MCPcopy Index your code
hub / github.com/coder/coder / PrecheckAPIKey

Function PrecheckAPIKey

coderd/httpmw/apikey.go:209–230  ·  view source on GitHub ↗

PrecheckAPIKey extracts and fully validates the API key on every request (if present) and stores the result in context. It never writes error responses and always calls next. The rate limiter reads the stored result to key by user ID and check the Owner bypass header. Downstream ExtractAPIKeyMW rea

(cfg ValidateAPIKeyConfig)

Source from the content-addressed store, hash-verified

207// check the Owner bypass header. Downstream ExtractAPIKeyMW reads
208// it to avoid redundant DB lookups and validation.
209func PrecheckAPIKey(cfg ValidateAPIKeyConfig) func(http.Handler) http.Handler {
210 return func(next http.Handler) http.Handler {
211 return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
212 ctx := r.Context()
213
214 // Already prechecked (shouldn't happen, but guard).
215 if _, ok := ctx.Value(apiKeyPrecheckedContextKey{}).(APIKeyPrechecked); ok {
216 next.ServeHTTP(rw, r)
217 return
218 }
219
220 result, valErr := ValidateAPIKey(ctx, cfg, r)
221
222 prechecked := APIKeyPrechecked{
223 Result: result,
224 Err: valErr,
225 }
226 ctx = context.WithValue(ctx, apiKeyPrecheckedContextKey{}, prechecked)
227 next.ServeHTTP(rw, r.WithContext(ctx))
228 })
229 }
230}
231
232// ValidateAPIKey extracts and validates the API key from the
233// request. It performs all security-critical checks:

Callers

nothing calls this directly

Calls 5

ValidateAPIKeyFunction · 0.85
WithContextMethod · 0.80
ContextMethod · 0.65
ValueMethod · 0.45
ServeHTTPMethod · 0.45

Tested by

no test coverage detected