Documentation ¶
Index ¶
- Constants
- func APIKey(r *http.Request) database.APIKey
- func APIKeyOptional(r *http.Request) (database.APIKey, bool)
- func AttachRequestID(next http.Handler) http.Handler
- func CSRF(secureCookie bool) func(next http.Handler) http.Handler
- func EnsureXForwardedForHeader(req *http.Request) error
- func ExtractAPIKey(cfg ExtractAPIKeyConfig) func(http.Handler) http.Handler
- func ExtractGroupByNameParam(db database.Store) func(http.Handler) http.Handler
- func ExtractGroupParam(db database.Store) func(http.Handler) http.Handler
- func ExtractOAuth2(config OAuth2Config, client *http.Client) func(http.Handler) http.Handler
- func ExtractOrganizationMemberParam(db database.Store) func(http.Handler) http.Handler
- func ExtractOrganizationParam(db database.Store) func(http.Handler) http.Handler
- func ExtractRealIP(config *RealIPConfig) func(next http.Handler) http.Handler
- func ExtractRealIPAddress(config *RealIPConfig, req *http.Request) (net.IP, error)
- func ExtractTemplateParam(db database.Store) func(http.Handler) http.Handler
- func ExtractTemplateVersionParam(db database.Store) func(http.Handler) http.Handler
- func ExtractUserParam(db database.Store, redirectToLoginOnMe bool) func(http.Handler) http.Handler
- func ExtractWorkspaceAgent(db database.Store) func(http.Handler) http.Handler
- func ExtractWorkspaceAgentParam(db database.Store) func(http.Handler) http.Handler
- func ExtractWorkspaceAndAgentParam(db database.Store) func(http.Handler) http.Handler
- func ExtractWorkspaceBuildParam(db database.Store) func(http.Handler) http.Handler
- func ExtractWorkspaceParam(db database.Store) func(http.Handler) http.Handler
- func ExtractWorkspaceResourceParam(db database.Store) func(http.Handler) http.Handler
- func FilterUntrustedOriginHeaders(config *RealIPConfig, req *http.Request)
- func GroupParam(r *http.Request) database.Group
- func Logger(log slog.Logger) func(next http.Handler) http.Handler
- func OrganizationMemberParam(r *http.Request) database.OrganizationMember
- func OrganizationParam(r *http.Request) database.Organization
- func Prometheus(register prometheus.Registerer) func(http.Handler) http.Handler
- func RateLimit(count int, window time.Duration) func(http.Handler) http.Handler
- func Recover(log slog.Logger) func(h http.Handler) http.Handler
- func RedirectToLogin(rw http.ResponseWriter, r *http.Request, message string)
- func RequestID(r *http.Request) uuid.UUID
- func SplitAPIToken(token string) (id string, secret string, err error)
- func TemplateParam(r *http.Request) database.Template
- func TemplateVersionParam(r *http.Request) database.TemplateVersion
- func UserParam(r *http.Request) database.User
- func WorkspaceAgent(r *http.Request) database.WorkspaceAgent
- func WorkspaceAgentParam(r *http.Request) database.WorkspaceAgent
- func WorkspaceBuildParam(r *http.Request) database.WorkspaceBuild
- func WorkspaceParam(r *http.Request) database.Workspace
- func WorkspaceResourceParam(r *http.Request) database.WorkspaceResource
- type Authorization
- type ExtractAPIKeyConfig
- type OAuth2Config
- type OAuth2Configs
- type OAuth2State
- type RealIPConfig
- type RealIPState
Constants ¶
const DevURLSessionTokenCookie = "coder_devurl_session_token"
The special cookie name used for subdomain-based application proxying. TODO: this will make dogfooding harder so come up with a more unique solution
const (
SignedOutErrorMessage = "You are signed out or your session has expired. Please sign in again to continue."
)
Variables ¶
This section is empty.
Functions ¶
func APIKeyOptional ¶ added in v0.9.0
APIKeyOptional may return an API key from the ExtractAPIKey handler.
func AttachRequestID ¶ added in v0.8.12
AttachRequestID adds a request ID to each HTTP request.
func CSRF ¶ added in v0.8.15
CSRF is a middleware that verifies that a CSRF token is present in the request for non-GET requests.
