chore: move agent functions from codersdk into agentsdk (#5903)

* chore: rename `AgentConn` to `WorkspaceAgentConn` The codersdk was becoming bloated with consts for the workspace agent that made no sense to a reader. `Tailnet*` is an example of these consts. * chore: remove `Get` prefix from *Client functions * chore: remove `BypassRatelimits` option in `codersdk.Client` It feels wrong to have this as a direct option because it's so infrequently needed by API callers. It's better to directly modify headers in the two places that we actually use it. * Merge `appearance.go` and `buildinfo.go` into `deployment.go` * Merge `experiments.go` and `features.go` into `deployment.go` * Fix `make gen` referencing old type names * Merge `error.go` into `client.go` `codersdk.Response` lived in `error.go`, which is wrong. * chore: refactor workspace agent functions into agentsdk It was odd conflating the codersdk that clients should use with functions that only the agent should use. This separates them into two SDKs that are closely coupled, but separate. * Merge `insights.go` into `deployment.go` * Merge `organizationmember.go` into `organizations.go` * Merge `quota.go` into `workspaces.go` * Rename `sse.go` to `serversentevents.go` * Rename `codersdk.WorkspaceAppHostResponse` to `codersdk.AppHostResponse` * Format `.vscode/settings.json` * Fix outdated naming in `api.ts` * Fix app host response * Fix unsupported type * Fix imported type
2025-07-06 15:41:45 +00:00 · 2023-01-29 15:47:24 -06:00
parent e49f41652f
commit 7ad87505c8
115 changed files with 2491 additions and 2567 deletions
--- a/coderd/httpmw/apikey.go
+++ b/coderd/httpmw/apikey.go
@ -144,7 +144,7 @@ func ExtractAPIKey(cfg ExtractAPIKeyConfig) func(http.Handler) http.Handler {
 			if token == "" {
 				optionalWrite(http.StatusUnauthorized, codersdk.Response{
 					Message: SignedOutErrorMessage,
-					Detail:  fmt.Sprintf("Cookie %q or query parameter must be provided.", codersdk.SessionTokenKey),
+					Detail:  fmt.Sprintf("Cookie %q or query parameter must be provided.", codersdk.SessionTokenCookie),
 				})
 				return
 			}
@ -364,17 +364,17 @@ func ExtractAPIKey(cfg ExtractAPIKeyConfig) func(http.Handler) http.Handler {
 // 4. The coder_session_token query parameter
 // 5. The custom auth header
 func apiTokenFromRequest(r *http.Request) string {
-	cookie, err := r.Cookie(codersdk.SessionTokenKey)
+	cookie, err := r.Cookie(codersdk.SessionTokenCookie)
 	if err == nil && cookie.Value != "" {
 		return cookie.Value
 	}

-	urlValue := r.URL.Query().Get(codersdk.SessionTokenKey)
+	urlValue := r.URL.Query().Get(codersdk.SessionTokenCookie)
 	if urlValue != "" {
 		return urlValue
 	}

-	headerValue := r.Header.Get(codersdk.SessionCustomHeader)
+	headerValue := r.Header.Get(codersdk.SessionTokenHeader)
 	if headerValue != "" {
 		return headerValue
 	}
--- a/coderd/httpmw/apikey_test.go
+++ b/coderd/httpmw/apikey_test.go
@ -82,7 +82,7 @@ func TestAPIKey(t *testing.T) {
 			r  = httptest.NewRequest("GET", "/", nil)
 			rw = httptest.NewRecorder()
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, "test-wow-hello")
+		r.Header.Set(codersdk.SessionTokenHeader, "test-wow-hello")

 		httpmw.ExtractAPIKey(httpmw.ExtractAPIKeyConfig{
 			DB:              db,
@ -100,7 +100,7 @@ func TestAPIKey(t *testing.T) {
 			r  = httptest.NewRequest("GET", "/", nil)
 			rw = httptest.NewRecorder()
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, "test-wow")
+		r.Header.Set(codersdk.SessionTokenHeader, "test-wow")

 		httpmw.ExtractAPIKey(httpmw.ExtractAPIKeyConfig{
 			DB:              db,
@ -118,7 +118,7 @@ func TestAPIKey(t *testing.T) {
 			r  = httptest.NewRequest("GET", "/", nil)
 			rw = httptest.NewRecorder()
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, "testtestid-wow")
+		r.Header.Set(codersdk.SessionTokenHeader, "testtestid-wow")

 		httpmw.ExtractAPIKey(httpmw.ExtractAPIKeyConfig{
 			DB:              db,
@ -137,7 +137,7 @@ func TestAPIKey(t *testing.T) {
 			r          = httptest.NewRequest("GET", "/", nil)
 			rw         = httptest.NewRecorder()
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))

 		httpmw.ExtractAPIKey(httpmw.ExtractAPIKeyConfig{
 			DB:              db,
@ -157,7 +157,7 @@ func TestAPIKey(t *testing.T) {
 			rw         = httptest.NewRecorder()
 			user       = createUser(r.Context(), t, db)
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))

