selfhosted
/
coder
mirror of https://github.com/coder/coder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

chore: move app URL parsing to its own package (#11651) 

* chore: move app url parsing to it's own package
This commit is contained in:
Steven Masley 2024-01-17 10:41:42 -06:00 committed by GitHub
parent 1aee8da4b6
commit b246f08d84
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
32 changed files with 165 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
cli/clibase/values.go
View File

@ -59,6 +59,28 @@ func (i *Validator[T]) Type() string {
return i.Value.Type()
}
func (i *Validator[T]) MarshalYAML() (interface{}, error) {
m, ok := any(i.Value).(yaml.Marshaler)
if !ok {
return i.Value, nil
}
return m.MarshalYAML()
}
func (i *Validator[T]) UnmarshalYAML(n *yaml.Node) error {
return n.Decode(i.Value)
}
func (i *Validator[T]) MarshalJSON() ([]byte, error) {
return json.Marshal(i.Value)
}
func (i *Validator[T]) UnmarshalJSON(b []byte) error {
return json.Unmarshal(b, i.Value)
}
func (i *Validator[T]) Underlying() pflag.Value { return i.Value }
// values.go contains a standard set of value types that can be used as
// Option Values.
@ -378,6 +400,7 @@ func (s *Struct[T]) String() string {
return string(byt)
}
// nolint:revive
func (s *Struct[T]) MarshalYAML() (interface{}, error) {
var n yaml.Node
err := n.Encode(s.Value)
@ -387,6 +410,7 @@ func (s *Struct[T]) MarshalYAML() (interface{}, error) {
return n, nil
}
// nolint:revive
func (s *Struct[T]) UnmarshalYAML(n *yaml.Node) error {
// HACK: for compatibility with flags, we use nil slices instead of empty
// slices. In most cases, nil slices and empty slices are treated
@ -403,10 +427,12 @@ func (s *Struct[T]) Type() string {
return fmt.Sprintf("struct[%T]", s.Value)
}
// nolint:revive
func (s *Struct[T]) MarshalJSON() ([]byte, error) {
return json.Marshal(s.Value)
}
// nolint:revive
func (s *Struct[T]) UnmarshalJSON(b []byte) error {
return json.Unmarshal(b, &s.Value)
}

6
cli/clibase/yaml.go
View File

@ -6,6 +6,7 @@ import (
"strings"
"github.com/mitchellh/go-wordwrap"
"github.com/spf13/pflag"
"golang.org/x/xerrors"
"gopkg.in/yaml.v3"
)
@ -74,13 +75,16 @@ func (optSet *OptionSet) MarshalYAML() (any, error) {
Value: opt.YAML,
HeadComment: comment,
}
_, isValidator := opt.Value.(interface{ Underlying() pflag.Value })
var valueNode yaml.Node
if opt.Value == nil {
valueNode = yaml.Node{
Kind: yaml.ScalarNode,
Value: "null",
}
} else if m, ok := opt.Value.(yaml.Marshaler); ok {
} else if m, ok := opt.Value.(yaml.Marshaler); ok && !isValidator {
// Validators do a wrap, and should be handled by the else statement.
v, err := m.MarshalYAML()
if err != nil {
return nil, xerrors.Errorf(

