synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-03 16:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: secure and cross-domain subdomain-based proxying (#4136)

Browse Source 
Co-authored-by: Kyle Carberry <kyle@carberry.com>
This commit is contained in:
Dean Sheather
2022-09-23 08:30:32 +10:00
committed by GitHub
parent 80b45f1aa1
commit 6deef06ad2
51 changed files with 1655 additions and 594 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
coderd/users.go
View File

@ -936,7 +936,7 @@ func (api *API) postLogin(rw http.ResponseWriter, r *http.Request) {
return
}
api.setAuthCookie(rw, cookie)
http.SetCookie(rw, cookie)
httpapi.Write(ctx, rw, http.StatusCreated, codersdk.LoginWithPasswordResponse{
SessionToken: cookie.Value,
@ -1016,7 +1016,7 @@ func (api *API) postLogout(rw http.ResponseWriter, r *http.Request) {
Name: codersdk.SessionTokenKey,
Path: "/",
}
api.setAuthCookie(rw, cookie)
http.SetCookie(rw, cookie)
// Delete the session token from database.
apiKey := httpmw.APIKey(r)
@ -1057,6 +1057,7 @@ type createAPIKeyParams struct {
// Optional.
ExpiresAt time.Time
LifetimeSeconds int64
Scope database.APIKeyScope
}
func (api *API) createAPIKey(ctx context.Context, params createAPIKeyParams) (*http.Cookie, error) {
@ -1081,6 +1082,12 @@ func (api *API) createAPIKey(ctx context.Context, params createAPIKeyParams) (*h
ip = net.IPv4(0, 0, 0, 0)
}
bitlen := len(ip) * 8
scope := database.APIKeyScopeAll
if params.Scope != "" {
scope = params.Scope
}
key, err := api.Database.InsertAPIKey(ctx, database.InsertAPIKeyParams{
ID: keyID,
UserID: params.UserID,
@ -1098,7 +1105,7 @@ func (api *API) createAPIKey(ctx context.Context, params createAPIKeyParams) (*h
UpdatedAt: database.Now(),
HashedSecret: hashed[:],
LoginType: params.LoginType,
Scope: database.APIKeyScopeAll,
Scope: scope,
})
if err != nil {
return nil, xerrors.Errorf("insert API key: %w", err)
@ -1198,15 +1205,6 @@ func (api *API) CreateUser(ctx context.Context, store database.Store, req Create
})
}
func (api *API) setAuthCookie(rw http.ResponseWriter, cookie *http.Cookie) {
http.SetCookie(rw, cookie)
appCookie := api.applicationCookie(cookie)
if appCookie != nil {
http.SetCookie(rw, appCookie)
}
}
func convertUser(user database.User, organizationIDs []uuid.UUID) codersdk.User {
convertedUser := codersdk.User{
ID: user.ID,