MCPcopy Index your code
hub / github.com/coder/coder / workspaceAppsProxyPath

Method workspaceAppsProxyPath

coderd/workspaceapps/proxy.go:286–359  ·  view source on GitHub ↗

workspaceAppsProxyPath proxies requests to a workspace application through a relative URL path.

(rw http.ResponseWriter, r *http.Request)

Source from the content-addressed store, hash-verified

284// workspaceAppsProxyPath proxies requests to a workspace application
285// through a relative URL path.
286func (s *Server) workspaceAppsProxyPath(rw http.ResponseWriter, r *http.Request) {
287 if s.DisablePathApps {
288 site.RenderStaticErrorPage(rw, r, site.ErrorPageData{
289 Status: http.StatusForbidden,
290 Title: "Forbidden",
291 Description: "Path-based applications are disabled on this Coder deployment by the administrator.",
292 Actions: []site.Action{
293 {
294 URL: s.DashboardURL.String(),
295 Text: "Back to site",
296 },
297 },
298 })
299 return
300 }
301
302 // We don't support @me in path apps since it requires the database to
303 // lookup the username from token. We used to redirect by doing this lookup.
304 if chi.URLParam(r, "user") == codersdk.Me {
305 site.RenderStaticErrorPage(rw, r, site.ErrorPageData{
306 Status: http.StatusNotFound,
307 Title: "Application Not Found",
308 Description: "Applications must be accessed with the full username, not @me.",
309 Actions: []site.Action{
310 {
311 URL: s.DashboardURL.String(),
312 Text: "Back to site",
313 },
314 },
315 })
316 return
317 }
318
319 if !s.handleAPIKeySmuggling(rw, r, AccessMethodPath) {
320 return
321 }
322
323 // Determine the real path that was hit. The * URL parameter in Chi will not
324 // include the leading slash if it was present, so we need to add it back.
325 chiPath := chi.URLParam(r, "*")
326 basePath := strings.TrimSuffix(r.URL.Path, chiPath)
327 if strings.HasSuffix(basePath, "/") {
328 chiPath = "/" + chiPath
329 }
330
331 // ResolveRequest will only return a new signed token if the actor has the RBAC
332 // permissions to connect to a workspace.
333 token, ok := ResolveRequest(rw, r, ResolveRequestOptions{
334 Logger: s.Logger,
335 Cookies: s.cookies,
336 CookieCfg: s.CookiesConfig,
337 SignedTokenProvider: s.SignedTokenProvider,
338 DashboardURL: s.DashboardURL,
339 PathAppBaseURL: s.AccessURL,
340 AppHostname: s.Hostname,
341 AppRequest: Request{
342 AccessMethod: AccessMethodPath,
343 BasePath: basePath,

Callers

nothing calls this directly

Calls 5

handleAPIKeySmugglingMethod · 0.95
proxyWorkspaceAppMethod · 0.95
RenderStaticErrorPageFunction · 0.92
ResolveRequestFunction · 0.85
StringMethod · 0.45

Tested by

no test coverage detected