func EnsureXForwardedForHeader ¶ added in v0.11.0
EnsureXForwardedForHeader ensures that the request has an X-Forwarded-For header. It uses the following logic:
- If we have a direct connection (remoteAddr == proxyAddr), then set it to remoteAddr
- If we have a proxied connection (remoteAddr != proxyAddr) and X-Forwarded-For doesn't begin with remoteAddr, then overwrite it with remoteAddr,proxyAddr
- If we have a proxied connection (remoteAddr != proxyAddr) and X-Forwarded-For begins with remoteAddr, then append proxyAddr to the original X-Forwarded-For header
- If X-Forwarded-Proto is not set, then it will be set to "https" if req.TLS != nil, otherwise it will be set to "http"
func ExtractAPIKey ¶
func ExtractAPIKey(cfg ExtractAPIKeyConfig) func(http.Handler) http.Handler
ExtractAPIKey requires authentication using a valid API key. It handles extending an API key if it comes close to expiry, updating the last used time in the database. nolint:revive
func ExtractGroupByNameParam ¶ added in v0.12.0
func ExtractGroupParam ¶ added in v0.9.9
ExtraGroupParam grabs a group from the "group" URL parameter.
func ExtractOAuth2 ¶ added in v0.4.4
ExtractOAuth2 is a middleware for automatically redirecting to OAuth URLs, and handling the exchange inbound. Any route that does not have a "code" URL parameter will be redirected.
func ExtractOrganizationMemberParam ¶ added in v0.6.0
ExtractOrganizationMemberParam grabs a user membership from the "organization" and "user" URL parameter. This middleware requires the ExtractUser and ExtractOrganization middleware higher in the stack
func ExtractOrganizationParam ¶
ExtractOrganizationParam grabs an organization from the "organization" URL parameter. This middleware requires the API key middleware higher in the call stack for authentication.
func ExtractRealIP ¶ added in v0.11.0
func ExtractRealIP(config *RealIPConfig) func(next http.Handler) http.Handler
ExtractRealIP is a middleware that uses headers from reverse proxies to propagate origin IP address information, when configured to do so.
func ExtractRealIPAddress ¶ added in v0.11.0
ExtractRealIPAddress returns the original client address according to the configuration and headers. It does not mutate the original request.
func ExtractTemplateParam ¶ added in v0.4.0
ExtractTemplateParam grabs a template from the "template" URL parameter.
func ExtractTemplateVersionParam ¶ added in v0.4.0
ExtractTemplateVersionParam grabs template version from the "templateversion" URL parameter.
func ExtractUserParam ¶
ExtractUserParam extracts a user from an ID/username in the {user} URL parameter.
func ExtractWorkspaceAgent ¶
ExtractWorkspaceAgent requires authentication using a valid agent token.
func ExtractWorkspaceAgentParam ¶ added in v0.4.1
ExtractWorkspaceAgentParam grabs a workspace agent from the "workspaceagent" URL parameter.
func ExtractWorkspaceAndAgentParam ¶ added in v0.8.9
ExtractWorkspaceAndAgentParam grabs a workspace and an agent from the "workspace_and_agent" URL parameter. `ExtractUserParam` must be called before this. This can be in the form of:
- "<workspace-name>.[workspace-agent]" : If multiple agents exist
- "<workspace-name>" : If one agent exists
func ExtractWorkspaceBuildParam ¶
ExtractWorkspaceBuildParam grabs workspace build from the "workspacebuild" URL parameter.
func ExtractWorkspaceParam ¶
ExtractWorkspaceParam grabs a workspace from the "workspace" URL parameter.
func ExtractWorkspaceResourceParam ¶
ExtractWorkspaceResourceParam grabs a workspace resource from the "provisionerjob" URL parameter.
func FilterUntrustedOriginHeaders ¶ added in v0.11.0
func FilterUntrustedOriginHeaders(config *RealIPConfig, req *http.Request)
FilterUntrustedOriginHeaders removes all known proxy headers from the request for untrusted origins, and ensures that only one copy of each proxy header is set.
func GroupParam ¶ added in v0.9.9
GroupParam returns the group extracted via the ExtraGroupParam middleware.
func OrganizationMemberParam ¶
func OrganizationMemberParam(r *http.Request) database.OrganizationMember
OrganizationMemberParam returns the organization membership that allowed the query from the ExtractOrganizationParam handler.
func OrganizationParam ¶
func OrganizationParam(r *http.Request) database.Organization
OrganizationParam returns the organization from the ExtractOrganizationParam handler.
func Prometheus ¶ added in v0.5.4
func Prometheus(register prometheus.Registerer) func(http.Handler) http.Handler
func RateLimit ¶ added in v0.11.0
RateLimit returns a handler that limits requests per-minute based on IP, endpoint, and user ID (if available).
func RedirectToLogin ¶ added in v0.10.0
func RedirectToLogin(rw http.ResponseWriter, r *http.Request, message string)
RedirectToLogin redirects the user to the login page with the `message` and `redirect` query parameters set.
func SplitAPIToken ¶ added in v0.9.0
SplitAPIToken verifies the format of an API key and returns the split ID and secret.
