feat: add --derp-only flag to wsproxy (#8850)

2025-07-03 16:13:58 +00:00 · 2023-08-02 07:35:06 -07:00
parent d6e9870209
commit cd1e088f7c
22 changed files with 234 additions and 40 deletions
--- a/coderd/database/dbfake/dbfake.go
+++ b/coderd/database/dbfake/dbfake.go
@ -4164,6 +4164,7 @@ func (q *FakeQuerier) InsertWorkspaceProxy(_ context.Context, arg database.Inser
 		DisplayName:       arg.DisplayName,
 		Icon:              arg.Icon,
 		DerpEnabled:       arg.DerpEnabled,
+		DerpOnly:          arg.DerpOnly,
 		TokenHashedSecret: arg.TokenHashedSecret,
 		RegionID:          lastRegionID + 1,
 		CreatedAt:         arg.CreatedAt,
@ -4238,6 +4239,7 @@ func (q *FakeQuerier) RegisterWorkspaceProxy(_ context.Context, arg database.Reg
 			p.Url = arg.Url
 			p.WildcardHostname = arg.WildcardHostname
 			p.DerpEnabled = arg.DerpEnabled
+			p.DerpOnly = arg.DerpOnly
 			p.UpdatedAt = database.Now()
 			q.workspaceProxies[i] = p
 			return p, nil
--- a/coderd/database/dump.sql
+++ b/coderd/database/dump.sql
@ -878,7 +878,8 @@ CREATE TABLE workspace_proxies (
    deleted boolean NOT NULL,
    token_hashed_secret bytea NOT NULL,
    region_id integer NOT NULL,
-    derp_enabled boolean DEFAULT true NOT NULL
+    derp_enabled boolean DEFAULT true NOT NULL,
+    derp_only boolean DEFAULT false NOT NULL
 );

 COMMENT ON COLUMN workspace_proxies.icon IS 'Expects an emoji character. (/emojis/1f1fa-1f1f8.png)';
@ -891,6 +892,8 @@ COMMENT ON COLUMN workspace_proxies.deleted IS 'Boolean indicator of a deleted w

 COMMENT ON COLUMN workspace_proxies.token_hashed_secret IS 'Hashed secret is used to authenticate the workspace proxy using a session token.';

+COMMENT ON COLUMN workspace_proxies.derp_only IS 'Disables app/terminal proxying for this proxy and only acts as a DERP relay.';
+
 CREATE SEQUENCE workspace_proxies_region_id_seq
    AS integer
    START WITH 1
--- a/coderd/database/migrations/000144_proxy_derp_only.down.sql
+++ b/coderd/database/migrations/000144_proxy_derp_only.down.sql
@ -0,0 +1 @@
+ALTER TABLE workspace_proxies DROP COLUMN derp_only;
--- a/coderd/database/migrations/000144_proxy_derp_only.up.sql
+++ b/coderd/database/migrations/000144_proxy_derp_only.up.sql
@ -0,0 +1,8 @@
+BEGIN;
+
+ALTER TABLE workspace_proxies
+	ADD COLUMN "derp_only" BOOLEAN NOT NULL DEFAULT false;
+
+COMMENT ON COLUMN workspace_proxies.derp_only IS 'Disables app/terminal proxying for this proxy and only acts as a DERP relay.';
+
+COMMIT;
--- a/coderd/database/models.go
+++ b/coderd/database/models.go
@ -2014,6 +2014,8 @@ type WorkspaceProxy struct {
 	TokenHashedSecret []byte `db:"token_hashed_secret" json:"token_hashed_secret"`
 	RegionID          int32  `db:"region_id" json:"region_id"`
 	DerpEnabled       bool   `db:"derp_enabled" json:"derp_enabled"`
+	// Disables app/terminal proxying for this proxy and only acts as a DERP relay.
+	DerpOnly bool `db:"derp_only" json:"derp_only"`
 }

 type WorkspaceResource struct {
--- a/coderd/database/queries.sql.go
+++ b/coderd/database/queries.sql.go
@ -2848,7 +2848,7 @@ func (q *sqlQuerier) UpdateProvisionerJobWithCompleteByID(ctx context.Context, a

