synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-23 21:32:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: add workspace proxies to the backend (#7032)

Browse Source 
Co-authored-by: Dean Sheather <dean@deansheather.com>
This commit is contained in:
Steven Masley
2023-04-17 14:57:21 -05:00
committed by GitHub
parent dc5e16ae22
commit 658246d5f2
61 changed files with 3641 additions and 757 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
enterprise/wsproxy/tokenprovider.go Normal file
View File

@ -0,0 +1,58 @@
package wsproxy
import (
"context"
"net/http"
"net/url"
"cdr.dev/slog"
"github.com/coder/coder/coderd/workspaceapps"
"github.com/coder/coder/enterprise/wsproxy/wsproxysdk"
)
var _ workspaceapps.SignedTokenProvider = (*TokenProvider)(nil)
type TokenProvider struct {
DashboardURL *url.URL
AccessURL *url.URL
AppHostname string
Client *wsproxysdk.Client
SecurityKey workspaceapps.SecurityKey
Logger slog.Logger
}
func (p *TokenProvider) FromRequest(r *http.Request) (*workspaceapps.SignedToken, bool) {
return workspaceapps.FromRequest(r, p.SecurityKey)
}
func (p *TokenProvider) Issue(ctx context.Context, rw http.ResponseWriter, r *http.Request, issueReq workspaceapps.IssueTokenRequest) (*workspaceapps.SignedToken, string, bool) {
appReq := issueReq.AppRequest.Normalize()
err := appReq.Validate()
if err != nil {
workspaceapps.WriteWorkspaceApp500(p.Logger, p.DashboardURL, rw, r, &appReq, err, "invalid app request")
return nil, "", false
}
issueReq.AppRequest = appReq
resp, ok := p.Client.IssueSignedAppTokenHTML(ctx, rw, issueReq)
if !ok {
return nil, "", false
}
// Check that it verifies properly and matches the string.
token, err := p.SecurityKey.VerifySignedToken(resp.SignedTokenStr)
if err != nil {
workspaceapps.WriteWorkspaceApp500(p.Logger, p.DashboardURL, rw, r, &appReq, err, "failed to verify newly generated signed token")
return nil, "", false
}
// Check that it matches the request.
if !token.MatchesRequest(appReq) {
workspaceapps.WriteWorkspaceApp500(p.Logger, p.DashboardURL, rw, r, &appReq, err, "newly generated signed token does not match request")
return nil, "", false
}
return &token, resp.SignedTokenStr, true
}