GO-2024-3228: Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect') in github.com/coder/coder
The highest tagged major version isv2.
wsproxy
packageThis package is not in the latest version of its module.
Details
Validgo.mod file
The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
- Redistributable license
Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
- Tagged version
Modules with tagged versions give importers more predictable builds.
Stable versionWhen a project reaches major version v1 it is considered stable.
- Learn more about best practices
Repository
Links
Open Source Insights
Documentation¶
Index¶
Constants¶
This section is empty.
Variables¶
This section is empty.
Functions¶
This section is empty.
Types¶
typeOptions¶
type Options struct {Loggerslog.LoggerExperimentscodersdk.ExperimentsHTTPClient *http.Client// DashboardURL is the URL of the primary coderd instance.DashboardURL *url.URL// AccessURL is the URL of the WorkspaceProxy.AccessURL *url.URL// TODO: @emyrk We use these two fields in many places with this comment.//Maybe we should make some shared options struct?// AppHostname should be the wildcard hostname to use for workspace// applications INCLUDING the asterisk, (optional) suffix and leading dot.// It will use the same scheme and port number as the access URL.// E.g. "*.apps.coder.com" or "*-apps.coder.com".AppHostnamestring// AppHostnameRegex contains the regex version of options.AppHostname as// generated by httpapi.CompileHostnamePattern(). It MUST be set if// options.AppHostname is set.AppHostnameRegex *regexp.RegexpRealIPConfig *httpmw.RealIPConfigTracingtrace.TracerProviderPrometheusRegistry *prometheus.RegistryAPIRateLimitintSecureAuthCookieboolDisablePathAppsboolProxySessionTokenstring// AllowAllCors will set all CORs headers to '*'.// By default, CORs is set to accept external requests// from the dashboardURL. This should only be used in development.AllowAllCorsbool}typeServer¶
type Server struct {Options *OptionsHandler chi.RouterDashboardURL *url.URLAppServer *workspaceapps.Server// Logging/MetricsLoggerslog.LoggerTracerProvidertrace.TracerProviderPrometheusRegistry *prometheus.Registry// SDKClient is a client to the primary coderd instance authenticated with// the moon's token.SDKClient *wsproxysdk.Client// contains filtered or unexported fields}Server is an external workspace proxy server. This server can communicatedirectly with a workspace. It requires a primary coderd to establish a saidconnection.
funcNew¶
New creates a new workspace proxy server. This requires a primary coderdinstance to be reachable and the correct authorization access token to beprovided. If the proxy cannot authenticate with the primary, this will fail.
func (*Server)DialCoordinator¶added inv0.26.2
func (*Server)DialWorkspaceAgent¶
typeTokenProvider¶
type TokenProvider struct {DashboardURL *url.URLAccessURL *url.URLAppHostnamestringClient *wsproxysdk.ClientSecurityKeyworkspaceapps.SecurityKeyLoggerslog.Logger}func (*TokenProvider)FromRequest¶
func (p *TokenProvider) FromRequest(r *http.Request) (*workspaceapps.SignedToken,bool)
func (*TokenProvider)Issue¶
func (p *TokenProvider) Issue(ctxcontext.Context, rwhttp.ResponseWriter, r *http.Request, issueReqworkspaceapps.IssueTokenRequest) (*workspaceapps.SignedToken,string,bool)
Source Files
Directories