 const getWorkspaceProxies = `-- name: GetWorkspaceProxies :many
 SELECT
-	id, name, display_name, icon, url, wildcard_hostname, created_at, updated_at, deleted, token_hashed_secret, region_id, derp_enabled
+	id, name, display_name, icon, url, wildcard_hostname, created_at, updated_at, deleted, token_hashed_secret, region_id, derp_enabled, derp_only
 FROM
 	workspace_proxies
 WHERE
@ -2877,6 +2877,7 @@ func (q *sqlQuerier) GetWorkspaceProxies(ctx context.Context) ([]WorkspaceProxy,
 			&i.TokenHashedSecret,
 			&i.RegionID,
 			&i.DerpEnabled,
+			&i.DerpOnly,
 		); err != nil {
 			return nil, err
 		}
@ -2893,7 +2894,7 @@ func (q *sqlQuerier) GetWorkspaceProxies(ctx context.Context) ([]WorkspaceProxy,

 const getWorkspaceProxyByHostname = `-- name: GetWorkspaceProxyByHostname :one
 SELECT
-	id, name, display_name, icon, url, wildcard_hostname, created_at, updated_at, deleted, token_hashed_secret, region_id, derp_enabled
+	id, name, display_name, icon, url, wildcard_hostname, created_at, updated_at, deleted, token_hashed_secret, region_id, derp_enabled, derp_only
 FROM
 	workspace_proxies
 WHERE
@ -2951,13 +2952,14 @@ func (q *sqlQuerier) GetWorkspaceProxyByHostname(ctx context.Context, arg GetWor
 		&i.TokenHashedSecret,
 		&i.RegionID,
 		&i.DerpEnabled,
+		&i.DerpOnly,
 	)
 	return i, err
 }

 const getWorkspaceProxyByID = `-- name: GetWorkspaceProxyByID :one
 SELECT
-	id, name, display_name, icon, url, wildcard_hostname, created_at, updated_at, deleted, token_hashed_secret, region_id, derp_enabled
+	id, name, display_name, icon, url, wildcard_hostname, created_at, updated_at, deleted, token_hashed_secret, region_id, derp_enabled, derp_only
 FROM
 	workspace_proxies
 WHERE
@ -2982,13 +2984,14 @@ func (q *sqlQuerier) GetWorkspaceProxyByID(ctx context.Context, id uuid.UUID) (W
 		&i.TokenHashedSecret,
 		&i.RegionID,
 		&i.DerpEnabled,
+		&i.DerpOnly,
 	)
 	return i, err
 }

 const getWorkspaceProxyByName = `-- name: GetWorkspaceProxyByName :one
 SELECT
-	id, name, display_name, icon, url, wildcard_hostname, created_at, updated_at, deleted, token_hashed_secret, region_id, derp_enabled
+	id, name, display_name, icon, url, wildcard_hostname, created_at, updated_at, deleted, token_hashed_secret, region_id, derp_enabled, derp_only
 FROM
 	workspace_proxies
 WHERE
@ -3014,6 +3017,7 @@ func (q *sqlQuerier) GetWorkspaceProxyByName(ctx context.Context, name string) (
 		&i.TokenHashedSecret,
 		&i.RegionID,
 		&i.DerpEnabled,
+		&i.DerpOnly,
 	)
 	return i, err
 }
@ -3028,13 +3032,14 @@ INSERT INTO
 		display_name,
 		icon,
 		derp_enabled,
+		derp_only,
 		token_hashed_secret,
 		created_at,
 		updated_at,
 		deleted
 	)
 VALUES
-	($1, '', '', $2, $3, $4, $5, $6, $7, $8, false) RETURNING id, name, display_name, icon, url, wildcard_hostname, created_at, updated_at, deleted, token_hashed_secret, region_id, derp_enabled
+	($1, '', '', $2, $3, $4, $5, $6, $7, $8, $9, false) RETURNING id, name, display_name, icon, url, wildcard_hostname, created_at, updated_at, deleted, token_hashed_secret, region_id, derp_enabled, derp_only
 `

