MCPcopy Index your code
hub / github.com/coder/coder / ExtractOAuth2ProviderAppSecret

Function ExtractOAuth2ProviderAppSecret

coderd/httpmw/oauth2.go:383–417  ·  view source on GitHub ↗

ExtractOAuth2ProviderAppSecret grabs an OAuth2 app secret from the "app" and "secret" URL parameters. This middleware requires the ExtractOAuth2ProviderApp middleware higher in the stack

(db database.Store)

Source from the content-addressed store, hash-verified

381// "secret" URL parameters. This middleware requires the ExtractOAuth2ProviderApp
382// middleware higher in the stack
383func ExtractOAuth2ProviderAppSecret(db database.Store) func(http.Handler) http.Handler {
384 return func(next http.Handler) http.Handler {
385 return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
386 ctx := r.Context()
387 secretID, ok := ParseUUIDParam(rw, r, "secretID")
388 if !ok {
389 return
390 }
391 app := OAuth2ProviderApp(r)
392 secret, err := db.GetOAuth2ProviderAppSecretByID(ctx, secretID)
393 if httpapi.Is404Error(err) {
394 httpapi.ResourceNotFound(rw)
395 return
396 }
397 if err != nil {
398 httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
399 Message: "Internal error fetching OAuth2 app secret.",
400 Detail: err.Error(),
401 })
402 return
403 }
404 // If the user can read the secret they can probably also read the app it
405 // belongs to and they can read this app as well, so it seems safe to give
406 // them a more helpful message than a 404 on mismatches.
407 if app.ID != secret.AppID {
408 httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
409 Message: "App ID does not match secret app ID.",
410 })
411 return
412 }
413 ctx = context.WithValue(ctx, oauth2ProviderAppSecretParamContextKey{}, secret)
414 next.ServeHTTP(rw, r.WithContext(ctx))
415 })
416 }
417}
418
419func uriFromURL(u string) string {
420 uri, err := url.Parse(u)

Callers

nothing calls this directly

Calls 10

Is404ErrorFunction · 0.92
ResourceNotFoundFunction · 0.92
WriteFunction · 0.92
ParseUUIDParamFunction · 0.85
WithContextMethod · 0.80
OAuth2ProviderAppFunction · 0.70
ContextMethod · 0.65
ErrorMethod · 0.45
ServeHTTPMethod · 0.45

Tested by

no test coverage detected