feat: use JWT ticket to avoid DB queries on apps (#6148)

Issue a JWT ticket on the first request with a short expiry that contains details about which workspace/agent/app combo the ticket is valid for.
2025-07-15 22:20:27 +00:00 · 2023-03-08 06:38:11 +11:00
parent f8494d2bac
commit 1bdd2abed7
37 changed files with 2809 additions and 969 deletions
--- a/coderd/database/queries/lock.sql
+++ b/coderd/database/queries/lock.sql
@ -0,0 +1,17 @@
+-- name: AcquireLock :exec
+-- Blocks until the lock is acquired.
+--
+-- This must be called from within a transaction. The lock will be automatically
+-- released when the transaction ends.
+--
+-- Use database.LockID() to generate a unique lock ID from a string.
+SELECT pg_advisory_xact_lock($1);
+
+-- name: TryAcquireLock :one
+-- Non blocking lock. Returns true if the lock was acquired, false otherwise.
+--
+-- This must be called from within a transaction. The lock will be automatically
+-- released when the transaction ends.
+--
+-- Use database.LockID() to generate a unique lock ID from a string.
+SELECT pg_try_advisory_xact_lock($1);
--- a/coderd/database/queries/siteconfig.sql
+++ b/coderd/database/queries/siteconfig.sql
@ -30,3 +30,9 @@ ON CONFLICT (key) DO UPDATE SET value = $1 WHERE site_configs.key = 'logo_url';

 -- name: GetLogoURL :one
 SELECT value FROM site_configs WHERE key = 'logo_url';
+
+-- name: GetAppSigningKey :one
+SELECT value FROM site_configs WHERE key = 'app_signing_key';
+
+-- name: InsertAppSigningKey :exec
+INSERT INTO site_configs (key, value) VALUES ('app_signing_key', $1);