 type InsertWorkspaceProxyParams struct {
@ -3043,6 +3048,7 @@ type InsertWorkspaceProxyParams struct {
 	DisplayName       string    `db:"display_name" json:"display_name"`
 	Icon              string    `db:"icon" json:"icon"`
 	DerpEnabled       bool      `db:"derp_enabled" json:"derp_enabled"`
+	DerpOnly          bool      `db:"derp_only" json:"derp_only"`
 	TokenHashedSecret []byte    `db:"token_hashed_secret" json:"token_hashed_secret"`
 	CreatedAt         time.Time `db:"created_at" json:"created_at"`
 	UpdatedAt         time.Time `db:"updated_at" json:"updated_at"`
@ -3055,6 +3061,7 @@ func (q *sqlQuerier) InsertWorkspaceProxy(ctx context.Context, arg InsertWorkspa
 		arg.DisplayName,
 		arg.Icon,
 		arg.DerpEnabled,
+		arg.DerpOnly,
 		arg.TokenHashedSecret,
 		arg.CreatedAt,
 		arg.UpdatedAt,
@ -3073,6 +3080,7 @@ func (q *sqlQuerier) InsertWorkspaceProxy(ctx context.Context, arg InsertWorkspa
 		&i.TokenHashedSecret,
 		&i.RegionID,
 		&i.DerpEnabled,
+		&i.DerpOnly,
 	)
 	return i, err
 }
@ -3084,16 +3092,18 @@ SET
 	url = $1 :: text,
 	wildcard_hostname = $2 :: text,
 	derp_enabled = $3 :: boolean,
+	derp_only = $4 :: boolean,
 	updated_at = Now()
 WHERE
-	id = $4
-RETURNING id, name, display_name, icon, url, wildcard_hostname, created_at, updated_at, deleted, token_hashed_secret, region_id, derp_enabled
+	id = $5
+RETURNING id, name, display_name, icon, url, wildcard_hostname, created_at, updated_at, deleted, token_hashed_secret, region_id, derp_enabled, derp_only
 `

 type RegisterWorkspaceProxyParams struct {
 	Url              string    `db:"url" json:"url"`
 	WildcardHostname string    `db:"wildcard_hostname" json:"wildcard_hostname"`
 	DerpEnabled      bool      `db:"derp_enabled" json:"derp_enabled"`
+	DerpOnly         bool      `db:"derp_only" json:"derp_only"`
 	ID               uuid.UUID `db:"id" json:"id"`
 }

@ -3102,6 +3112,7 @@ func (q *sqlQuerier) RegisterWorkspaceProxy(ctx context.Context, arg RegisterWor
 		arg.Url,
 		arg.WildcardHostname,
 		arg.DerpEnabled,
+		arg.DerpOnly,
 		arg.ID,
 	)
 	var i WorkspaceProxy
@ -3118,6 +3129,7 @@ func (q *sqlQuerier) RegisterWorkspaceProxy(ctx context.Context, arg RegisterWor
 		&i.TokenHashedSecret,
 		&i.RegionID,
 		&i.DerpEnabled,
+		&i.DerpOnly,
 	)
 	return i, err
 }
@ -3140,7 +3152,7 @@ SET
 	updated_at = Now()
 WHERE
 	id = $5
-RETURNING id, name, display_name, icon, url, wildcard_hostname, created_at, updated_at, deleted, token_hashed_secret, region_id, derp_enabled
+RETURNING id, name, display_name, icon, url, wildcard_hostname, created_at, updated_at, deleted, token_hashed_secret, region_id, derp_enabled, derp_only
 `

 type UpdateWorkspaceProxyParams struct {
@ -3174,6 +3186,7 @@ func (q *sqlQuerier) UpdateWorkspaceProxy(ctx context.Context, arg UpdateWorkspa
 		&i.TokenHashedSecret,
 		&i.RegionID,
 		&i.DerpEnabled,
+		&i.DerpOnly,
 	)
 	return i, err
 }
--- a/coderd/database/queries/proxies.sql
+++ b/coderd/database/queries/proxies.sql
@ -8,13 +8,14 @@ INSERT INTO
 		display_name,
 		icon,
 		derp_enabled,
+		derp_only,
 		token_hashed_secret,
 		created_at,
 		updated_at,
 		deleted
 	)
 VALUES
-	($1, '', '', $2, $3, $4, $5, $6, $7, $8, false) RETURNING *;
+	($1, '', '', $2, $3, $4, $5, $6, $7, $8, $9, false) RETURNING *;

 -- name: RegisterWorkspaceProxy :one
 UPDATE
@ -23,6 +24,7 @@ SET
 	url = @url :: text,
 	wildcard_hostname = @wildcard_hostname :: text,
 	derp_enabled = @derp_enabled :: boolean,
+	derp_only = @derp_only :: boolean,
 	updated_at = Now()
 WHERE
 	id = @id
				`@ -0,0 +1 @@`
				`ALTER TABLE workspace_proxies DROP COLUMN derp_only;`