MCPcopy Index your code
hub / github.com/coder/coder / Issue

Method Issue

enterprise/wsproxy/tokenprovider.go:32–61  ·  view source on GitHub ↗
(ctx context.Context, rw http.ResponseWriter, r *http.Request, issueReq workspaceapps.IssueTokenRequest)

Source from the content-addressed store, hash-verified

30}
31
32func (p *TokenProvider) Issue(ctx context.Context, rw http.ResponseWriter, r *http.Request, issueReq workspaceapps.IssueTokenRequest) (*workspaceapps.SignedToken, string, bool) {
33 appReq := issueReq.AppRequest.Normalize()
34 err := appReq.Check()
35 if err != nil {
36 workspaceapps.WriteWorkspaceApp500(p.Logger, p.DashboardURL, rw, r, &appReq, err, "invalid app request")
37 return nil, "", false
38 }
39 issueReq.AppRequest = appReq
40
41 resp, ok := p.Client.IssueSignedAppTokenHTML(ctx, rw, issueReq, r.RemoteAddr)
42 if !ok {
43 return nil, "", false
44 }
45
46 // Check that it verifies properly and matches the string.
47 var token workspaceapps.SignedToken
48 err = jwtutils.Verify(ctx, p.TokenSigningKeycache, resp.SignedTokenStr, &token)
49 if err != nil {
50 workspaceapps.WriteWorkspaceApp500(p.Logger, p.DashboardURL, rw, r, &appReq, err, "failed to verify newly generated signed token")
51 return nil, "", false
52 }
53
54 // Check that it matches the request.
55 if !token.MatchesRequest(appReq) {
56 workspaceapps.WriteWorkspaceApp500(p.Logger, p.DashboardURL, rw, r, &appReq, err, "newly generated signed token does not match request")
57 return nil, "", false
58 }
59
60 return &token, resp.SignedTokenStr, true
61}

Callers

nothing calls this directly

Calls 6

MatchesRequestMethod · 0.95
WriteWorkspaceApp500Function · 0.92
VerifyFunction · 0.92
NormalizeMethod · 0.80
CheckMethod · 0.65

Tested by

no test coverage detected