APIKeys are formatted: ${ID}-${SECRET}
func TemplateParam ¶ added in v0.4.0
TemplateParam returns the template from the ExtractTemplateParam handler.
func TemplateVersionParam ¶ added in v0.4.0
func TemplateVersionParam(r *http.Request) database.TemplateVersion
TemplateVersionParam returns the template version from the ExtractTemplateVersionParam handler.
func WorkspaceAgent ¶
func WorkspaceAgent(r *http.Request) database.WorkspaceAgent
WorkspaceAgent returns the workspace agent from the ExtractAgent handler.
func WorkspaceAgentParam ¶ added in v0.4.1
func WorkspaceAgentParam(r *http.Request) database.WorkspaceAgent
WorkspaceAgentParam returns the workspace agent from the ExtractWorkspaceAgentParam handler.
func WorkspaceBuildParam ¶
func WorkspaceBuildParam(r *http.Request) database.WorkspaceBuild
WorkspaceBuildParam returns the workspace build from the ExtractWorkspaceBuildParam handler.
func WorkspaceParam ¶
WorkspaceParam returns the workspace from the ExtractWorkspaceParam handler.
func WorkspaceResourceParam ¶
func WorkspaceResourceParam(r *http.Request) database.WorkspaceResource
ProvisionerJobParam returns the template from the ExtractTemplateParam handler.
Types ¶
type Authorization ¶ added in v0.9.0
type Authorization struct { ID uuid.UUID Username string Roles []string Groups []string Scope database.APIKeyScope }
func UserAuthorization ¶ added in v0.9.0
func UserAuthorization(r *http.Request) Authorization
UserAuthorization returns the roles and scope used for authorization. Depends on the ExtractAPIKey handler.
func UserAuthorizationOptional ¶ added in v0.9.0
func UserAuthorizationOptional(r *http.Request) (Authorization, bool)
UserAuthorizationOptional may return the roles and scope used for authorization. Depends on the ExtractAPIKey handler.
type ExtractAPIKeyConfig ¶ added in v0.9.0
type ExtractAPIKeyConfig struct { DB database.Store OAuth2Configs *OAuth2Configs RedirectToLogin bool // Optional governs whether the API key is optional. Use this if you want to // allow unauthenticated requests. // // If true and no session token is provided, nothing will be written to the // request context. Use the APIKeyOptional and UserAuthorizationOptional // functions to retrieve the API key and authorization instead of the // regular ones. // // If true and the API key is invalid (i.e. deleted, expired), the cookie // will be deleted and the request will continue. If the request is not a // cookie-based request, the request will be rejected with a 401. Optional bool }
type OAuth2Config ¶
type OAuth2Config interface { AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string Exchange(ctx context.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) TokenSource(context.Context, *oauth2.Token) oauth2.TokenSource }
OAuth2Config exposes a subset of *oauth2.Config functions for easier testing. *oauth2.Config should be used instead of implementing this in production.
type OAuth2Configs ¶ added in v0.4.4
type OAuth2Configs struct { Github OAuth2Config OIDC OAuth2Config }
OAuth2Configs is a collection of configurations for OAuth-based authentication. This should be extended to support other authentication types in the future.
type OAuth2State ¶ added in v0.4.4
func OAuth2 ¶ added in v0.4.4
func OAuth2(r *http.Request) OAuth2State
OAuth2 returns the state from an oauth request.
type RealIPConfig ¶ added in v0.11.0
type RealIPConfig struct { // TrustedOrigins is a list of networks that will be trusted. If // any non-trusted address supplies these headers, they will be // ignored. TrustedOrigins []*net.IPNet // TrustedHeaders lists headers that are trusted for forwarding // IP addresses. e.g. "CF-Connecting-IP", "True-Client-IP", etc. TrustedHeaders []string }
RealIPConfig configures the search order for the function, which controls which headers to consider trusted.
func ParseRealIPConfig ¶ added in v0.11.0
func ParseRealIPConfig(headers, origins []string) (*RealIPConfig, error)
ParseRealIPConfig takes a raw string array of headers and origins to produce a config.
type RealIPState ¶ added in v0.11.0
type RealIPState struct { // Config is the configuration applied in the middleware. Consider // this read-only and do not modify. Config *RealIPConfig // OriginalRemoteAddr is the original RemoteAddr for the request. OriginalRemoteAddr string }
RealIPState is the original state prior to modification by this middleware, useful for getting information about the connecting client if needed.
func RealIP ¶ added in v0.11.0
func RealIP(ctx context.Context) *RealIPState
FromContext retrieves the state from the given context.Context.
Source Files ¶
- apikey.go
- csrf.go
- groupparam.go
- httpmw.go
- logger.go
- oauth2.go
- organizationparam.go
- prometheus.go
- ratelimit.go
- realip.go
- recover.go
- requestid.go
- templateparam.go
- templateversionparam.go
- userparam.go
- workspaceagent.go
- workspaceagentparam.go
- workspacebuildparam.go
- workspaceparam.go
- workspaceresourceparam.go