13
cli/server.go
View File

@ -53,8 +53,6 @@ import (
"gopkg.in/yaml.v3"
"tailscale.com/tailcfg"
"github.com/coder/pretty"
"cdr.dev/slog"
"cdr.dev/slog/sloggers/sloghuman"
"github.com/coder/coder/v2/buildinfo"
@ -75,7 +73,6 @@ import (
"github.com/coder/coder/v2/coderd/devtunnel"
"github.com/coder/coder/v2/coderd/externalauth"
"github.com/coder/coder/v2/coderd/gitsshkey"
"github.com/coder/coder/v2/coderd/httpapi"
"github.com/coder/coder/v2/coderd/httpmw"
"github.com/coder/coder/v2/coderd/oauthpki"
"github.com/coder/coder/v2/coderd/prometheusmetrics"
@ -89,6 +86,7 @@ import (
"github.com/coder/coder/v2/coderd/util/slice"
stringutil "github.com/coder/coder/v2/coderd/util/strings"
"github.com/coder/coder/v2/coderd/workspaceapps"
"github.com/coder/coder/v2/coderd/workspaceapps/appurl"
"github.com/coder/coder/v2/codersdk"
"github.com/coder/coder/v2/codersdk/drpc"
"github.com/coder/coder/v2/cryptorand"
@ -99,6 +97,7 @@ import (
"github.com/coder/coder/v2/provisionersdk"
sdkproto "github.com/coder/coder/v2/provisionersdk/proto"
"github.com/coder/coder/v2/tailnet"
"github.com/coder/pretty"
"github.com/coder/retry"
"github.com/coder/wgtunnel/tunnelsdk"
)
@ -434,11 +433,11 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
if vals.WildcardAccessURL.String() == "" {
// Suffixed wildcard access URL.
u, err := url.Parse(fmt.Sprintf("*--%s", tunnel.URL.Hostname()))
wu := fmt.Sprintf("*--%s", tunnel.URL.Hostname())
err = vals.WildcardAccessURL.Set(wu)
if err != nil {
return xerrors.Errorf("parse wildcard url: %w", err)
return xerrors.Errorf("set wildcard access url %q: %w", wu, err)
}
vals.WildcardAccessURL = clibase.URL(*u)
}
}
@ -513,7 +512,7 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
appHostname := vals.WildcardAccessURL.String()
var appHostnameRegex *regexp.Regexp
if appHostname != "" {
appHostnameRegex, err = httpapi.CompileHostnamePattern(appHostname)
appHostnameRegex, err = appurl.CompileHostnamePattern(appHostname)
if err != nil {
return xerrors.Errorf("parse wildcard access URL %q: %w", appHostname, err)
}

13
cli/server_test.go
View File

@ -29,6 +29,7 @@ import (
"time"
"github.com/go-chi/chi/v5"
"github.com/spf13/pflag"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"go.uber.org/goleak"
@ -1552,6 +1553,18 @@ func TestServer(t *testing.T) {
// ValueSource is not going to be correct on the `want`, so just
// match that field.
wantConfig.Options[i].ValueSource = gotConfig.Options[i].ValueSource
// If there is a wrapped value with a validator, unwrap it.
// The underlying doesn't compare well since it compares go pointers,
// and not the actual value.
if validator, isValidator := wantConfig.Options[i].Value.(interface{ Underlying() pflag.Value }); isValidator {
wantConfig.Options[i].Value = validator.Underlying()
}
if validator, isValidator := gotConfig.Options[i].Value.(interface{ Underlying() pflag.Value }); isValidator {
gotConfig.Options[i].Value = validator.Underlying()
}
assert.Equal(
t, wantConfig.Options[i],
gotConfig.Options[i],

2
cli/testdata/coder_server_--help.golden vendored
View File

@ -167,7 +167,7 @@ NETWORKING OPTIONS:
--secure-auth-cookie bool, $CODER_SECURE_AUTH_COOKIE
Controls if the 'Secure' property is set on browser session cookies.
--wildcard-access-url url, $CODER_WILDCARD_ACCESS_URL
--wildcard-access-url string, $CODER_WILDCARD_ACCESS_URL
Specifies the wildcard hostname to use for workspace applications in
the form "*.example.com".

4
cli/testdata/server-config.yaml.golden vendored
View File

@ -4,8 +4,8 @@ networking:
accessURL:
# Specifies the wildcard hostname to use for workspace applications in the form
# "*.example.com".
# (default: <unset>, type: url)
wildcardAccessURL:
# (default: <unset>, type: string)
wildcardAccessURL: ""
# Specifies the custom docs URL.
# (default: <unset>, type: url)
docsURL:

4
coderd/agentapi/manifest.go
View File

@ -20,7 +20,7 @@ import (
"github.com/coder/coder/v2/coderd/database/db2sdk"
"github.com/coder/coder/v2/coderd/database/dbauthz"
"github.com/coder/coder/v2/coderd/externalauth"
"github.com/coder/coder/v2/coderd/httpapi"
"github.com/coder/coder/v2/coderd/workspaceapps/appurl"
"github.com/coder/coder/v2/codersdk"
"github.com/coder/coder/v2/tailnet"
)
@ -108,7 +108,7 @@ func (a *ManifestAPI) GetManifest(ctx context.Context, _ *agentproto.GetManifest
return nil, xerrors.Errorf("fetching workspace agent data: %w", err)
}
appHost := httpapi.ApplicationURL{
appHost := appurl.ApplicationURL{
AppSlugOrPort: "{{port}}",
AgentName: workspaceAgent.Name,
WorkspaceName: workspace.Name,

2
coderd/apidoc/docs.go generated
View File

@ -9061,7 +9061,7 @@ const docTemplate = `{
"type": "string"
},
"wildcard_access_url": {
"$ref": "#/definitions/clibase.URL"
"type": "string"
},
"write_config": {
"type": "boolean"

