(ctx context.Context, rw http.ResponseWriter, r *http.Request, issueReq workspaceapps.IssueTokenRequest)
| 30 | } |
| 31 | |
| 32 | func (p *TokenProvider) Issue(ctx context.Context, rw http.ResponseWriter, r *http.Request, issueReq workspaceapps.IssueTokenRequest) (*workspaceapps.SignedToken, string, bool) { |
| 33 | appReq := issueReq.AppRequest.Normalize() |
| 34 | err := appReq.Check() |
| 35 | if err != nil { |
| 36 | workspaceapps.WriteWorkspaceApp500(p.Logger, p.DashboardURL, rw, r, &appReq, err, "invalid app request") |
| 37 | return nil, "", false |
| 38 | } |
| 39 | issueReq.AppRequest = appReq |
| 40 | |
| 41 | resp, ok := p.Client.IssueSignedAppTokenHTML(ctx, rw, issueReq, r.RemoteAddr) |
| 42 | if !ok { |
| 43 | return nil, "", false |
| 44 | } |
| 45 | |
| 46 | // Check that it verifies properly and matches the string. |
| 47 | var token workspaceapps.SignedToken |
| 48 | err = jwtutils.Verify(ctx, p.TokenSigningKeycache, resp.SignedTokenStr, &token) |
| 49 | if err != nil { |
| 50 | workspaceapps.WriteWorkspaceApp500(p.Logger, p.DashboardURL, rw, r, &appReq, err, "failed to verify newly generated signed token") |
| 51 | return nil, "", false |
| 52 | } |
| 53 | |
| 54 | // Check that it matches the request. |
| 55 | if !token.MatchesRequest(appReq) { |
| 56 | workspaceapps.WriteWorkspaceApp500(p.Logger, p.DashboardURL, rw, r, &appReq, err, "newly generated signed token does not match request") |
| 57 | return nil, "", false |
| 58 | } |
| 59 | |
| 60 | return &token, resp.SignedTokenStr, true |
| 61 | } |
nothing calls this directly
no test coverage detected