feat: secure and cross-domain subdomain-based proxying (#4136)

Co-authored-by: Kyle Carberry <kyle@carberry.com>

enterprise/coderd/coderd.go

@@ -53,7 +53,12 @@ func New(ctx context.Context, options *Options) (*API, error) {
 		Github: options.GithubOAuth2Config,
 		OIDC:   options.OIDCConfig,
 	}
-	apiKeyMiddleware := httpmw.ExtractAPIKey(options.Database, oauthConfigs, false)
+	apiKeyMiddleware := httpmw.ExtractAPIKey(httpmw.ExtractAPIKeyConfig{
+		DB:              options.Database,
+		OAuth2Configs:   oauthConfigs,
+		RedirectToLogin: false,
+	})
+
 	api.AGPL.APIHandler.Group(func(r chi.Router) {
 		r.Get("/entitlements", api.serveEntitlements)
 		r.Route("/licenses", func(r chi.Router) {

enterprise/coderd/coderdenttest/coderdenttest_test.go

@@ -20,6 +20,8 @@ func TestAuthorizeAllEndpoints(t *testing.T) {
 	t.Parallel()
 	client, _, api := coderdenttest.NewWithAPI(t, &coderdenttest.Options{
 		Options: &coderdtest.Options{
+			// Required for any subdomain-based proxy tests to pass.
+			AppHostname:              "test.coder.com",
 			Authorizer:               &coderdtest.RecordingAuthorizer{},
 			IncludeProvisionerDaemon: true,
 		},