2
coderd/apidoc/swagger.json generated
View File

@ -8111,7 +8111,7 @@
"type": "string"
},
"wildcard_access_url": {
"$ref": "#/definitions/clibase.URL"
"type": "string"
},
"write_config": {
"type": "boolean"

2
coderd/coderd.go
View File

@ -96,7 +96,7 @@ type Options struct {
// E.g. "*.apps.coder.com" or "*-apps.coder.com".
AppHostname string
// AppHostnameRegex contains the regex version of options.AppHostname as
// generated by httpapi.CompileHostnamePattern(). It MUST be set if
// generated by appurl.CompileHostnamePattern(). It MUST be set if
// options.AppHostname is set.
AppHostnameRegex *regexp.Regexp
Logger slog.Logger

4
coderd/coderdtest/coderdtest.go
View File

@ -62,7 +62,6 @@ import (
"github.com/coder/coder/v2/coderd/externalauth"
"github.com/coder/coder/v2/coderd/gitsshkey"
"github.com/coder/coder/v2/coderd/healthcheck"
"github.com/coder/coder/v2/coderd/httpapi"
"github.com/coder/coder/v2/coderd/httpmw"
"github.com/coder/coder/v2/coderd/rbac"
"github.com/coder/coder/v2/coderd/schedule"
@ -71,6 +70,7 @@ import (
"github.com/coder/coder/v2/coderd/updatecheck"
"github.com/coder/coder/v2/coderd/util/ptr"
"github.com/coder/coder/v2/coderd/workspaceapps"
"github.com/coder/coder/v2/coderd/workspaceapps/appurl"
"github.com/coder/coder/v2/codersdk"
"github.com/coder/coder/v2/codersdk/agentsdk"
"github.com/coder/coder/v2/codersdk/drpc"
@ -372,7 +372,7 @@ func NewOptions(t testing.TB, options *Options) (func(http.Handler), context.Can
var appHostnameRegex *regexp.Regexp
if options.AppHostname != "" {
var err error
appHostnameRegex, err = httpapi.CompileHostnamePattern(options.AppHostname)
appHostnameRegex, err = appurl.CompileHostnamePattern(options.AppHostname)
require.NoError(t, err)
}

4
coderd/database/db2sdk/db2sdk.go
View File

@ -14,9 +14,9 @@ import (
"tailscale.com/tailcfg"
"github.com/coder/coder/v2/coderd/database"
"github.com/coder/coder/v2/coderd/httpapi"
"github.com/coder/coder/v2/coderd/parameter"
"github.com/coder/coder/v2/coderd/rbac"
"github.com/coder/coder/v2/coderd/workspaceapps/appurl"
"github.com/coder/coder/v2/codersdk"
"github.com/coder/coder/v2/provisionersdk/proto"
"github.com/coder/coder/v2/tailnet"
@ -381,7 +381,7 @@ func AppSubdomain(dbApp database.WorkspaceApp, agentName, workspaceName, ownerNa
if appSlug == "" {
appSlug = dbApp.DisplayName
}
return httpapi.ApplicationURL{
return appurl.ApplicationURL{
// We never generate URLs with a prefix. We only allow prefixes when
// parsing URLs from the hostname. Users that want this feature can
// write out their own URLs.

6
coderd/database/dbmem/dbmem.go
View File

@ -21,10 +21,10 @@ import (
"github.com/coder/coder/v2/coderd/database"
"github.com/coder/coder/v2/coderd/database/dbtime"
"github.com/coder/coder/v2/coderd/httpapi"
"github.com/coder/coder/v2/coderd/rbac"
"github.com/coder/coder/v2/coderd/rbac/regosql"
"github.com/coder/coder/v2/coderd/util/slice"
"github.com/coder/coder/v2/coderd/workspaceapps/appurl"
"github.com/coder/coder/v2/codersdk"
"github.com/coder/coder/v2/provisionersdk"
)
@ -4566,11 +4566,11 @@ func (q *FakeQuerier) GetWorkspaceProxyByHostname(_ context.Context, params data
// Compile the app hostname regex. This is slow sadly.
if params.AllowWildcardHostname {
wildcardRegexp, err := httpapi.CompileHostnamePattern(proxy.WildcardHostname)
wildcardRegexp, err := appurl.CompileHostnamePattern(proxy.WildcardHostname)
if err != nil {
return database.WorkspaceProxy{}, xerrors.Errorf("compile hostname pattern %q for proxy %q (%s): %w", proxy.WildcardHostname, proxy.Name, proxy.ID.String(), err)
}
if _, ok := httpapi.ExecuteHostnamePattern(wildcardRegexp, params.Hostname); ok {
if _, ok := appurl.ExecuteHostnamePattern(wildcardRegexp, params.Hostname); ok {
return proxy, nil
}
}

