workspaceAppsProxyPath proxies requests to a workspace application through a relative URL path.
(rw http.ResponseWriter, r *http.Request)
| 284 | // workspaceAppsProxyPath proxies requests to a workspace application |
| 285 | // through a relative URL path. |
| 286 | func (s *Server) workspaceAppsProxyPath(rw http.ResponseWriter, r *http.Request) { |
| 287 | if s.DisablePathApps { |
| 288 | site.RenderStaticErrorPage(rw, r, site.ErrorPageData{ |
| 289 | Status: http.StatusForbidden, |
| 290 | Title: "Forbidden", |
| 291 | Description: "Path-based applications are disabled on this Coder deployment by the administrator.", |
| 292 | Actions: []site.Action{ |
| 293 | { |
| 294 | URL: s.DashboardURL.String(), |
| 295 | Text: "Back to site", |
| 296 | }, |
| 297 | }, |
| 298 | }) |
| 299 | return |
| 300 | } |
| 301 | |
| 302 | // We don't support @me in path apps since it requires the database to |
| 303 | // lookup the username from token. We used to redirect by doing this lookup. |
| 304 | if chi.URLParam(r, "user") == codersdk.Me { |
| 305 | site.RenderStaticErrorPage(rw, r, site.ErrorPageData{ |
| 306 | Status: http.StatusNotFound, |
| 307 | Title: "Application Not Found", |
| 308 | Description: "Applications must be accessed with the full username, not @me.", |
| 309 | Actions: []site.Action{ |
| 310 | { |
| 311 | URL: s.DashboardURL.String(), |
| 312 | Text: "Back to site", |
| 313 | }, |
| 314 | }, |
| 315 | }) |
| 316 | return |
| 317 | } |
| 318 | |
| 319 | if !s.handleAPIKeySmuggling(rw, r, AccessMethodPath) { |
| 320 | return |
| 321 | } |
| 322 | |
| 323 | // Determine the real path that was hit. The * URL parameter in Chi will not |
| 324 | // include the leading slash if it was present, so we need to add it back. |
| 325 | chiPath := chi.URLParam(r, "*") |
| 326 | basePath := strings.TrimSuffix(r.URL.Path, chiPath) |
| 327 | if strings.HasSuffix(basePath, "/") { |
| 328 | chiPath = "/" + chiPath |
| 329 | } |
| 330 | |
| 331 | // ResolveRequest will only return a new signed token if the actor has the RBAC |
| 332 | // permissions to connect to a workspace. |
| 333 | token, ok := ResolveRequest(rw, r, ResolveRequestOptions{ |
| 334 | Logger: s.Logger, |
| 335 | Cookies: s.cookies, |
| 336 | CookieCfg: s.CookiesConfig, |
| 337 | SignedTokenProvider: s.SignedTokenProvider, |
| 338 | DashboardURL: s.DashboardURL, |
| 339 | PathAppBaseURL: s.AccessURL, |
| 340 | AppHostname: s.Hostname, |
| 341 | AppRequest: Request{ |
| 342 | AccessMethod: AccessMethodPath, |
| 343 | BasePath: basePath, |
nothing calls this directly
no test coverage detected