Mar 24, 2025 · Mar 21, 2025 · Mar 21, 2025 · Mar 21, 2025 · Mar 21, 2025 · Mar 21, 2025
diff --git a/cli/open.go b/cli/open.go
 pathAppURL := strings.TrimPrefix(region.PathAppURL, baseURL.String())
 appURL := buildAppLinkURL(baseURL, ws, agt, foundApp, region.WildcardHostname, pathAppURL)

 if foundApp.External {
 appURL = replacePlaceholderExternalSessionTokenString(client, appURL)
 }

 // Check if we're inside a workspace.  Generally, we know
 // that if we're inside a workspace, `open` can't be used.
 insideAWorkspace := inv.Environ.Get("CODER") == "true"
 if !testOpenError {
 err = open.Run(appURL)
 } else {
 err = xerrors.New("test.open-error")
 err = xerrors.New("test.open-error: " + appURL)
 }
 return err
 },
 }
 return u.String()
 }

 // replacePlaceholderExternalSessionTokenString replaces any $SESSION_TOKEN
 // strings in the URL with the actual session token.
 // This is consistent behavior with the frontend. See: site/src/modules/resources/AppLink/AppLink.tsx
 func replacePlaceholderExternalSessionTokenString(client *codersdk.Client, appURL string) string {
 if !strings.Contains(appURL, "$SESSION_TOKEN") {
 return appURL
 }

 // We will just re-use the existing session token we're already using.
 return strings.ReplaceAll(appURL, "$SESSION_TOKEN", client.SessionToken())
 }
diff --git a/cli/open_test.go b/cli/open_test.go
 w.RequireError()
 w.RequireContains("region not found")
 })

 t.Run("ExternalAppSessionToken", func(t *testing.T) {
 t.Parallel()

 client, ws, _ := setupWorkspaceForAgent(t, func(agents []*proto.Agent) []*proto.Agent {
 agents[0].Apps = []*proto.App{
 {
 Slug:     "app1",
 Url:      "https://example.com/app1?token=$SESSION_TOKEN",
 External: true,
 },
 }
 return agents
 })
 inv, root := clitest.New(t, "open", "app", ws.Name, "app1", "--test.open-error")
 clitest.SetupConfig(t, client, root)
 pty := ptytest.New(t)
 inv.Stdin = pty.Input()
 inv.Stdout = pty.Output()

 w := clitest.StartWithWaiter(t, inv)
 w.RequireError()
 w.RequireContains("test.open-error")
 w.RequireContains(client.SessionToken())
 })
 }
Original file line number	Diff line number	Diff line change
Expand Up		@@ -301,6 +301,10 @@ func (r RootCmd) openApp() serpent.Command {
		pathAppURL := strings.TrimPrefix(region.PathAppURL, baseURL.String())
		appURL := buildAppLinkURL(baseURL, ws, agt, foundApp, region.WildcardHostname, pathAppURL)

		if foundApp.External {
		appURL = replacePlaceholderExternalSessionTokenString(client, appURL)
		}

		// Check if we're inside a workspace. Generally, we know
		// that if we're inside a workspace, `open` can't be used.
		insideAWorkspace := inv.Environ.Get("CODER") == "true"
Expand All		@@ -314,7 +318,7 @@ func (r RootCmd) openApp() serpent.Command {
		if !testOpenError {
		err = open.Run(appURL)
		} else {
		err = xerrors.New("test.open-error")
		err = xerrors.New("test.open-error: " + appURL)
		}
		return err
		},
Expand DownExpand Up		@@ -511,3 +515,15 @@ func buildAppLinkURL(baseURL *url.URL, workspace codersdk.Workspace, agent coder
		}
		return u.String()
		}

		// replacePlaceholderExternalSessionTokenString replaces any $SESSION_TOKEN
		// strings in the URL with the actual session token.
		// This is consistent behavior with the frontend. See: site/src/modules/resources/AppLink/AppLink.tsx
		func replacePlaceholderExternalSessionTokenString(client *codersdk.Client, appURL string) string {
		if !strings.Contains(appURL, "$SESSION_TOKEN") {
Copy link Member mafredriMar 21, 2025 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. Is this the only supported format? Not e.g.`${SESSION_TOKEN}`? Copy link MemberAuthor johnstcnMar 21, 2025 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. Nope, it's just`const magicTokenString = "$SESSION_TOKEN";`
		return appURL
		}

		// We will just re-use the existing session token we're already using.
Copy link Member mafredriMar 21, 2025 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. I think this is fine for apps. For VS Code I think we generate a new one but since it’s long-lived in the editor, it makes sense to decouple them. Same doesn’t apply here.
		return strings.ReplaceAll(appURL, "$SESSION_TOKEN", client.SessionToken())
		}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -381,4 +381,29 @@ func TestOpenApp(t *testing.T) {
		w.RequireError()
		w.RequireContains("region not found")
		})

		t.Run("ExternalAppSessionToken", func(t *testing.T) {
		t.Parallel()

		client, ws, _ := setupWorkspaceForAgent(t, func(agents []proto.Agent) []proto.Agent {
		agents[0].Apps = []*proto.App{
		{
		Slug: "app1",
		Url: "https://example.com/app1?token=$SESSION_TOKEN",
		External: true,
		},
		}
		return agents
		})
		inv, root := clitest.New(t, "open", "app", ws.Name, "app1", "--test.open-error")
		clitest.SetupConfig(t, client, root)
		pty := ptytest.New(t)
		inv.Stdin = pty.Input()
		inv.Stdout = pty.Output()

		w := clitest.StartWithWaiter(t, inv)
		w.RequireError()
		w.RequireContains("test.open-error")
		w.RequireContains(client.SessionToken())
		})
		}