8
coderd/httpmw/cors.go
View File

@ -7,7 +7,7 @@ import (
"github.com/go-chi/cors"
"github.com/coder/coder/v2/coderd/httpapi"
"github.com/coder/coder/v2/coderd/workspaceapps/appurl"
)
const (
@ -44,18 +44,18 @@ func Cors(allowAll bool, origins ...string) func(next http.Handler) http.Handler
})
}
func WorkspaceAppCors(regex *regexp.Regexp, app httpapi.ApplicationURL) func(next http.Handler) http.Handler {
func WorkspaceAppCors(regex *regexp.Regexp, app appurl.ApplicationURL) func(next http.Handler) http.Handler {
return cors.Handler(cors.Options{
AllowOriginFunc: func(r *http.Request, rawOrigin string) bool {
origin, err := url.Parse(rawOrigin)
if rawOrigin == "" || origin.Host == "" || err != nil {
return false
}
subdomain, ok := httpapi.ExecuteHostnamePattern(regex, origin.Host)
subdomain, ok := appurl.ExecuteHostnamePattern(regex, origin.Host)
if !ok {
return false
}
originApp, err := httpapi.ParseSubdomainAppURL(subdomain)
originApp, err := appurl.ParseSubdomainAppURL(subdomain)
if err != nil {
return false
}

16
coderd/httpmw/cors_test.go
View File

@ -7,14 +7,14 @@ import (
"github.com/stretchr/testify/require"
"github.com/coder/coder/v2/coderd/httpapi"
"github.com/coder/coder/v2/coderd/httpmw"
"github.com/coder/coder/v2/coderd/workspaceapps/appurl"
)
func TestWorkspaceAppCors(t *testing.T) {
t.Parallel()
regex, err := httpapi.CompileHostnamePattern("*--apps.dev.coder.com")
regex, err := appurl.CompileHostnamePattern("*--apps.dev.coder.com")
require.NoError(t, err)
methods := []string{
@ -30,13 +30,13 @@ func TestWorkspaceAppCors(t *testing.T) {
tests := []struct {
name string
origin string
app httpapi.ApplicationURL
app appurl.ApplicationURL
allowed bool
}{
{
name: "Self",
origin: "https://3000--agent--ws--user--apps.dev.coder.com",
app: httpapi.ApplicationURL{
app: appurl.ApplicationURL{
AppSlugOrPort: "3000",
AgentName: "agent",
WorkspaceName: "ws",
@ -47,7 +47,7 @@ func TestWorkspaceAppCors(t *testing.T) {
{
name: "SameWorkspace",
origin: "https://8000--agent--ws--user--apps.dev.coder.com",
app: httpapi.ApplicationURL{
app: appurl.ApplicationURL{
AppSlugOrPort: "3000",
AgentName: "agent",
WorkspaceName: "ws",
@ -58,7 +58,7 @@ func TestWorkspaceAppCors(t *testing.T) {
{
name: "SameUser",
origin: "https://8000--agent2--ws2--user--apps.dev.coder.com",
app: httpapi.ApplicationURL{
app: appurl.ApplicationURL{
AppSlugOrPort: "3000",
AgentName: "agent",
WorkspaceName: "ws",
@ -69,7 +69,7 @@ func TestWorkspaceAppCors(t *testing.T) {
{
name: "DifferentOriginOwner",
origin: "https://3000--agent--ws--user2--apps.dev.coder.com",
app: httpapi.ApplicationURL{
app: appurl.ApplicationURL{
AppSlugOrPort: "3000",
AgentName: "agent",
WorkspaceName: "ws",
@ -80,7 +80,7 @@ func TestWorkspaceAppCors(t *testing.T) {
{
name: "DifferentHostOwner",
origin: "https://3000--agent--ws--user--apps.dev.coder.com",
app: httpapi.ApplicationURL{
app: appurl.ApplicationURL{
AppSlugOrPort: "3000",
AgentName: "agent",
WorkspaceName: "ws",

