Documentation ¶
Index ¶
- Constants
- func APIKey(r *http.Request) database.APIKey
- func APIKeyOptional(r *http.Request) (database.APIKey, bool)
- func AttachRequestID(next http.Handler) http.Handler
- func CSRF(secureCookie bool) func(next http.Handler) http.Handler
- func ExtractAPIKey(cfg ExtractAPIKeyConfig) func(http.Handler) http.Handler
- func ExtractOAuth2(config OAuth2Config) func(http.Handler) http.Handler
- func ExtractOrganizationMemberParam(db database.Store) func(http.Handler) http.Handler
- func ExtractOrganizationParam(db database.Store) func(http.Handler) http.Handler
- func ExtractTemplateParam(db database.Store) func(http.Handler) http.Handler
- func ExtractTemplateVersionParam(db database.Store) func(http.Handler) http.Handler
- func ExtractUserParam(db database.Store) func(http.Handler) http.Handler
- func ExtractWorkspaceAgent(db database.Store) func(http.Handler) http.Handler
- func ExtractWorkspaceAgentParam(db database.Store) func(http.Handler) http.Handler
- func ExtractWorkspaceAndAgentParam(db database.Store) func(http.Handler) http.Handler
- func ExtractWorkspaceBuildParam(db database.Store) func(http.Handler) http.Handler
- func ExtractWorkspaceParam(db database.Store) func(http.Handler) http.Handler
- func ExtractWorkspaceResourceParam(db database.Store) func(http.Handler) http.Handler
- func Logger(log slog.Logger) func(next http.Handler) http.Handler
- func OrganizationMemberParam(r *http.Request) database.OrganizationMember
- func OrganizationParam(r *http.Request) database.Organization
- func Prometheus(register prometheus.Registerer) func(http.Handler) http.Handler
- func RateLimitPerMinute(count int) func(http.Handler) http.Handler
- func Recover(log slog.Logger) func(h http.Handler) http.Handler
- func RequestID(r *http.Request) uuid.UUID
- func SplitAPIToken(token string) (id string, secret string, err error)
- func TemplateParam(r *http.Request) database.Template
- func TemplateVersionParam(r *http.Request) database.TemplateVersion
- func UserParam(r *http.Request) database.User
- func WorkspaceAgent(r *http.Request) database.WorkspaceAgent
- func WorkspaceAgentParam(r *http.Request) database.WorkspaceAgent
- func WorkspaceBuildParam(r *http.Request) database.WorkspaceBuild
- func WorkspaceParam(r *http.Request) database.Workspace
- func WorkspaceResourceParam(r *http.Request) database.WorkspaceResource
- type Authorization
- type ExtractAPIKeyConfig
- type OAuth2Config
- type OAuth2Configs
- type OAuth2State
Constants ¶
const DevURLSessionTokenCookie = "coder_devurl_session_token"
The special cookie name used for subdomain-based application proxying. TODO: this will make dogfooding harder so come up with a more unique solution
Variables ¶
This section is empty.
Functions ¶
func APIKeyOptional ¶ added in v0.9.0
APIKeyOptional may return an API key from the ExtractAPIKey handler.
func AttachRequestID ¶ added in v0.8.12
AttachRequestID adds a request ID to each HTTP request.
func CSRF ¶ added in v0.8.15
CSRF is a middleware that verifies that a CSRF token is present in the request for non-GET requests.
func ExtractAPIKey ¶
func ExtractAPIKey(cfg ExtractAPIKeyConfig) func(http.Handler) http.Handler
ExtractAPIKey requires authentication using a valid API key. It handles extending an API key if it comes close to expiry, updating the last used time in the database. nolint:revive
func ExtractOAuth2 ¶ added in v0.4.4
func ExtractOAuth2(config OAuth2Config) func(http.Handler) http.Handler
ExtractOAuth2 is a middleware for automatically redirecting to OAuth URLs, and handling the exchange inbound. Any route that does not have a "code" URL parameter will be redirected.
func ExtractOrganizationMemberParam ¶ added in v0.6.0
ExtractOrganizationMemberParam grabs a user membership from the "organization" and "user" URL parameter. This middleware requires the ExtractUser and ExtractOrganization middleware higher in the stack
func ExtractOrganizationParam ¶
ExtractOrganizationParam grabs an organization from the "organization" URL parameter. This middleware requires the API key middleware higher in the call stack for authentication.
func ExtractTemplateParam ¶ added in v0.4.0
ExtractTemplateParam grabs a template from the "template" URL parameter.
func ExtractTemplateVersionParam ¶ added in v0.4.0
ExtractTemplateVersionParam grabs template version from the "templateversion" URL parameter.
func ExtractUserParam ¶
ExtractUserParam extracts a user from an ID/username in the {user} URL parameter.
func ExtractWorkspaceAgent ¶
ExtractWorkspaceAgent requires authentication using a valid agent token.
func ExtractWorkspaceAgentParam ¶ added in v0.4.1
ExtractWorkspaceAgentParam grabs a workspace agent from the "workspaceagent" URL parameter.
