fix: add back missing postAPIKey route (#4406)

2025-07-06 15:41:45 +00:00 · 2022-10-06 17:56:43 -04:00
parent a89d6909b2
commit 32bb1e7ce9
4 changed files with 62 additions and 0 deletions
--- a/coderd/apikey.go
+++ b/coderd/apikey.go
@ -53,6 +53,41 @@ func (api *API) postToken(rw http.ResponseWriter, r *http.Request) {
 	httpapi.Write(ctx, rw, http.StatusCreated, codersdk.GenerateAPIKeyResponse{Key: cookie.Value})
 }

+// Creates a new session key, used for logging in via the CLI.
+func (api *API) postAPIKey(rw http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	user := httpmw.UserParam(r)
+
+	if !api.Authorize(r, rbac.ActionCreate, rbac.ResourceAPIKey.WithOwner(user.ID.String())) {
+		httpapi.ResourceNotFound(rw)
+		return
+	}
+
+	lifeTime := time.Hour * 24 * 7
+	cookie, err := api.createAPIKey(ctx, createAPIKeyParams{
+		UserID:     user.ID,
+		LoginType:  database.LoginTypePassword,
+		RemoteAddr: r.RemoteAddr,
+		// All api generated keys will last 1 week. Browser login tokens have
+		// a shorter life.
+		ExpiresAt:       database.Now().Add(lifeTime),
+		LifetimeSeconds: int64(lifeTime.Seconds()),
+	})
+	if err != nil {
+		httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+			Message: "Failed to create API key.",
+			Detail:  err.Error(),
+		})
+		return
+	}
+
+	// We intentionally do not set the cookie on the response here.
+	// Setting the cookie will couple the browser sesion to the API
+	// key we return here, meaning logging out of the website would
+	// invalid your CLI key.
+	httpapi.Write(ctx, rw, http.StatusCreated, codersdk.GenerateAPIKeyResponse{Key: cookie.Value})
+}
+
 func (api *API) apiKey(rw http.ResponseWriter, r *http.Request) {
 	var (
 		ctx  = r.Context()
--- a/coderd/apikey_test.go
+++ b/coderd/apikey_test.go
@ -39,3 +39,15 @@ func TestTokens(t *testing.T) {
 	require.NoError(t, err)
 	require.Empty(t, keys)
 }
+
+func TestAPIKey(t *testing.T) {
+	t.Parallel()
+	ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+	defer cancel()
+	client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true})
+	_ = coderdtest.CreateFirstUser(t, client)
+
+	res, err := client.CreateAPIKey(ctx, codersdk.Me)
+	require.NoError(t, err)
+	require.Greater(t, len(res.Key), 2)
+}
--- a/coderd/coderd.go
+++ b/coderd/coderd.go
@ -399,6 +399,7 @@ func New(options *Options) *API {
 					r.Get("/roles", api.userRoles)

 					r.Route("/keys", func(r chi.Router) {
+						r.Post("/", api.postAPIKey)
 						r.Route("/tokens", func(r chi.Router) {
 							r.Post("/", api.postToken)
 							r.Get("/", api.tokens)