(ctx context.Context, psk string, next http.Handler, w http.ResponseWriter, r *http.Request, handleOptional func(code int, response codersdk.Response))
| 115 | } |
| 116 | |
| 117 | func fallbackToPSK(ctx context.Context, psk string, next http.Handler, w http.ResponseWriter, r *http.Request, handleOptional func(code int, response codersdk.Response)) { |
| 118 | token := r.Header.Get(codersdk.ProvisionerDaemonPSK) |
| 119 | if subtle.ConstantTimeCompare([]byte(token), []byte(psk)) != 1 { |
| 120 | handleOptional(http.StatusUnauthorized, codersdk.Response{ |
| 121 | Message: "provisioner daemon psk invalid", |
| 122 | }) |
| 123 | return |
| 124 | } |
| 125 | |
| 126 | // The PSK does not indicate a specific provisioner daemon. So just |
| 127 | // store a boolean so the caller can check if the request is from an |
| 128 | // authenticated provisioner daemon. |
| 129 | ctx = context.WithValue(ctx, provisionerDaemonContextKey{}, true) |
| 130 | // nolint:gocritic // Authenticating as a provisioner daemon. |
| 131 | ctx = dbauthz.AsProvisionerd(ctx) |
| 132 | next.ServeHTTP(w, r.WithContext(ctx)) |
| 133 | } |
no test coverage detected