fix: Avoid using hijacked http.ResponseWriter in workspaceAgentReportStats (#4165)

2025-07-09 11:45:56 +00:00 · 2022-09-23 19:08:56 +03:00
parent 7898581e50
commit 1e1967e0db
1 changed files with 13 additions and 25 deletions
--- a/coderd/workspaceagents.go
+++ b/coderd/workspaceagents.go
@ -578,10 +578,8 @@ func (api *API) workspaceAgentReportStats(rw http.ResponseWriter, r *http.Reques
 	if err == nil {
 		err = json.Unmarshal(latestStat.Payload, &lastReport)
 		if err != nil {
-			httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+			api.Logger.Debug(ctx, "unmarshal stat payload", slog.Error(err))
-				Message: "Failed to unmarshal stat payload.",
+			conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("unmarshal stat payload: %s", err))
 				Detail:  err.Error(),
 			})
 			return
 		}
 	}
@ -591,29 +589,23 @@ func (api *API) workspaceAgentReportStats(rw http.ResponseWriter, r *http.Reques
 	for {
 		err := wsjson.Write(ctx, conn, codersdk.AgentStatsReportRequest{})
 		if err != nil {
-			httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+			api.Logger.Debug(ctx, "write report request", slog.Error(err))
-				Message: "Failed to write report request.",
+			conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("write report request: %s", err))
 				Detail:  err.Error(),
 			})
 			return
 		}
 		var rep codersdk.AgentStatsReportResponse
 		err = wsjson.Read(ctx, conn, &rep)
 		if err != nil {
-			httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+			api.Logger.Debug(ctx, "read report response", slog.Error(err))
-				Message: "Failed to read report response.",
+			conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("read report response: %s", err))
 				Detail:  err.Error(),
 			})
 			return
 		}
 		repJSON, err := json.Marshal(rep)
 		if err != nil {
-			httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+			api.Logger.Debug(ctx, "marshal stat json", slog.Error(err))
-				Message: "Failed to marshal stat json.",
+			conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("marshal stat json: %s", err))
 				Detail:  err.Error(),
 			})
 			return
 		}
@ -623,7 +615,7 @@ func (api *API) workspaceAgentReportStats(rw http.ResponseWriter, r *http.Reques
 		// all.
 		// We also don't want to update the workspace last used at on duplicate
 		// reports.
-		var updateDB = !reflect.DeepEqual(lastReport, rep)
+		updateDB := !reflect.DeepEqual(lastReport, rep)
 		api.Logger.Debug(ctx, "read stats report",
 			slog.F("interval", api.AgentStatsRefreshInterval),
@ -649,10 +641,8 @@ func (api *API) workspaceAgentReportStats(rw http.ResponseWriter, r *http.Reques
 				Payload:     json.RawMessage(repJSON),
 			})
 			if err != nil {
-				httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+				api.Logger.Debug(ctx, "insert agent stat", slog.Error(err))
-					Message: "Failed to insert agent stat.",
+				conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("insert agent stat: %s", err))
 					Detail:  err.Error(),
 				})
 				return
 			}
@ -661,10 +651,8 @@ func (api *API) workspaceAgentReportStats(rw http.ResponseWriter, r *http.Reques
 				LastUsedAt: database.Now(),
 			})
 			if err != nil {
-				httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+				api.Logger.Debug(ctx, "update workspace last used at", slog.Error(err))
-					Message: "Failed to update workspace last used at.",
+				conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("update workspace last used at: %s", err))
 					Detail:  err.Error(),
 				})
 				return
 			}
 		}