MCPcopy Index your code
hub / github.com/coder/coder / getMaxTokenLifetime

Method getMaxTokenLifetime

coderd/apikey.go:542–563  ·  view source on GitHub ↗

getMaxTokenLifetime returns the maximum allowed token lifetime for a user. It distinguishes between regular users and owners.

(ctx context.Context, userID uuid.UUID)

Source from the content-addressed store, hash-verified

540// getMaxTokenLifetime returns the maximum allowed token lifetime for a user.
541// It distinguishes between regular users and owners.
542func (api *API) getMaxTokenLifetime(ctx context.Context, userID uuid.UUID) (time.Duration, error) {
543 subject, _, err := httpmw.UserRBACSubject(ctx, api.Database, userID, rbac.ScopeAll)
544 if err != nil {
545 return 0, xerrors.Errorf("failed to get user rbac subject: %w", err)
546 }
547
548 roles, err := subject.Roles.Expand()
549 if err != nil {
550 return 0, xerrors.Errorf("failed to expand user roles: %w", err)
551 }
552
553 maxLifetime := api.DeploymentValues.Sessions.MaximumTokenDuration.Value()
554 for _, role := range roles {
555 if role.Identifier.Name == codersdk.RoleOwner {
556 // Owners have a different max lifetime.
557 maxLifetime = api.DeploymentValues.Sessions.MaximumAdminTokenDuration.Value()
558 break
559 }
560 }
561
562 return maxLifetime, nil
563}
564
565func (api *API) createAPIKey(ctx context.Context, params apikey.CreateParams) (*http.Cookie, *database.APIKey, error) {
566 key, sessionToken, err := apikey.Generate(params)

Callers 2

tokenConfigMethod · 0.95

Calls 4

UserRBACSubjectFunction · 0.92
ExpandMethod · 0.65
ErrorfMethod · 0.45
ValueMethod · 0.45

Tested by

no test coverage detected