 		// Use a different secret so they don't match!
 		hashed := sha256.Sum256([]byte("differentsecret"))
@ -188,7 +188,7 @@ func TestAPIKey(t *testing.T) {
 			rw         = httptest.NewRecorder()
 			user       = createUser(r.Context(), t, db)
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))

 		_, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
 			ID:           id,
@ -217,7 +217,7 @@ func TestAPIKey(t *testing.T) {
 			rw         = httptest.NewRecorder()
 			user       = createUser(r.Context(), t, db)
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))

 		sentAPIKey, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
 			ID:           id,
@ -259,7 +259,7 @@ func TestAPIKey(t *testing.T) {
 			user       = createUser(r.Context(), t, db)
 		)
 		r.AddCookie(&http.Cookie{
-			Name:  codersdk.SessionTokenKey,
+			Name:  codersdk.SessionTokenCookie,
 			Value: fmt.Sprintf("%s-%s", id, secret),
 		})

@ -302,7 +302,7 @@ func TestAPIKey(t *testing.T) {
 			user       = createUser(r.Context(), t, db)
 		)
 		q := r.URL.Query()
-		q.Add(codersdk.SessionTokenKey, fmt.Sprintf("%s-%s", id, secret))
+		q.Add(codersdk.SessionTokenCookie, fmt.Sprintf("%s-%s", id, secret))
 		r.URL.RawQuery = q.Encode()

 		_, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
@ -339,7 +339,7 @@ func TestAPIKey(t *testing.T) {
 			rw         = httptest.NewRecorder()
 			user       = createUser(r.Context(), t, db)
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))

 		sentAPIKey, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
 			ID:           id,
@ -376,7 +376,7 @@ func TestAPIKey(t *testing.T) {
 			rw         = httptest.NewRecorder()
 			user       = createUser(r.Context(), t, db)
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))

 		sentAPIKey, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
 			ID:           id,
@ -413,7 +413,7 @@ func TestAPIKey(t *testing.T) {
 			rw         = httptest.NewRecorder()
 			user       = createUser(r.Context(), t, db)
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))

 		sentAPIKey, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
 			ID:           id,
@ -457,7 +457,7 @@ func TestAPIKey(t *testing.T) {
 			rw         = httptest.NewRecorder()
 			user       = createUser(r.Context(), t, db)
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))

 		sentAPIKey, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
 			ID:           id,
@ -514,7 +514,7 @@ func TestAPIKey(t *testing.T) {
 			user       = createUser(r.Context(), t, db)
 		)
 		r.RemoteAddr = "1.1.1.1"
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))

 		_, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
 			ID:           id,
@ -602,7 +602,7 @@ func TestAPIKey(t *testing.T) {
 			rw         = httptest.NewRecorder()
 			user       = createUser(r.Context(), t, db)
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))

 		sentAPIKey, err := db.InsertAPIKey(r.Context(), database.InsertAPIKeyParams{
 			ID:           id,
--- a/coderd/httpmw/authorize_test.go
+++ b/coderd/httpmw/authorize_test.go
@ -131,7 +131,7 @@ func TestExtractUserRoles(t *testing.T) {
 			})

 			req := httptest.NewRequest("GET", "/", nil)
-			req.Header.Set(codersdk.SessionCustomHeader, token)
+			req.Header.Set(codersdk.SessionTokenHeader, token)

 			rtr.ServeHTTP(rw, req)
 			resp := rw.Result()
--- a/coderd/httpmw/csrf.go
+++ b/coderd/httpmw/csrf.go
@ -41,19 +41,19 @@ func CSRF(secureCookie bool) func(next http.Handler) http.Handler {
 			// CSRF only affects requests that automatically attach credentials via a cookie.
 			// If no cookie is present, then there is no risk of CSRF.
 			//nolint:govet
-			sessCookie, err := r.Cookie(codersdk.SessionTokenKey)
+			sessCookie, err := r.Cookie(codersdk.SessionTokenCookie)
 			if xerrors.Is(err, http.ErrNoCookie) {
 				return true
 			}

-			if token := r.Header.Get(codersdk.SessionCustomHeader); token == sessCookie.Value {
+			if token := r.Header.Get(codersdk.SessionTokenHeader); token == sessCookie.Value {
 				// If the cookie and header match, we can assume this is the same as just using the
 				// custom header auth. Custom header auth can bypass CSRF, as CSRF attacks
 				// cannot add custom headers.
 				return true
 			}

