coder

mirror of https://github.com/coder/coder.git synced 2025-07-08 11:39:50 +00:00

Author	SHA1	Message	Date
Kyle Carberry	f75a54cd1e	feat: Support x-forwarded-for headers for IPs (#4684 ) * feat: Support x-forwarded-for headers for IPs Fixes #4430. * Fix realip accepting headers * Fix unused headers	2022-10-23 13:21:49 -05:00
Ammar Bandukwala	423ac04156	coderd: tighten /login rate limiting (#4432 ) * coderd: tighten /login rate limit * coderd: add Bypass rate limit header	2022-10-20 17:01:23 +00:00
Jon Ayers	d0b1c36d51	fix: prevent refreshing tokens that don't exist (#4661 ) - When logging in with Google OIDC refresh tokens are not provided unless explicitly asked for. This PR updates the logic to avoid attempting to refresh the token if a refresh token does not exist. A session should only be dependent on a valid Coder API key, the state of its OAuth token (beyond initial authentication) should be irrelevant.	2022-10-20 00:25:57 -05:00
Garrett Delfosse	3cb2d52a08	fix: issue with token auth (#4483 )	2022-10-11 15:58:28 +00:00
Dean Sheather	6deef06ad2	feat: secure and cross-domain subdomain-based proxying (#4136 ) Co-authored-by: Kyle Carberry <kyle@carberry.com>	2022-09-22 22:30:32 +00:00
Colin Adler	5de6f86959	feat: trace httpapi.{Read,Write} (#4134 )	2022-09-21 17:07:00 -05:00
Dean Sheather	29d804e692	feat: add API key scopes and application_connect scope (#4067 )	2022-09-19 17:39:02 +00:00
Steven Masley	9b5ee8f267	feat: Implement (but not enforce) CSRF for FE requests (#3786 ) Future work is to enforce CSRF Co-authored-by: Presley Pizzo <presley@coder.com>	2022-09-13 15:26:46 -04:00
Jon Ayers	c3eea98db0	fix: use unique ID for linked accounts (#3441 ) - move OAuth-related fields off of api_keys into a new user_links table - restrict users to single form of login - process updates to user email/usernames for OIDC - added a login_type column to users	2022-08-17 18:00:53 -05:00
Jon Ayers	7e9819f2a8	ref: move httpapi.Reponse into codersdk (#2954 )	2022-07-12 19:15:02 -05:00
Kyle Carberry	2c89e07e12	fix: Redirect to login when unauthenticated and requesting a workspace app (#2903 ) Fixes #2884.	2022-07-11 13:46:01 -05:00
Kyle Carberry	4851d932c4	fix: Split host and port before storing IP (#2594 ) The IP was always nil prior, and this fixes the test to check for that as well!	2022-06-26 21:22:03 +00:00
Kyle Carberry	b7eeb436ad	feat: Add `ip_address` to API keys (#2580 ) Fixes #2561.	2022-06-22 17:32:21 +00:00
Steven Masley	af401e3fe1	chore: Linter rule for properly formatted api errors (#2123 ) * chore: Linter rule for properly formatted api errors * Add omitempty to 'Detail' field	2022-06-07 14:33:06 +00:00
Steven Masley	26a2a169df	fix: Suspended users cannot authenticate (#1849 ) * fix: Suspended users cannot authenticate - Merge roles and apikey extract httpmw - Add member account to make dev - feat: UI Shows suspended error logging into suspended account - change 'active' route to 'activate'	2022-05-31 08:06:42 -05:00
Garrett Delfosse	0706c60445	chore: Add watch workspace endpoint (#1493 )	2022-05-18 16:16:26 -05:00
Kyle Carberry	7496c3da81	feat: Add GitHub OAuth (#1050 ) * Initial oauth * Add Github authentication * Add AuthMethods endpoint * Add frontend * Rename basic authentication to password * Add flags for configuring GitHub auth * Remove name from API keys * Fix authmethods in test * Add stories and display auth methods error	2022-04-23 22:58:57 +00:00
Steven Masley	591523a078	chore: Move httpapi, httpmw, & database into `coderd` (#568 ) * chore: Move httpmw to /coderd directory httpmw is specific to coderd and should be scoped under coderd * chore: Move httpapi to /coderd directory httpapi is specific to coderd and should be scoped under coderd * chore: Move database to /coderd directory database is specific to coderd and should be scoped under coderd * chore: Update codecov & gitattributes for generated files * chore: Update Makefile	2022-03-25 16:07:45 -05:00

18 Commits