3
coderd/workspaceapps.go
View File

@ -19,6 +19,7 @@ import (
"github.com/coder/coder/v2/coderd/httpmw"
"github.com/coder/coder/v2/coderd/rbac"
"github.com/coder/coder/v2/coderd/workspaceapps"
"github.com/coder/coder/v2/coderd/workspaceapps/appurl"
"github.com/coder/coder/v2/codersdk"
)
@ -169,7 +170,7 @@ func (api *API) ValidWorkspaceAppHostname(ctx context.Context, host string, opts
}
if opts.AllowPrimaryWildcard && api.AppHostnameRegex != nil {
_, ok := httpapi.ExecuteHostnamePattern(api.AppHostnameRegex, host)
_, ok := appurl.ExecuteHostnamePattern(api.AppHostnameRegex, host)
if ok {
// Force the redirect URI to have the same scheme as the access URL
// for security purposes.

8
coderd/workspaceapps/apptest/setup.go
View File

@ -21,8 +21,8 @@ import (
"cdr.dev/slog/sloggers/slogtest"
"github.com/coder/coder/v2/agent"
"github.com/coder/coder/v2/coderd/coderdtest"
"github.com/coder/coder/v2/coderd/httpapi"
"github.com/coder/coder/v2/coderd/workspaceapps"
"github.com/coder/coder/v2/coderd/workspaceapps/appurl"
"github.com/coder/coder/v2/codersdk"
"github.com/coder/coder/v2/codersdk/agentsdk"
"github.com/coder/coder/v2/cryptorand"
@ -146,7 +146,7 @@ func (d *Details) PathAppURL(app App) *url.URL {
// SubdomainAppURL returns the URL for the given subdomain app.
func (d *Details) SubdomainAppURL(app App) *url.URL {
appHost := httpapi.ApplicationURL{
appHost := appurl.ApplicationURL{
Prefix: app.Prefix,
AppSlugOrPort: app.AppSlugOrPort,
AgentName: app.AgentName,
@ -370,7 +370,7 @@ func createWorkspaceWithApps(t *testing.T, client *codersdk.Client, orgID uuid.U
for _, app := range workspaceBuild.Resources[0].Agents[0].Apps {
require.True(t, app.Subdomain)
appURL := httpapi.ApplicationURL{
appURL := appurl.ApplicationURL{
Prefix: "",
// findProtoApp is needed as the order of apps returned from PG database
// is not guaranteed.
@ -399,7 +399,7 @@ func createWorkspaceWithApps(t *testing.T, client *codersdk.Client, orgID uuid.U
manifest, err := agentClient.Manifest(appHostCtx)
require.NoError(t, err)
appHost := httpapi.ApplicationURL{
appHost := appurl.ApplicationURL{
Prefix: "",
AppSlugOrPort: "{{port}}",
AgentName: proxyTestAgentName,

14
coderd/httpapi/url.go → coderd/workspaceapps/appurl/appurl.go
View File

@ -1,4 +1,4 @@
package httpapi
package appurl
import (
"fmt"
@ -10,8 +10,8 @@ import (
)
var (
// Remove the "starts with" and "ends with" regex components.
nameRegex = strings.Trim(UsernameValidRegex.String(), "^$")
// nameRegex is the same as our UsernameRegex without the ^ and $.
nameRegex = "[a-zA-Z0-9]+(?:-[a-zA-Z0-9]+)*"
appURL = regexp.MustCompile(fmt.Sprintf(
// {PORT/APP_SLUG}--{AGENT_NAME}--{WORKSPACE_NAME}--{USERNAME}
`^(?P<AppSlug>%[1]s)--(?P<AgentName>%[1]s)--(?P<WorkspaceName>%[1]s)--(?P<Username>%[1]s)$`,
@ -44,6 +44,14 @@ func (a ApplicationURL) String() string {
return appURL.String()
}
// Path is a helper function to get the url path of the app if it is not served
// on a subdomain. In practice this is not really used because we use the chi
// `{variable}` syntax to extract these parts. For testing purposes and for
// completeness of this package, we include it.
func (a ApplicationURL) Path() string {
return fmt.Sprintf("/@%s/%s.%s/apps/%s", a.Username, a.WorkspaceName, a.AgentName, a.AppSlugOrPort)
}
// ParseSubdomainAppURL parses an ApplicationURL from the given subdomain. If
// the subdomain is not a valid application URL hostname, returns a non-nil
// error. If the hostname is not a subdomain of the given base hostname, returns

40
coderd/httpapi/url_test.go → coderd/workspaceapps/appurl/appurl_test.go
View File