-			if token := r.URL.Query().Get(codersdk.SessionTokenKey); token == sessCookie.Value {
+			if token := r.URL.Query().Get(codersdk.SessionTokenCookie); token == sessCookie.Value {
 				// If the auth is set in a url param and matches the cookie, it
 				// is the same as just using the url param.
 				return true
--- a/coderd/httpmw/oauth2.go
+++ b/coderd/httpmw/oauth2.go
@ -71,7 +71,7 @@ func ExtractOAuth2(config OAuth2Config, client *http.Client) func(http.Handler)
 				}

 				http.SetCookie(rw, &http.Cookie{
-					Name:     codersdk.OAuth2StateKey,
+					Name:     codersdk.OAuth2StateCookie,
 					Value:    state,
 					Path:     "/",
 					HttpOnly: true,
@ -80,7 +80,7 @@ func ExtractOAuth2(config OAuth2Config, client *http.Client) func(http.Handler)
 				// Redirect must always be specified, otherwise
 				// an old redirect could apply!
 				http.SetCookie(rw, &http.Cookie{
-					Name:     codersdk.OAuth2RedirectKey,
+					Name:     codersdk.OAuth2RedirectCookie,
 					Value:    r.URL.Query().Get("redirect"),
 					Path:     "/",
 					HttpOnly: true,
@ -98,10 +98,10 @@ func ExtractOAuth2(config OAuth2Config, client *http.Client) func(http.Handler)
 				return
 			}

-			stateCookie, err := r.Cookie(codersdk.OAuth2StateKey)
+			stateCookie, err := r.Cookie(codersdk.OAuth2StateCookie)
 			if err != nil {
 				httpapi.Write(ctx, rw, http.StatusUnauthorized, codersdk.Response{
-					Message: fmt.Sprintf("Cookie %q must be provided.", codersdk.OAuth2StateKey),
+					Message: fmt.Sprintf("Cookie %q must be provided.", codersdk.OAuth2StateCookie),
 				})
 				return
 			}
@ -113,7 +113,7 @@ func ExtractOAuth2(config OAuth2Config, client *http.Client) func(http.Handler)
 			}

 			var redirect string
-			stateRedirect, err := r.Cookie(codersdk.OAuth2RedirectKey)
+			stateRedirect, err := r.Cookie(codersdk.OAuth2RedirectCookie)
 			if err == nil {
 				redirect = stateRedirect.Value
 			}
--- a/coderd/httpmw/oauth2_test.go
+++ b/coderd/httpmw/oauth2_test.go
@ -73,7 +73,7 @@ func TestOAuth2(t *testing.T) {
 		t.Parallel()
 		req := httptest.NewRequest("GET", "/?code=something&state=test", nil)
 		req.AddCookie(&http.Cookie{
-			Name:  codersdk.OAuth2StateKey,
+			Name:  codersdk.OAuth2StateCookie,
 			Value: "mismatch",
 		})
 		res := httptest.NewRecorder()
@ -84,7 +84,7 @@ func TestOAuth2(t *testing.T) {
 		t.Parallel()
 		req := httptest.NewRequest("GET", "/?code=test&state=something", nil)
 		req.AddCookie(&http.Cookie{
-			Name:  codersdk.OAuth2StateKey,
+			Name:  codersdk.OAuth2StateCookie,
 			Value: "something",
 		})
 		req.AddCookie(&http.Cookie{
--- a/coderd/httpmw/organizationparam_test.go
+++ b/coderd/httpmw/organizationparam_test.go
@ -29,7 +29,7 @@ func TestOrganizationParam(t *testing.T) {
 			r          = httptest.NewRequest("GET", "/", nil)
 			hashed     = sha256.Sum256([]byte(secret))
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))

 		userID := uuid.New()
 		username, err := cryptorand.String(8)
--- a/coderd/httpmw/ratelimit_test.go
+++ b/coderd/httpmw/ratelimit_test.go
@ -111,7 +111,7 @@ func TestRateLimit(t *testing.T) {

 		// Bypass must fail
 		req := httptest.NewRequest("GET", "/", nil)
-		req.Header.Set(codersdk.SessionCustomHeader, key)
+		req.Header.Set(codersdk.SessionTokenHeader, key)
 		req.Header.Set(codersdk.BypassRatelimitHeader, "true")
 		rec := httptest.NewRecorder()
 		// Assert we're not using IP address.
@ -123,7 +123,7 @@ func TestRateLimit(t *testing.T) {

 		require.Eventually(t, func() bool {
 			req := httptest.NewRequest("GET", "/", nil)
-			req.Header.Set(codersdk.SessionCustomHeader, key)
+			req.Header.Set(codersdk.SessionTokenHeader, key)
 			rec := httptest.NewRecorder()
 			// Assert we're not using IP address.
 			req.RemoteAddr = randRemoteAddr()
@ -160,7 +160,7 @@ func TestRateLimit(t *testing.T) {

