feat: secure and cross-domain subdomain-based proxying (#4136)

Co-authored-by: Kyle Carberry <kyle@carberry.com>

coderd/database/dump.sql

@@ -118,6 +118,8 @@ CREATE TABLE api_keys (
     scope api_key_scope DEFAULT 'all'::public.api_key_scope NOT NULL
 );
 
+COMMENT ON COLUMN api_keys.hashed_secret IS 'hashed_secret contains a SHA256 hash of the key secret. This is considered a secret and MUST NOT be returned from the API as it is used for API key encryption in app proxying code.';
+
 CREATE TABLE audit_logs (
     id uuid NOT NULL,
     "time" timestamp with time zone NOT NULL,

coderd/database/migrations/000051_comment_on_api_key_secret.down.sql

@@ -0,0 +1 @@
+-- noop, comments don't need to be removed

coderd/database/migrations/000051_comment_on_api_key_secret.up.sql

@@ -0,0 +1,2 @@
+COMMENT ON COLUMN api_keys.hashed_secret
+IS 'hashed_secret contains a SHA256 hash of the key secret. This is considered a secret and MUST NOT be returned from the API as it is used for API key encryption in app proxying code.';

coderd/database/models.go

@@ -333,7 +333,8 @@ func (e *WorkspaceTransition) Scan(src interface{}) error {
 }
 
 type APIKey struct {
-	ID              string      `db:"id" json:"id"`
+	ID string `db:"id" json:"id"`
+	// hashed_secret contains a SHA256 hash of the key secret. This is considered a secret and MUST NOT be returned from the API as it is used for API key encryption in app proxying code.
 	HashedSecret    []byte      `db:"hashed_secret" json:"hashed_secret"`
 	UserID          uuid.UUID   `db:"user_id" json:"user_id"`
 	LastUsed        time.Time   `db:"last_used" json:"last_used"`