@ -1,4 +1,4 @@
package httpapi_test
package appurl_test
import (
"fmt"
@ -6,7 +6,7 @@ import (
"github.com/stretchr/testify/require"
"github.com/coder/coder/v2/coderd/httpapi"
"github.com/coder/coder/v2/coderd/workspaceapps/appurl"
)
func TestApplicationURLString(t *testing.T) {
@ -14,17 +14,17 @@ func TestApplicationURLString(t *testing.T) {
testCases := []struct {
Name string
URL httpapi.ApplicationURL
URL appurl.ApplicationURL
Expected string
}{
{
Name: "Empty",
URL: httpapi.ApplicationURL{},
URL: appurl.ApplicationURL{},
Expected: "------",
},
{
Name: "AppName",
URL: httpapi.ApplicationURL{
URL: appurl.ApplicationURL{
AppSlugOrPort: "app",
AgentName: "agent",
WorkspaceName: "workspace",
@ -34,7 +34,7 @@ func TestApplicationURLString(t *testing.T) {
},
{
Name: "Port",
URL: httpapi.ApplicationURL{
URL: appurl.ApplicationURL{
AppSlugOrPort: "8080",
AgentName: "agent",
WorkspaceName: "workspace",
@ -44,7 +44,7 @@ func TestApplicationURLString(t *testing.T) {
},
{
Name: "Prefix",
URL: httpapi.ApplicationURL{
URL: appurl.ApplicationURL{
Prefix: "yolo---",
AppSlugOrPort: "app",
AgentName: "agent",
@ -70,44 +70,44 @@ func TestParseSubdomainAppURL(t *testing.T) {
testCases := []struct {
Name string
Subdomain string
Expected httpapi.ApplicationURL
Expected appurl.ApplicationURL
ExpectedError string
}{
{
Name: "Invalid_Empty",
Subdomain: "test",
Expected: httpapi.ApplicationURL{},
Expected: appurl.ApplicationURL{},
ExpectedError: "invalid application url format",
},
{
Name: "Invalid_Workspace.Agent--App",
Subdomain: "workspace.agent--app",
Expected: httpapi.ApplicationURL{},
Expected: appurl.ApplicationURL{},
ExpectedError: "invalid application url format",
},
{
Name: "Invalid_Workspace--App",
Subdomain: "workspace--app",
Expected: httpapi.ApplicationURL{},
Expected: appurl.ApplicationURL{},
ExpectedError: "invalid application url format",
},
{
Name: "Invalid_App--Workspace--User",
Subdomain: "app--workspace--user",
Expected: httpapi.ApplicationURL{},
Expected: appurl.ApplicationURL{},
ExpectedError: "invalid application url format",
},
{
Name: "Invalid_TooManyComponents",
Subdomain: "1--2--3--4--5",
Expected: httpapi.ApplicationURL{},
Expected: appurl.ApplicationURL{},
ExpectedError: "invalid application url format",
},
// Correct
{
Name: "AppName--Agent--Workspace--User",
Subdomain: "app--agent--workspace--user",
Expected: httpapi.ApplicationURL{
Expected: appurl.ApplicationURL{
AppSlugOrPort: "app",
AgentName: "agent",
WorkspaceName: "workspace",
@ -117,7 +117,7 @@ func TestParseSubdomainAppURL(t *testing.T) {
{
Name: "Port--Agent--Workspace--User",
Subdomain: "8080--agent--workspace--user",
Expected: httpapi.ApplicationURL{
Expected: appurl.ApplicationURL{
AppSlugOrPort: "8080",
AgentName: "agent",
WorkspaceName: "workspace",
@ -127,7 +127,7 @@ func TestParseSubdomainAppURL(t *testing.T) {
{
Name: "HyphenatedNames",
Subdomain: "app-slug--agent-name--workspace-name--user-name",
Expected: httpapi.ApplicationURL{
Expected: appurl.ApplicationURL{
AppSlugOrPort: "app-slug",
AgentName: "agent-name",
WorkspaceName: "workspace-name",
@ -137,7 +137,7 @@ func TestParseSubdomainAppURL(t *testing.T) {
{
Name: "Prefix",
Subdomain: "dean---was---here---app--agent--workspace--user",
Expected: httpapi.ApplicationURL{
Expected: appurl.ApplicationURL{
Prefix: "dean---was---here---",
AppSlugOrPort: "app",
AgentName: "agent",
@ -152,7 +152,7 @@ func TestParseSubdomainAppURL(t *testing.T) {
t.Run(c.Name, func(t *testing.T) {
t.Parallel()
app, err := httpapi.ParseSubdomainAppURL(c.Subdomain)
app, err := appurl.ParseSubdomainAppURL(c.Subdomain)
if c.ExpectedError == "" {
require.NoError(t, err)
require.Equal(t, c.Expected, app, "expected app")
@ -370,7 +370,7 @@ func TestCompileHostnamePattern(t *testing.T) {
t.Run(c.name, func(t *testing.T) {
t.Parallel()
regex, err := httpapi.CompileHostnamePattern(c.pattern)
regex, err := appurl.CompileHostnamePattern(c.pattern)
if c.errorContains == "" {
require.NoError(t, err)
@ -382,7 +382,7 @@ func TestCompileHostnamePattern(t *testing.T) {
t.Run(fmt.Sprintf("MatchCase%d", i), func(t *testing.T) {
t.Parallel()
match, ok := httpapi.ExecuteHostnamePattern(regex, m.input)
match, ok := appurl.ExecuteHostnamePattern(regex, m.input)
if m.match == "" {
require.False(t, ok)
} else {