 		require.Never(t, func() bool {
 			req := httptest.NewRequest("GET", "/", nil)
-			req.Header.Set(codersdk.SessionCustomHeader, key)
+			req.Header.Set(codersdk.SessionTokenHeader, key)
 			req.Header.Set(codersdk.BypassRatelimitHeader, "true")
 			rec := httptest.NewRecorder()
 			// Assert we're not using IP address.
--- a/coderd/httpmw/templateparam_test.go
+++ b/coderd/httpmw/templateparam_test.go
@ -29,7 +29,7 @@ func TestTemplateParam(t *testing.T) {
 			hashed     = sha256.Sum256([]byte(secret))
 		)
 		r := httptest.NewRequest("GET", "/", nil)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))

 		userID := uuid.New()
 		username, err := cryptorand.String(8)
--- a/coderd/httpmw/templateversionparam_test.go
+++ b/coderd/httpmw/templateversionparam_test.go
@ -29,7 +29,7 @@ func TestTemplateVersionParam(t *testing.T) {
 			hashed     = sha256.Sum256([]byte(secret))
 		)
 		r := httptest.NewRequest("GET", "/", nil)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))

 		userID := uuid.New()
 		username, err := cryptorand.String(8)
--- a/coderd/httpmw/userparam_test.go
+++ b/coderd/httpmw/userparam_test.go
@ -29,7 +29,7 @@ func TestUserParam(t *testing.T) {
 			r          = httptest.NewRequest("GET", "/", nil)
 			rw         = httptest.NewRecorder()
 		)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))

 		user, err := db.InsertUser(r.Context(), database.InsertUserParams{
 			ID:        uuid.New(),
--- a/coderd/httpmw/workspaceagent.go
+++ b/coderd/httpmw/workspaceagent.go
@ -33,7 +33,7 @@ func ExtractWorkspaceAgent(db database.Store) func(http.Handler) http.Handler {
 			tokenValue := apiTokenFromRequest(r)
 			if tokenValue == "" {
 				httpapi.Write(ctx, rw, http.StatusUnauthorized, codersdk.Response{
-					Message: fmt.Sprintf("Cookie %q must be provided.", codersdk.SessionTokenKey),
+					Message: fmt.Sprintf("Cookie %q must be provided.", codersdk.SessionTokenCookie),
 				})
 				return
 			}
--- a/coderd/httpmw/workspaceagent_test.go
+++ b/coderd/httpmw/workspaceagent_test.go
@ -22,7 +22,7 @@ func TestWorkspaceAgent(t *testing.T) {
 	setup := func(db database.Store) (*http.Request, uuid.UUID) {
 		token := uuid.New()
 		r := httptest.NewRequest("GET", "/", nil)
-		r.Header.Set(codersdk.SessionCustomHeader, token.String())
+		r.Header.Set(codersdk.SessionTokenHeader, token.String())
 		return r, token
 	}

--- a/coderd/httpmw/workspaceagentparam_test.go
+++ b/coderd/httpmw/workspaceagentparam_test.go
@ -29,7 +29,7 @@ func TestWorkspaceAgentParam(t *testing.T) {
 			hashed     = sha256.Sum256([]byte(secret))
 		)
 		r := httptest.NewRequest("GET", "/", nil)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))

 		userID := uuid.New()
 		username, err := cryptorand.String(8)
--- a/coderd/httpmw/workspacebuildparam_test.go
+++ b/coderd/httpmw/workspacebuildparam_test.go
@ -29,7 +29,7 @@ func TestWorkspaceBuildParam(t *testing.T) {
 			hashed     = sha256.Sum256([]byte(secret))
 		)
 		r := httptest.NewRequest("GET", "/", nil)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))

 		userID := uuid.New()
 		username, err := cryptorand.String(8)
--- a/coderd/httpmw/workspaceparam_test.go
+++ b/coderd/httpmw/workspaceparam_test.go
@ -32,7 +32,7 @@ func TestWorkspaceParam(t *testing.T) {
 			hashed     = sha256.Sum256([]byte(secret))
 		)
 		r := httptest.NewRequest("GET", "/", nil)
-		r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+		r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))

 		userID := uuid.New()
 		username, err := cryptorand.String(8)
@ -345,7 +345,7 @@ func setupWorkspaceWithAgents(t testing.TB, cfg setupConfig) (database.Store, *h
 		hashed     = sha256.Sum256([]byte(secret))
 	)
 	r := httptest.NewRequest("GET", "/", nil)
-	r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
+	r.Header.Set(codersdk.SessionTokenHeader, fmt.Sprintf("%s-%s", id, secret))

 	userID := uuid.New()
 	username, err := cryptorand.String(8)