func ExtractWorkspaceAndAgentParam ¶ added in v0.8.9
ExtractWorkspaceAndAgentParam grabs a workspace and an agent from the "workspace_and_agent" URL parameter. `ExtractUserParam` must be called before this. This can be in the form of:
- "<workspace-name>.[workspace-agent]" : If multiple agents exist
- "<workspace-name>" : If one agent exists
func ExtractWorkspaceBuildParam ¶
ExtractWorkspaceBuildParam grabs workspace build from the "workspacebuild" URL parameter.
func ExtractWorkspaceParam ¶
ExtractWorkspaceParam grabs a workspace from the "workspace" URL parameter.
func ExtractWorkspaceResourceParam ¶
ExtractWorkspaceResourceParam grabs a workspace resource from the "provisionerjob" URL parameter.
func OrganizationMemberParam ¶
func OrganizationMemberParam(r *http.Request) database.OrganizationMember
OrganizationMemberParam returns the organization membership that allowed the query from the ExtractOrganizationParam handler.
func OrganizationParam ¶
func OrganizationParam(r *http.Request) database.Organization
OrganizationParam returns the organization from the ExtractOrganizationParam handler.
func Prometheus ¶ added in v0.5.4
func Prometheus(register prometheus.Registerer) func(http.Handler) http.Handler
func RateLimitPerMinute ¶
RateLimitPerMinute returns a handler that limits requests per-minute based on IP, endpoint, and user ID (if available).
func SplitAPIToken ¶ added in v0.9.0
SplitAPIToken verifies the format of an API key and returns the split ID and secret.
APIKeys are formatted: ${ID}-${SECRET}
func TemplateParam ¶ added in v0.4.0
TemplateParam returns the template from the ExtractTemplateParam handler.
func TemplateVersionParam ¶ added in v0.4.0
func TemplateVersionParam(r *http.Request) database.TemplateVersion
TemplateVersionParam returns the template version from the ExtractTemplateVersionParam handler.
func WorkspaceAgent ¶
func WorkspaceAgent(r *http.Request) database.WorkspaceAgent
WorkspaceAgent returns the workspace agent from the ExtractAgent handler.
func WorkspaceAgentParam ¶ added in v0.4.1
func WorkspaceAgentParam(r *http.Request) database.WorkspaceAgent
WorkspaceAgentParam returns the workspace agent from the ExtractWorkspaceAgentParam handler.
func WorkspaceBuildParam ¶
func WorkspaceBuildParam(r *http.Request) database.WorkspaceBuild
WorkspaceBuildParam returns the workspace build from the ExtractWorkspaceBuildParam handler.
func WorkspaceParam ¶
WorkspaceParam returns the workspace from the ExtractWorkspaceParam handler.
func WorkspaceResourceParam ¶
func WorkspaceResourceParam(r *http.Request) database.WorkspaceResource
ProvisionerJobParam returns the template from the ExtractTemplateParam handler.
Types ¶
type Authorization ¶ added in v0.9.0
type Authorization struct { ID uuid.UUID Username string Roles []string Scope database.APIKeyScope }
func UserAuthorization ¶ added in v0.9.0
func UserAuthorization(r *http.Request) Authorization
UserAuthorization returns the roles and scope used for authorization. Depends on the ExtractAPIKey handler.
func UserAuthorizationOptional ¶ added in v0.9.0
func UserAuthorizationOptional(r *http.Request) (Authorization, bool)
UserAuthorizationOptional may return the roles and scope used for authorization. Depends on the ExtractAPIKey handler.
type ExtractAPIKeyConfig ¶ added in v0.9.0
type ExtractAPIKeyConfig struct { DB database.Store OAuth2Configs *OAuth2Configs RedirectToLogin bool // Optional governs whether the API key is optional. Use this if you want to // allow unauthenticated requests. // // If true and no session token is provided, nothing will be written to the // request context. Use the APIKeyOptional and UserAuthorizationOptional // functions to retrieve the API key and authorization instead of the // regular ones. // // If true and the API key is invalid (i.e. deleted, expired), the cookie // will be deleted and the request will continue. If the request is not a // cookie-based request, the request will be rejected with a 401. Optional bool }
type OAuth2Config ¶
type OAuth2Config interface { AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string Exchange(ctx context.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) TokenSource(context.Context, *oauth2.Token) oauth2.TokenSource }
OAuth2Config exposes a subset of *oauth2.Config functions for easier testing. *oauth2.Config should be used instead of implementing this in production.
type OAuth2Configs ¶ added in v0.4.4
type OAuth2Configs struct { Github OAuth2Config OIDC OAuth2Config }
OAuth2Configs is a collection of configurations for OAuth-based authentication. This should be extended to support other authentication types in the future.
type OAuth2State ¶ added in v0.4.4
func OAuth2 ¶ added in v0.4.4
func OAuth2(r *http.Request) OAuth2State
OAuth2 returns the state from an oauth request.