mirror of
https://github.com/coder/coder.git
synced 2025-07-09 11:45:56 +00:00
013f028e55
* feat: Add app support This adds apps as a property to a workspace agent. The resource is added to the Terraform provider here: https://github.com/coder/terraform-provider-coder/pull/17 Apps will be opened in the dashboard or via the CLI with `coder open <name>`. If `command` is specified, a terminal will appear locally and in the web. If `target` is specified, the browser will open to an exposed instance of that target. * Compare fields in apps test * Update Terraform provider to use relative path * Add some basic structure for routing * chore: Remove interface from coderd and lift API surface Abstracting coderd into an interface added misdirection because the interface was never intended to be fulfilled outside of a single implementation. This lifts the abstraction, and attaches all handlers to a root struct named `*coderd.API`. * Add basic proxy logic * Add proxying based on path * Add app proxying for wildcards * Add wsconncache * fix: Race when writing to a closed pipe This is such an intermittent race it's difficult to track, but regardless this is an improvement to the code. * fix: Race when writing to a closed pipe This is such an intermittent race it's difficult to track, but regardless this is an improvement to the code. * fix: Race when writing to a closed pipe This is such an intermittent race it's difficult to track, but regardless this is an improvement to the code. * fix: Race when writing to a closed pipe This is such an intermittent race it's difficult to track, but regardless this is an improvement to the code. * Add workspace route proxying endpoint - Makes the workspace conn cache concurrency-safe - Reduces unnecessary open checks in `peer.Channel` - Fixes the use of a temporary context when dialing a workspace agent * Add embed errors * chore: Refactor site to improve testing It was difficult to develop this package due to the embed build tag being mandatory on the tests. The logic to test doesn't require any embedded files. * Add test for error handler * Remove unused access url * Add RBAC tests * Fix dial agent syntax * Fix linting errors * Fix gen * Fix icon required * Adjust migration number * Fix proxy error status code * Fix empty db lookup
119 lines
3.1 KiB
Go
119 lines
3.1 KiB
Go
package agent
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"net"
|
|
"net/url"
|
|
"strings"
|
|
|
|
"golang.org/x/crypto/ssh"
|
|
"golang.org/x/xerrors"
|
|
|
|
"github.com/coder/coder/peer"
|
|
"github.com/coder/coder/peerbroker/proto"
|
|
)
|
|
|
|
// ReconnectingPTYRequest is sent from the client to the server
|
|
// to pipe data to a PTY.
|
|
type ReconnectingPTYRequest struct {
|
|
Data string `json:"data"`
|
|
Height uint16 `json:"height"`
|
|
Width uint16 `json:"width"`
|
|
}
|
|
|
|
// Conn wraps a peer connection with helper functions to
|
|
// communicate with the agent.
|
|
type Conn struct {
|
|
// Negotiator is responsible for exchanging messages.
|
|
Negotiator proto.DRPCPeerBrokerClient
|
|
|
|
*peer.Conn
|
|
}
|
|
|
|
// ReconnectingPTY returns a connection serving a TTY that can
|
|
// be reconnected to via ID.
|
|
//
|
|
// The command is optional and defaults to start a shell.
|
|
func (c *Conn) ReconnectingPTY(id string, height, width uint16, command string) (net.Conn, error) {
|
|
channel, err := c.CreateChannel(context.Background(), fmt.Sprintf("%s:%d:%d:%s", id, height, width, command), &peer.ChannelOptions{
|
|
Protocol: ProtocolReconnectingPTY,
|
|
})
|
|
if err != nil {
|
|
return nil, xerrors.Errorf("pty: %w", err)
|
|
}
|
|
return channel.NetConn(), nil
|
|
}
|
|
|
|
// SSH dials the built-in SSH server.
|
|
func (c *Conn) SSH() (net.Conn, error) {
|
|
channel, err := c.CreateChannel(context.Background(), "ssh", &peer.ChannelOptions{
|
|
Protocol: ProtocolSSH,
|
|
})
|
|
if err != nil {
|
|
return nil, xerrors.Errorf("dial: %w", err)
|
|
}
|
|
return channel.NetConn(), nil
|
|
}
|
|
|
|
// SSHClient calls SSH to create a client that uses a weak cipher
|
|
// for high throughput.
|
|
func (c *Conn) SSHClient() (*ssh.Client, error) {
|
|
netConn, err := c.SSH()
|
|
if err != nil {
|
|
return nil, xerrors.Errorf("ssh: %w", err)
|
|
}
|
|
sshConn, channels, requests, err := ssh.NewClientConn(netConn, "localhost:22", &ssh.ClientConfig{
|
|
// SSH host validation isn't helpful, because obtaining a peer
|
|
// connection already signifies user-intent to dial a workspace.
|
|
// #nosec
|
|
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
|
|
})
|
|
if err != nil {
|
|
return nil, xerrors.Errorf("ssh conn: %w", err)
|
|
}
|
|
return ssh.NewClient(sshConn, channels, requests), nil
|
|
}
|
|
|
|
// DialContext dials an arbitrary protocol+address from inside the workspace and
|
|
// proxies it through the provided net.Conn.
|
|
func (c *Conn) DialContext(ctx context.Context, network string, addr string) (net.Conn, error) {
|
|
u := &url.URL{
|
|
Scheme: network,
|
|
}
|
|
if strings.HasPrefix(network, "unix") {
|
|
u.Path = addr
|
|
} else {
|
|
u.Host = addr
|
|
}
|
|
|
|
channel, err := c.CreateChannel(ctx, u.String(), &peer.ChannelOptions{
|
|
Protocol: ProtocolDial,
|
|
Unordered: strings.HasPrefix(network, "udp"),
|
|
})
|
|
if err != nil {
|
|
return nil, xerrors.Errorf("create datachannel: %w", err)
|
|
}
|
|
|
|
// The first message written from the other side is a JSON payload
|
|
// containing the dial error.
|
|
dec := json.NewDecoder(channel)
|
|
var res dialResponse
|
|
err = dec.Decode(&res)
|
|
if err != nil {
|
|
return nil, xerrors.Errorf("decode agent dial response: %w", err)
|
|
}
|
|
if res.Error != "" {
|
|
_ = channel.Close()
|
|
return nil, xerrors.Errorf("remote dial error: %v", res.Error)
|
|
}
|
|
|
|
return channel.NetConn(), nil
|
|
}
|
|
|
|
func (c *Conn) Close() error {
|
|
_ = c.Negotiator.DRPCConn().Close()
|
|
return c.Conn.Close()
|
|
}
|