2
coderd/workspaceapps/appurl/doc.go Normal file
View File

@ -0,0 +1,2 @@
// Package appurl handles all parsing/validation/etc around application URLs.
package appurl

4
coderd/workspaceapps/db_test.go
View File

@ -19,9 +19,9 @@ import (
"github.com/coder/coder/v2/agent/agenttest"
"github.com/coder/coder/v2/coderd/coderdtest"
"github.com/coder/coder/v2/coderd/httpapi"
"github.com/coder/coder/v2/coderd/httpmw"
"github.com/coder/coder/v2/coderd/workspaceapps"
"github.com/coder/coder/v2/coderd/workspaceapps/appurl"
"github.com/coder/coder/v2/codersdk"
"github.com/coder/coder/v2/provisioner/echo"
"github.com/coder/coder/v2/provisionersdk/proto"
@ -751,7 +751,7 @@ func Test_ResolveRequest(t *testing.T) {
redirectURI, err := url.Parse(redirectURIStr)
require.NoError(t, err)
appHost := httpapi.ApplicationURL{
appHost := appurl.ApplicationURL{
Prefix: "",
AppSlugOrPort: req.AppSlugOrPort,
AgentName: req.AgentNameOrID,

25
coderd/workspaceapps/proxy.go
View File

@ -24,6 +24,7 @@ import (
"github.com/coder/coder/v2/coderd/httpmw"
"github.com/coder/coder/v2/coderd/tracing"
"github.com/coder/coder/v2/coderd/util/slice"
"github.com/coder/coder/v2/coderd/workspaceapps/appurl"
"github.com/coder/coder/v2/codersdk"
"github.com/coder/coder/v2/site"
)
@ -96,7 +97,7 @@ type Server struct {
// E.g. "*.apps.coder.com" or "*-apps.coder.com".
Hostname string
// HostnameRegex contains the regex version of Hostname as generated by
// httpapi.CompileHostnamePattern(). It MUST be set if Hostname is set.
// appurl.CompileHostnamePattern(). It MUST be set if Hostname is set.
HostnameRegex *regexp.Regexp
RealIPConfig *httpmw.RealIPConfig
@ -329,7 +330,7 @@ func (s *Server) workspaceAppsProxyPath(rw http.ResponseWriter, r *http.Request)
// 3. If the request hostname matches api.AccessURL then we pass on.
// 5. We split the subdomain into the subdomain and the "rest". If there are no
// periods in the hostname then we pass on.
// 5. We parse the subdomain into a httpapi.ApplicationURL struct. If we
// 5. We parse the subdomain into a appurl.ApplicationURL struct. If we
// encounter an error:
// a. If the "rest" does not match api.Hostname then we pass on;
// b. Otherwise, we return a 400.
@ -428,43 +429,43 @@ func (s *Server) HandleSubdomain(middlewares ...func(http.Handler) http.Handler)
// parseHostname will return if a given request is attempting to access a
// workspace app via a subdomain. If it is, the hostname of the request is parsed
// into an httpapi.ApplicationURL and true is returned. If the request is not
// into an appurl.ApplicationURL and true is returned. If the request is not
// accessing a workspace app, then the next handler is called and false is
// returned.
func (s *Server) parseHostname(rw http.ResponseWriter, r *http.Request, next http.Handler, host string) (httpapi.ApplicationURL, bool) {
func (s *Server) parseHostname(rw http.ResponseWriter, r *http.Request, next http.Handler, host string) (appurl.ApplicationURL, bool) {
// Check if the hostname matches either of the access URLs. If it does, the
// user was definitely trying to connect to the dashboard/API or a
// path-based app.
if httpapi.HostnamesMatch(s.DashboardURL.Hostname(), host) || httpapi.HostnamesMatch(s.AccessURL.Hostname(), host) {
if appurl.HostnamesMatch(s.DashboardURL.Hostname(), host) || appurl.HostnamesMatch(s.AccessURL.Hostname(), host) {
