MCPcopy Index your code
hub / github.com/coder/coder / workspaceApplicationAuth

Method workspaceApplicationAuth

coderd/workspaceapps.go:54–145  ·  view source on GitHub ↗

workspaceApplicationAuth is an endpoint on the main router that handles redirects from the subdomain handler. This endpoint is under /api so we don't return the friendly error page here. Any errors on this endpoint should be errors that are unlikely to happen in production unless the user messes wi

(rw http.ResponseWriter, r *http.Request)

Source from the content-addressed store, hash-verified

52// @Success 307
53// @Router /api/v2/applications/auth-redirect [get]
54func (api *API) workspaceApplicationAuth(rw http.ResponseWriter, r *http.Request) {
55 ctx := r.Context()
56 apiKey := httpmw.APIKey(r)
57 if !api.Authorize(r, policy.ActionCreate, apiKey) {
58 httpapi.ResourceNotFound(rw)
59 return
60 }
61
62 // Get the redirect URI from the query parameters and parse it.
63 redirectURI := r.URL.Query().Get(workspaceapps.RedirectURIQueryParam)
64 if redirectURI == "" {
65 httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
66 Message: "Missing redirect_uri query parameter.",
67 })
68 return
69 }
70 u, err := url.Parse(redirectURI)
71 if err != nil {
72 httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
73 Message: "Invalid redirect_uri query parameter.",
74 Detail: err.Error(),
75 })
76 return
77 }
78
79 u.Scheme, err = api.ValidWorkspaceAppHostname(ctx, u.Host, ValidWorkspaceAppHostnameOpts{
80 // Allow all hosts except primary access URL since we don't need app
81 // tokens on the primary dashboard URL.
82 AllowPrimaryAccessURL: false,
83 AllowPrimaryWildcard: true,
84 AllowProxyAccessURL: true,
85 AllowProxyWildcard: true,
86 })
87 if err != nil {
88 httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
89 Message: "Failed to verify redirect_uri query parameter.",
90 Detail: err.Error(),
91 })
92 return
93 }
94 if u.Scheme == "" {
95 httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
96 Message: "Invalid redirect_uri.",
97 Detail: "The redirect_uri query parameter must be the primary wildcard app hostname, a workspace proxy access URL or a workspace proxy wildcard app hostname.",
98 })
99 return
100 }
101
102 // Create the application_connect-scoped API key with the same lifetime as
103 // the current session.
104 exp := apiKey.ExpiresAt
105 lifetimeSeconds := apiKey.LifetimeSeconds
106 if exp.IsZero() || time.Until(exp) > api.DeploymentValues.Sessions.DefaultDuration.Value() {
107 exp = dbtime.Now().Add(api.DeploymentValues.Sessions.DefaultDuration.Value())
108 lifetimeSeconds = int64(api.DeploymentValues.Sessions.DefaultDuration.Value().Seconds())
109 }
110 cookie, _, err := api.createAPIKey(ctx, apikey.CreateParams{
111 UserID: apiKey.UserID,

Callers

nothing calls this directly

Calls 15

AuthorizeMethod · 0.95
createAPIKeyMethod · 0.95
FillMethod · 0.95
APIKeyFunction · 0.92
ResourceNotFoundFunction · 0.92
WriteFunction · 0.92
NowFunction · 0.92
EncryptFunction · 0.92
EncodeMethod · 0.80
ContextMethod · 0.65
GetMethod · 0.65

Tested by

no test coverage detected