chore: replace wsconncache with a single tailnet (#8176)

coderd/workspaceapps/proxy.go

@@ -23,7 +23,6 @@ import (
 	"github.com/coder/coder/coderd/httpmw"
 	"github.com/coder/coder/coderd/tracing"
 	"github.com/coder/coder/coderd/util/slice"
-	"github.com/coder/coder/coderd/wsconncache"
 	"github.com/coder/coder/codersdk"
 	"github.com/coder/coder/site"
 )
@@ -61,6 +60,22 @@ var nonCanonicalHeaders = map[string]string{
 	"Sec-Websocket-Version":    "Sec-WebSocket-Version",
 }
 
+type AgentProvider interface {
+	// ReverseProxy returns an httputil.ReverseProxy for proxying HTTP requests
+	// to the specified agent.
+	//
+	// TODO: after wsconncache is deleted this doesn't need to return an error.
+	ReverseProxy(targetURL, dashboardURL *url.URL, agentID uuid.UUID) (_ *httputil.ReverseProxy, release func(), _ error)
+
+	// AgentConn returns a new connection to the specified agent.
+	//
+	// TODO: after wsconncache is deleted this doesn't need to return a release
+	// func.
+	AgentConn(ctx context.Context, agentID uuid.UUID) (_ *codersdk.WorkspaceAgentConn, release func(), _ error)
+
+	Close() error
+}
+
 // Server serves workspace apps endpoints, including:
 // - Path-based apps
 // - Subdomain app middleware
@@ -83,7 +98,6 @@ type Server struct {
 	RealIPConfig  *httpmw.RealIPConfig
 
 	SignedTokenProvider SignedTokenProvider
-	WorkspaceConnCache  *wsconncache.Cache
 	AppSecurityKey      SecurityKey
 
 	// DisablePathApps disables path-based apps. This is a security feature as path
@@ -95,6 +109,8 @@ type Server struct {
 	DisablePathApps  bool
 	SecureAuthCookie bool
 
+	AgentProvider AgentProvider
+
 	websocketWaitMutex sync.Mutex
 	websocketWaitGroup sync.WaitGroup
 }
@@ -106,8 +122,8 @@ func (s *Server) Close() error {
 	s.websocketWaitGroup.Wait()
 	s.websocketWaitMutex.Unlock()
 
-	// The caller must close the SignedTokenProvider (if necessary) and the
-	// wsconncache.
+	// The caller must close the SignedTokenProvider and the AgentProvider (if
+	// necessary).
 
 	return nil
 }
@@ -517,18 +533,7 @@ func (s *Server) proxyWorkspaceApp(rw http.ResponseWriter, r *http.Request, appT
 	r.URL.Path = path
 	appURL.RawQuery = ""
 
-	proxy := httputil.NewSingleHostReverseProxy(appURL)
-	proxy.ErrorHandler = func(w http.ResponseWriter, r *http.Request, err error) {
-		site.RenderStaticErrorPage(rw, r, site.ErrorPageData{
-			Status:       http.StatusBadGateway,
-			Title:        "Bad Gateway",
-			Description:  "Failed to proxy request to application: " + err.Error(),
-			RetryEnabled: true,
-			DashboardURL: s.DashboardURL.String(),
-		})
-	}
-
-	conn, release, err := s.WorkspaceConnCache.Acquire(appToken.AgentID)
+	proxy, release, err := s.AgentProvider.ReverseProxy(appURL, s.DashboardURL, appToken.AgentID)
 	if err != nil {
 		site.RenderStaticErrorPage(rw, r, site.ErrorPageData{
 			Status:       http.StatusBadGateway,
@@ -540,7 +545,6 @@ func (s *Server) proxyWorkspaceApp(rw http.ResponseWriter, r *http.Request, appT
 		return
 	}
 	defer release()
-	proxy.Transport = conn.HTTPTransport()
 
 	proxy.ModifyResponse = func(r *http.Response) error {
 		r.Header.Del(httpmw.AccessControlAllowOriginHeader)
@@ -658,13 +662,14 @@ func (s *Server) workspaceAgentPTY(rw http.ResponseWriter, r *http.Request) {
 
 	go httpapi.Heartbeat(ctx, conn)
 
-	agentConn, release, err := s.WorkspaceConnCache.Acquire(appToken.AgentID)
+	agentConn, release, err := s.AgentProvider.AgentConn(ctx, appToken.AgentID)
 	if err != nil {
 		log.Debug(ctx, "dial workspace agent", slog.Error(err))
 		_ = conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("dial workspace agent: %s", err))
 		return
 	}
 	defer release()
+	defer agentConn.Close()
 	log.Debug(ctx, "dialed workspace agent")
 	ptNetConn, err := agentConn.ReconnectingPTY(ctx, reconnect, uint16(height), uint16(width), r.URL.Query().Get("command"))
 	if err != nil {