MCPcopy Index your code
hub / github.com/coder/coder / Issue

Method Issue

coderd/workspaceapps/db.go:92–262  ·  view source on GitHub ↗
(ctx context.Context, rw http.ResponseWriter, r *http.Request, issueReq IssueTokenRequest)

Source from the content-addressed store, hash-verified

90}
91
92func (p *DBTokenProvider) Issue(ctx context.Context, rw http.ResponseWriter, r *http.Request, issueReq IssueTokenRequest) (*SignedToken, string, bool) {
93 // nolint:gocritic // We need to make a number of database calls. Setting a system context here
94 // // is simpler than calling dbauthz.AsSystemRestricted on every call.
95 // // dangerousSystemCtx is only used for database calls. The actual authentication
96 // // logic is handled in Provider.authorizeWorkspaceApp which directly checks the actor's
97 // // permissions.
98 dangerousSystemCtx := dbauthz.AsSystemRestricted(ctx)
99
100 aReq, commitAudit := p.connLogInitRequest(rw, r)
101 defer commitAudit()
102
103 appReq := issueReq.AppRequest.Normalize()
104 err := appReq.Check()
105 if err != nil {
106 WriteWorkspaceApp500(p.Logger, p.DashboardURL, rw, r, &appReq, err, "invalid app request")
107 return nil, "", false
108 }
109
110 token := SignedToken{
111 Request: appReq,
112 }
113
114 // We use the regular API apiKey extraction middleware fn here to avoid any
115 // differences in behavior between the two.
116 apiKey, authz, ok := httpmw.ExtractAPIKey(rw, r, httpmw.ExtractAPIKeyConfig{
117 DB: p.Database,
118 OAuth2Configs: p.OAuth2Configs,
119 RedirectToLogin: false,
120 DisableSessionExpiryRefresh: p.DeploymentValues.Sessions.DisableExpiryRefresh.Value(),
121 // Optional is true to allow for public apps. If the authorization check
122 // (later on) fails and the user is not authenticated, they will be
123 // redirected to the login page or app auth endpoint using code below.
124 Optional: true,
125 SessionTokenFunc: func(_ *http.Request) string {
126 return issueReq.SessionToken
127 },
128 })
129 if !ok {
130 return nil, "", false
131 }
132
133 aReq.apiKey = apiKey // Update audit request.
134
135 // Lookup workspace app details from DB.
136 dbReq, err := appReq.getDatabase(dangerousSystemCtx, p.Database)
137 switch {
138 case xerrors.Is(err, sql.ErrNoRows):
139 WriteWorkspaceApp404(p.Logger, p.DashboardURL, rw, r, &appReq, nil, err.Error())
140 return nil, "", false
141 case xerrors.Is(err, errWorkspaceStopped):
142 WriteWorkspaceOffline(p.Logger, p.DashboardURL, rw, r, &appReq)
143 return nil, "", false
144 case err != nil:
145 WriteWorkspaceApp500(p.Logger, p.DashboardURL, rw, r, &appReq, err, "get app details from database")
146 return nil, "", false
147 }
148
149 aReq.dbReq = dbReq // Update audit request.

Callers

nothing calls this directly

Calls 15

connLogInitRequestMethod · 0.95
authorizeRequestMethod · 0.95
MatchesRequestMethod · 0.95
AsSystemRestrictedFunction · 0.92
ExtractAPIKeyFunction · 0.92
CORSBehaviorTypeAlias · 0.92
ResourceNotFoundFunction · 0.92
RedirectToLoginFunction · 0.92
NowFunction · 0.92
SignFunction · 0.92
WriteWorkspaceApp500Function · 0.85
WriteWorkspaceApp404Function · 0.85

Tested by

no test coverage detected