synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-12 00:14:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,025 Commits 363 Branches 234 Tags
233492b75da75d4df9eb54320b351e18a099a210
Commit Graph

34 Commits

Author SHA1 Message Date
Dean Sheather
0374af23b2 fix(security)!: path-based app sharing changes (#5772) 
This commit disables path-based app sharing by default. It is possible
for a workspace app on a path (not a subdomain) to make API requests to
the Coder API. When accessing your own workspace, this is not much of a
problem. When accessing a shared workspace app, the workspace owner
could include malicious javascript in the page that makes requests to
the Coder API on behalf of the visitor.

This vulnerability does not affect subdomain apps.

- Disables path-based app sharing by default. Previous behavior can be
  restored using the `--dangerous-allow-path-app-sharing` flag which is
  not recommended.

- Disables users with the site "owner" role from accessing path-based
  apps from workspaces they do not own. Previous behavior can be
  restored using the `--dangerous-allow-path-app-site-owner-access` flag
  which is not recommended.

- Adds a flag `--disable-path-apps` which can be used by
  security-conscious admins to disable all path-based apps across the
  entire deployment. This check is enforced at app-access time, not at
  template-ingest time.
 2023-01-18 22:56:14 +00:00
Cian Johnston
56b996532f feat: add --experiments flag to replace --experimental (#5767) 
- Deprecates the --experimental flag
- Adds a new flag --experiments which supports passing multiple comma-separated values or a wildcard value.
- Exposes a new endpoint /api/v2/experiments that returns the list of enabled experiments.
- Deprecates the field Features.Experimental in favour of this new API.
- Updates apidocgen to support type aliases (shoutout to @mtojek).
- Modifies apitypings to support generating slice types.
- Updates develop.sh to pass additional args after -- to $CODERD_SHIM.
 2023-01-18 19:12:53 +00:00
Colin Adler
dcab87358e feat: add stackdriver and json log options to coder server (#5682) 2023-01-12 20:08:23 -06:00
Dean Sheather
5a968e2f93 feat: add flag to disaable all rate limits (#5570) 2023-01-05 18:05:20 +00:00
Ben Potter
04d45f3c1c fix!: remove AUTO_IMPORT_TEMPLATE for Kubernetes installs (#5401) 
* fix!: remove AUTO_IMPORT_TEMPLATE

* chore: remove template auto importing

Co-authored-by: Dean Sheather <dean@deansheather.com>
 2023-01-05 04:04:32 +00:00
Jan Losinski
de0601d611 feat: allow configurable username claim field in OIDC (#5507) 
Co-authored-by: Colin Adler <colin1adler@gmail.com>
 2023-01-04 15:16:31 -06:00
Marcin Tojek
dc6d271293 feat: Build framework for generating API docs (#5383) 
* WIP

* Gen

* WIP

* chi swagger

* WIP

* WIP

* WIP

* GetWorkspaces

* GetWorkspaces

* Markdown

* Use widdershins

* WIP

* WIP

* WIP

* Markdown template

* Fix: makefile

* fmt

* Fix: comment

* Enable swagger conditionally

* fix: site

* Default false

* Flag tests

* fix

* fix

* template fixes

* Fix

* Fix

* Fix

* WIP

* Formatted

* Cleanup

* Templates

* BEGIN END SECTION

* subshell exit code

* Fix

* Fix merge

* WIP

* Fix

* Fix fmt

* Fix

* Generic api.md page

* Fix merge

* Link pages

* Fix

* Fix

* Fix: links

* Add icon

* Write manifest file

* Fix fmt

* Fix: enterprise

* Fix: Swagger.Enable

* Fix: rename apidocs to apidoc

* Fix: find -not -prune

* Fix: json not available

* Fix: rename Coderd API to Coder API

* Fix: npm exec

* Fix: api dir

* Fix: by ID

* Fix: string uuid

* Fix: include deleted

* Fix: indirect go.mod

* Fix: source lib.sh

* Fix: shellcheck

* Fix: pushd popd

* Fix: fmt

* Fix: improve workspaces

* Fix: swagger-enable

* Fix

* Fix: mention only HTTP 200

* Fix: IDs

* Fix: https

* Fix: icon

* More APis

* Fix: format swagger.json

* Fix: SwaggerEndpoint

* Fix: SCRIPT_DIR

* Fix: PROJECT_ROOT

* Fix: use code tags in schemas.md

* Fix: examples

* Fix: examples

* Fix: improve format

* Fix: date-time,enums

* Fix: include_deleted

* Fix: array of

* Fix: parameter, response

* Fix: string time or null

* Workspaces: more docs

* Workspaces: more docs

* Fix: renderDisplayName

* Fix: ActiveUserCount

* Fix

* Fix: typo

* Templates: docs

* Notice: incomplete
 2022-12-19 18:43:46 +01:00
Dean Sheather
31d38d4246 feat: allow http and https listening simultaneously (#5365) 2022-12-15 20:09:19 +00:00
Garrett Delfosse
40a5c0476f feat: add flag for token lifetime (#5385) 2022-12-12 15:39:31 -05:00
Daniel Carrion
061635c36d feat: Allow multiple OIDC domains (#5210) 
Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>
 2022-12-05 20:20:53 +02:00
Colin Adler
ab3b3d5fca feat: add debouncing to provisionerd rpc calls (#5198) 2022-12-01 16:54:53 -06:00
Mathias Fredriksson
d9f2aaf3b4 feat: Add support for update checks and notifications (#4810) 
Co-authored-by: Kira Pilot <kira@coder.com>
 2022-12-01 19:43:28 +02:00
Kyle Carberry
8b73844f69 feat: Validate Git tokens before consuming them (#5167) 
* feat: Validate Git tokens before consuming them

This works the exact same way that the Git credential manager does. It ensures the user token is valid before returning it to the client.

