continue
		}
		if s.Ip != arg.Ip {
		continue
		}
		if s.UserAgent != arg.UserAgent {
		continue
		}
		if s.SlugOrPort != arg.SlugOrPort {
		continue
		}
		if s.StatusCode != arg.StatusCode {
		continue
		}

		staleTime := dbtime.Now().Add(-(time.Duration(arg.StaleIntervalMS) * time.Millisecond))
		fresh := s.UpdatedAt.After(staleTime)

		q.workspaceAppAuditSessions[i].UpdatedAt = arg.UpdatedAt
		if !fresh {
		q.workspaceAppAuditSessions[i].StartedAt = arg.StartedAt
		return arg.StartedAt, nil
		}
		return s.StartedAt, nil
		}

		q.workspaceAppAuditSessions = append(q.workspaceAppAuditSessions, database.WorkspaceAppAuditSession{
		AgentID: arg.AgentID,
		AppID: arg.AppID,
		UserID: arg.UserID,
		Ip: arg.Ip,
		UserAgent: arg.UserAgent,
		SlugOrPort: arg.SlugOrPort,
		StatusCode: arg.StatusCode,
		StartedAt: arg.StartedAt,
		UpdatedAt: arg.UpdatedAt,
		})
		return arg.StartedAt, nil
		}

		func (q *FakeQuerier) GetAuthorizedTemplates(ctx context.Context, arg database.GetTemplatesWithFilterParams, prepared rbac.PreparedAuthorized) ([]database.Template, error) {
		if err := validateDatabaseType(arg); err != nil {
		return nil, err
Expand Down