synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-13 21:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add session expiry control flags (#5976)

Browse Source 
Adds --session-duration which lets admins customize the default session
expiration for browser sessions.

Adds --disable-session-expiry-refresh which allows admins to prevent
session expiry from being automatically bumped upon the API key being
used.
This commit is contained in:
Dean Sheather
2023-02-04 04:38:36 +11:00
committed by GitHub
parent 2285a5e8a0
commit cf9abe3a6c
16 changed files with 225 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
docs/api/general.md
View File

@ -300,6 +300,17 @@ curl -X GET http://coder-server:8080/api/v2/config/deployment \
"usage": "string",
"value": true
},
"disable_session_expiry_refresh": {
"default": true,
"enterprise": true,
"flag": "string",
"hidden": true,
"name": "string",
"secret": true,
"shorthand": "string",
"usage": "string",
"value": true
},
"experimental": {
"default": true,
"enterprise": true,
@ -414,6 +425,17 @@ curl -X GET http://coder-server:8080/api/v2/config/deployment \
"value": "string"
}
},
"max_session_expiry": {
"default": 0,
"enterprise": true,
"flag": "string",
"hidden": true,
"name": "string",
"secret": true,
"shorthand": "string",
"usage": "string",
"value": 0
},
"max_token_lifetime": {
"default": 0,
"enterprise": true,

24
docs/api/schemas.md
View File

@ -1658,6 +1658,17 @@ CreateParameterRequest is a structure used to create a new parameter value for a
"usage": "string",
"value": true
},
"disable_session_expiry_refresh": {
"default": true,
"enterprise": true,
"flag": "string",
"hidden": true,
"name": "string",
"secret": true,
"shorthand": "string",
"usage": "string",
"value": true
},
"experimental": {
"default": true,
"enterprise": true,
@ -1772,6 +1783,17 @@ CreateParameterRequest is a structure used to create a new parameter value for a
"value": "string"
}
},
"max_session_expiry": {
"default": 0,
"enterprise": true,
"flag": "string",
"hidden": true,
"name": "string",
"secret": true,
"shorthand": "string",
"usage": "string",
"value": 0
},
"max_token_lifetime": {
"default": 0,
"enterprise": true,
@ -2417,12 +2439,14 @@ CreateParameterRequest is a structure used to create a new parameter value for a
| `dangerous` | [codersdk.DangerousConfig](#codersdkdangerousconfig) | false | | |
| `derp` | [codersdk.DERP](#codersdkderp) | false | | |
| `disable_path_apps` | [codersdk.DeploymentConfigField-bool](#codersdkdeploymentconfigfield-bool) | false | | |
| `disable_session_expiry_refresh` | [codersdk.DeploymentConfigField-bool](#codersdkdeploymentconfigfield-bool) | false | | |
| `experimental` | [codersdk.DeploymentConfigField-bool](#codersdkdeploymentconfigfield-bool) | false | | Experimental Use Experiments instead. |
| `experiments` | [codersdk.DeploymentConfigField-array_string](#codersdkdeploymentconfigfield-array_string) | false | | |
| `gitauth` | [codersdk.DeploymentConfigField-array_codersdk_GitAuthConfig](#codersdkdeploymentconfigfield-array_codersdk_gitauthconfig) | false | | |
| `http_address` | [codersdk.DeploymentConfigField-string](#codersdkdeploymentconfigfield-string) | false | | |
| `in_memory_database` | [codersdk.DeploymentConfigField-bool](#codersdkdeploymentconfigfield-bool) | false | | |
| `logging` | [codersdk.LoggingConfig](#codersdkloggingconfig) | false | | |
| `max_session_expiry` | [codersdk.DeploymentConfigField-time_Duration](#codersdkdeploymentconfigfield-time_duration) | false | | |
| `max_token_lifetime` | [codersdk.DeploymentConfigField-time_Duration](#codersdkdeploymentconfigfield-time_duration) | false | | |
| `metrics_cache_refresh_interval` | [codersdk.DeploymentConfigField-time_Duration](#codersdkdeploymentconfigfield-time_duration) | false | | |
| `oauth2` | [codersdk.OAuth2Config](#codersdkoauth2config) | false | | |

6
docs/cli/coder_server.md
View File

@ -37,6 +37,8 @@ coder server [flags]
Consumes $CODER_DERP_SERVER_STUN_ADDRESSES (default [stun.l.google.com:19302])
--disable-path-apps Disable workspace apps that are not served from subdomains. Path-based apps can make requests to the Coder API and pose a security risk when the workspace serves malicious JavaScript. This is recommended for security purposes if a --wildcard-access-url is configured.
Consumes $CODER_DISABLE_PATH_APPS
--disable-session-expiry-refresh Disable automatic session expiry bumping due to activity. This forces all sessions to become invalid after the session expiry duration has been reached.
Consumes $CODER_DISABLE_SESSION_EXPIRY_REFRESH
--experiments strings Enable one or more experiments. These are not ready for production. Separate multiple experiments with commas, or enter '*' to opt-in to all available experiments.
Consumes $CODER_EXPERIMENTS
-h, --help help for server
@ -48,7 +50,7 @@ coder server [flags]
Consumes $CODER_LOGGING_JSON
--log-stackdriver string Output Stackdriver compatible logs to a given file.
Consumes $CODER_LOGGING_STACKDRIVER
--max-token-lifetime duration The maximum lifetime duration for any user creating a token.
--max-token-lifetime duration The maximum lifetime duration users can specify when creating an API token.
Consumes $CODER_MAX_TOKEN_LIFETIME (default 720h0m0s)
--oauth2-github-allow-everyone Allow all logins, setting this option means allowed orgs and teams must be empty.
Consumes $CODER_OAUTH2_GITHUB_ALLOW_EVERYONE
@ -110,6 +112,8 @@ coder server [flags]
Consumes $CODER_REDIRECT_TO_ACCESS_URL
--secure-auth-cookie Controls if the 'Secure' property is set on browser session cookies.
Consumes $CODER_SECURE_AUTH_COOKIE
--session-duration duration The token expiry duration for browser sessions. Sessions may last longer if they are actively making requests, but this functionality can be disabled via --disable-session-expiry-refresh.
Consumes $CODER_MAX_SESSION_EXPIRY (default 24h0m0s)
--ssh-keygen-algorithm string The algorithm to use for generating ssh keys. Accepted values are "ed25519", "ecdsa", or "rsa4096".
Consumes $CODER_SSH_KEYGEN_ALGORITHM (default "ed25519")
--swagger-enable Expose the swagger endpoint via /swagger.