It's been manually tested on GitHub, GitLab, and BitBucket.

* Fix requested changes
 2022-11-29 12:08:27 -06:00
Cian Johnston
a4a319a76e feat: add CODER_OIDC_IGNORE_EMAIL_VERIFIED config knob (#5165) 
* Adds a configuration knob CODER_OIDC_IGNORE_EMAIL_VERIFIED that allows
  ignoring the email_verified OIDC claim
* Adds warning message at startup if CODER_OIDC_IGNORE_EMAIL_VERIFIED=true
* Adds warning whenever an unverified OIDC email is let through
* Skips flaky test on non-linux platforms

Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>
 2022-11-25 10:10:09 +00:00
Mathias Fredriksson
c1ecc91aab feat: Add fallback troubleshooting URL for coder agents (#5005) 2022-11-16 12:53:02 +02:00
Kyle Carberry
fc0a493b72 feat: Add no_refresh option to Git auth configs (#5097) 
This allows organizations to disable refreshing Git tokens
and instead prompt for authentication again.
 2022-11-15 21:06:13 +00:00
Mathias Fredriksson
9fb710a04f feat: Add allow everyone option to GitHub OAuth2 logins (#5086) 
* feat: Add allow everyone option for GitHub OAuth

* fix: Detect team when multiple orgs are present

Co-authored-by: 李董睿煊 <dongruixuan@hotmail.com>
 2022-11-15 18:56:46 +02:00
Ammar Bandukwala
97dbd4dc5d Implement Quotas v3 (#5012) 
* provisioner/terraform: add cost to resource_metadata

* provisionerd/runner: use Options struct

* Complete provisionerd implementation

* Add quota_allowance to groups

* Combine Quota and RBAC licenses

* Add Opts to InTx
 2022-11-14 17:57:33 +00:00
Arthur Normand
9578ce9f77 OAuth now uses client TLS certs (if configured) (#5042) 
* OAuth now uses client TLS certs (if configured)

* Update docs

* Cleaning

* Fix lint errors and generate static files

* Fix lint error and regenerate more static files

* Suppress lint error
 2022-11-13 14:15:06 -06:00
Dean Sheather
8e5af82275 feat: add api-rate-limit flag (#5013) 2022-11-10 21:53:48 +00:00
Dean Sheather
ffc24dcbe0 feat: create tracing.SlogSink for storing logs as span events (#4962) 2022-11-09 12:58:23 -06:00
Garrett Delfosse
2789fb7cac fix: move experimental flag to server (#4959) 2022-11-08 16:59:39 +00:00
Marcin Tojek
16384f8594 feat: Add provisioner force-cancel flag (#4947) 
* feat: Add provisionerd force cancel flag

* Golden files

* Fix: typesGenerated.ts

* Use single struct for Provisioner config
 2022-11-08 14:19:40 +01:00
Colin Adler
4c5bf42355 feat: add option for exporting traces to a provided Honeycomb team (#4816) 2022-11-01 09:15:41 -05:00
Kyle Carberry
b34a67e6cb fix: Allow custom Git OAuth URLs (#4758) 
Fixes an issue reported in Discord where custom endpoints
weren't working.
 2022-10-27 10:38:05 -07:00
Kyle Carberry
eec406b739 feat: Add Git auth for GitHub, GitLab, Azure DevOps, and BitBucket (#4670) 
* Add scaffolding

* Move migration

* Add endpoints for gitauth

* Add configuration files and tests!

* Update typesgen

* Convert configuration format for git auth

* Fix unclosed database conn

* Add overriding VS Code configuration

* Fix Git screen

* Write VS Code special configuration if providers exist

* Enable automatic cloning from VS Code

* Add tests for gitaskpass

* Fix feature visibiliy

* Add banner for too many configurations

* Fix update loop for oauth token

* Jon comments

* Add deployment config page
 2022-10-24 19:46:24 -05:00
Garrett Delfosse
585045b359 feat: support nested structs, structured arrays, and better secret value handling in config (#4727) 2022-10-25 00:11:00 +00:00
Kyle Carberry
c41bdc21cb fix: Add names to config properties for the UI (#4718) 
This was reverted in the configuration PR, which broke the UI.
 2022-10-24 14:37:37 +00:00
Kyle Carberry
f75a54cd1e feat: Support x-forwarded-for headers for IPs (#4684) 
* feat: Support x-forwarded-for headers for IPs

Fixes #4430.

* Fix realip accepting headers

* Fix unused headers
 2022-10-23 13:21:49 -05:00
Kyle Carberry
7bc5b89f7a feat: Support config files with viper (#4696) 2022-10-21 17:08:23 -05:00
Garrett Delfosse
e8537067ef Revert "Revert "Revert "feat: Support config files with viper"" (#4693)" (#4695) 
This reverts commit 372fb1f345.
 2022-10-21 16:07:38 -05:00
Garrett Delfosse
372fb1f345 Revert "Revert "feat: Support config files with viper"" (#4693) 2022-10-21 20:55:20 +00:00
Garrett Delfosse
a2fb444911 Revert "feat: Support config files with viper (#4558)" (#4692) 
This reverts commit c8e299c8f1.
 2022-10-21 20:04:27 +00:00
Garrett Delfosse
c8e299c8f1 feat: Support config files with viper (#4558) 2022-10-21 19:26:39 +00:00