chore: add workspace proxies to the backend (#7032)

Co-authored-by: Dean Sheather <dean@deansheather.com>
2025-07-18 14:17:22 +00:00 · 2023-04-17 14:57:21 -05:00
parent dc5e16ae22
commit 658246d5f2
61 changed files with 3641 additions and 757 deletions
--- a/coderd/workspaceapps/token.go
+++ b/coderd/workspaceapps/token.go
@ -4,6 +4,7 @@ import (
 	"encoding/base64"
 	"encoding/hex"
 	"encoding/json"
+	"net/http"
 	"time"

 	"github.com/go-jose/go-jose/v3"
@ -11,6 +12,7 @@ import (
 	"golang.org/x/xerrors"

 	"github.com/coder/coder/coderd/database"
+	"github.com/coder/coder/codersdk"
 )

 const (
@ -217,3 +219,23 @@ func (k SecurityKey) DecryptAPIKey(encryptedAPIKey string) (string, error) {

 	return payload.APIKey, nil
 }
+
+func FromRequest(r *http.Request, key SecurityKey) (*SignedToken, bool) {
+	// Get the existing token from the request.
+	tokenCookie, err := r.Cookie(codersdk.DevURLSignedAppTokenCookie)
+	if err == nil {
+		token, err := key.VerifySignedToken(tokenCookie.Value)
+		if err == nil {
+			req := token.Request.Normalize()
+			err := req.Validate()
+			if err == nil {
+				// The request has a valid signed app token, which is a valid
+				// token signed by us. The caller must check that it matches
+				// the request.
+				return &token, true
+			}
+		}
+	}
+
+	return nil, false
+}