@title Coder API @version 2.0 @description Coderd is the service created by running coder server. It is a thin API that connects workspaces, provisioners and users. coderd stores its state in Postgres and is the only service that communicates with Postgres. @termsOfService https://coder.com/legal/te
(options *Options)
| 327 | // @name Coder-Session-Token |
| 328 | // New constructs a Coder API handler. |
| 329 | func New(options *Options) *API { |
| 330 | if options == nil { |
| 331 | options = &Options{} |
| 332 | } |
| 333 | if options.Entitlements == nil { |
| 334 | options.Entitlements = entitlements.New() |
| 335 | } |
| 336 | if options.NewTicker == nil { |
| 337 | options.NewTicker = func(duration time.Duration) (tick <-chan time.Time, done func()) { |
| 338 | ticker := time.NewTicker(duration) |
| 339 | return ticker.C, ticker.Stop |
| 340 | } |
| 341 | } |
| 342 | |
| 343 | // Safety check: if we're not running a unit test, we *must* have a Prometheus registry. |
| 344 | if options.PrometheusRegistry == nil && flag.Lookup("test.v") == nil { |
| 345 | panic("developer error: options.PrometheusRegistry is nil and not running a unit test") |
| 346 | } |
| 347 | |
| 348 | if options.DeploymentValues.DisableOwnerWorkspaceExec || options.DeploymentValues.DisableWorkspaceSharing || options.DeploymentValues.DisableChatSharing { |
| 349 | rbac.ReloadBuiltinRoles(&rbac.RoleOptions{ |
| 350 | NoOwnerWorkspaceExec: bool(options.DeploymentValues.DisableOwnerWorkspaceExec), |
| 351 | NoWorkspaceSharing: bool(options.DeploymentValues.DisableWorkspaceSharing), |
| 352 | NoChatSharing: bool(options.DeploymentValues.DisableChatSharing), |
| 353 | }) |
| 354 | } |
| 355 | |
| 356 | if options.DeploymentValues.DisableWorkspaceSharing { |
| 357 | rbac.SetWorkspaceACLDisabled(true) |
| 358 | } |
| 359 | if options.DeploymentValues.DisableChatSharing { |
| 360 | rbac.SetChatACLDisabled(true) |
| 361 | } |
| 362 | |
| 363 | if options.PrometheusRegistry == nil { |
| 364 | options.PrometheusRegistry = prometheus.NewRegistry() |
| 365 | options.PrometheusRegistry.MustRegister(collectors.NewGoCollector()) |
| 366 | } |
| 367 | if options.Authorizer == nil { |
| 368 | options.Authorizer = rbac.NewCachingAuthorizer(options.PrometheusRegistry) |
| 369 | if buildinfo.IsDev() { |
| 370 | options.Authorizer = rbac.Recorder(options.Authorizer) |
| 371 | } |
| 372 | } |
| 373 | |
| 374 | if options.AccessControlStore == nil { |
| 375 | options.AccessControlStore = &atomic.Pointer[dbauthz.AccessControlStore]{} |
| 376 | var tacs dbauthz.AccessControlStore = dbauthz.AGPLTemplateAccessControlStore{} |
| 377 | options.AccessControlStore.Store(&tacs) |
| 378 | } |
| 379 | |
| 380 | options.Database = dbauthz.New( |
| 381 | options.Database, |
| 382 | options.Authorizer, |
| 383 | options.Logger.Named("authz_querier"), |
| 384 | options.AccessControlStore, |
| 385 | ) |
| 386 |