workspaceApplicationAuth is an endpoint on the main router that handles redirects from the subdomain handler. This endpoint is under /api so we don't return the friendly error page here. Any errors on this endpoint should be errors that are unlikely to happen in production unless the user messes wi
(rw http.ResponseWriter, r *http.Request)
| 52 | // @Success 307 |
| 53 | // @Router /api/v2/applications/auth-redirect [get] |
| 54 | func (api *API) workspaceApplicationAuth(rw http.ResponseWriter, r *http.Request) { |
| 55 | ctx := r.Context() |
| 56 | apiKey := httpmw.APIKey(r) |
| 57 | if !api.Authorize(r, policy.ActionCreate, apiKey) { |
| 58 | httpapi.ResourceNotFound(rw) |
| 59 | return |
| 60 | } |
| 61 | |
| 62 | // Get the redirect URI from the query parameters and parse it. |
| 63 | redirectURI := r.URL.Query().Get(workspaceapps.RedirectURIQueryParam) |
| 64 | if redirectURI == "" { |
| 65 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 66 | Message: "Missing redirect_uri query parameter.", |
| 67 | }) |
| 68 | return |
| 69 | } |
| 70 | u, err := url.Parse(redirectURI) |
| 71 | if err != nil { |
| 72 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 73 | Message: "Invalid redirect_uri query parameter.", |
| 74 | Detail: err.Error(), |
| 75 | }) |
| 76 | return |
| 77 | } |
| 78 | |
| 79 | u.Scheme, err = api.ValidWorkspaceAppHostname(ctx, u.Host, ValidWorkspaceAppHostnameOpts{ |
| 80 | // Allow all hosts except primary access URL since we don't need app |
| 81 | // tokens on the primary dashboard URL. |
| 82 | AllowPrimaryAccessURL: false, |
| 83 | AllowPrimaryWildcard: true, |
| 84 | AllowProxyAccessURL: true, |
| 85 | AllowProxyWildcard: true, |
| 86 | }) |
| 87 | if err != nil { |
| 88 | httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{ |
| 89 | Message: "Failed to verify redirect_uri query parameter.", |
| 90 | Detail: err.Error(), |
| 91 | }) |
| 92 | return |
| 93 | } |
| 94 | if u.Scheme == "" { |
| 95 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 96 | Message: "Invalid redirect_uri.", |
| 97 | Detail: "The redirect_uri query parameter must be the primary wildcard app hostname, a workspace proxy access URL or a workspace proxy wildcard app hostname.", |
| 98 | }) |
| 99 | return |
| 100 | } |
| 101 | |
| 102 | // Create the application_connect-scoped API key with the same lifetime as |
| 103 | // the current session. |
| 104 | exp := apiKey.ExpiresAt |
| 105 | lifetimeSeconds := apiKey.LifetimeSeconds |
| 106 | if exp.IsZero() || time.Until(exp) > api.DeploymentValues.Sessions.DefaultDuration.Value() { |
| 107 | exp = dbtime.Now().Add(api.DeploymentValues.Sessions.DefaultDuration.Value()) |
| 108 | lifetimeSeconds = int64(api.DeploymentValues.Sessions.DefaultDuration.Value().Seconds()) |
| 109 | } |
| 110 | cookie, _, err := api.createAPIKey(ctx, apikey.CreateParams{ |
| 111 | UserID: apiKey.UserID, |
nothing calls this directly
no test coverage detected