next.ServeHTTP(rw, r)
return httpapi.ApplicationURL{}, false
return appurl.ApplicationURL{}, false
}
// If there are no periods in the hostname, then it can't be a valid
// application URL.
if !strings.Contains(host, ".") {
next.ServeHTTP(rw, r)
return httpapi.ApplicationURL{}, false
return appurl.ApplicationURL{}, false
}
// Split the subdomain so we can parse the application details and verify it
// matches the configured app hostname later.
subdomain, ok := httpapi.ExecuteHostnamePattern(s.HostnameRegex, host)
subdomain, ok := appurl.ExecuteHostnamePattern(s.HostnameRegex, host)
if !ok {
// Doesn't match the regex, so it's not a valid application URL.
next.ServeHTTP(rw, r)
return httpapi.ApplicationURL{}, false
return appurl.ApplicationURL{}, false
}
// Check if the request is part of the deprecated logout flow. If so, we
// just redirect to the main access URL.
if subdomain == appLogoutHostname {
http.Redirect(rw, r, s.AccessURL.String(), http.StatusSeeOther)
return httpapi.ApplicationURL{}, false
return appurl.ApplicationURL{}, false
}
// Parse the application URL from the subdomain.
app, err := httpapi.ParseSubdomainAppURL(subdomain)
app, err := appurl.ParseSubdomainAppURL(subdomain)
if err != nil {
site.RenderStaticErrorPage(rw, r, site.ErrorPageData{
Status: http.StatusBadRequest,
@ -473,7 +474,7 @@ func (s *Server) parseHostname(rw http.ResponseWriter, r *http.Request, next htt
RetryEnabled: false,
DashboardURL: s.DashboardURL.String(),
})
return httpapi.ApplicationURL{}, false
return appurl.ApplicationURL{}, false
}
return app, true

4
coderd/workspaceapps/request.go
View File

@ -13,7 +13,7 @@ import (
"github.com/google/uuid"
"github.com/coder/coder/v2/coderd/database"
"github.com/coder/coder/v2/coderd/httpapi"
"github.com/coder/coder/v2/coderd/workspaceapps/appurl"
"github.com/coder/coder/v2/codersdk"
)
@ -63,7 +63,7 @@ func (r IssueTokenRequest) AppBaseURL() (*url.URL, error) {
return nil, xerrors.New("subdomain app hostname is required to generate subdomain app URL")
}
appHost := httpapi.ApplicationURL{
appHost := appurl.ApplicationURL{
Prefix: r.AppRequest.Prefix,
AppSlugOrPort: r.AppRequest.AppSlugOrPort,
AgentName: r.AppRequest.AgentNameOrID,

25
codersdk/deployment.go
View File

@ -18,6 +18,7 @@ import (
"github.com/coder/coder/v2/buildinfo"
"github.com/coder/coder/v2/cli/clibase"
"github.com/coder/coder/v2/coderd/workspaceapps/appurl"
)
// Entitlement represents whether a feature is licensed.
@ -132,11 +133,11 @@ func (c *Client) Entitlements(ctx context.Context) (Entitlements, error) {
// DeploymentValues is the central configuration values the coder server.
type DeploymentValues struct {
Verbose clibase.Bool `json:"verbose,omitempty"`
AccessURL clibase.URL `json:"access_url,omitempty"`
WildcardAccessURL clibase.URL `json:"wildcard_access_url,omitempty"`
DocsURL clibase.URL `json:"docs_url,omitempty"`
RedirectToAccessURL clibase.Bool `json:"redirect_to_access_url,omitempty"`
Verbose clibase.Bool `json:"verbose,omitempty"`
AccessURL clibase.URL `json:"access_url,omitempty"`
WildcardAccessURL clibase.String `json:"wildcard_access_url,omitempty"`
DocsURL clibase.URL `json:"docs_url,omitempty"`
RedirectToAccessURL clibase.Bool `json:"redirect_to_access_url,omitempty"`
// HTTPAddress is a string because it may be set to zero to disable.
HTTPAddress clibase.String `json:"http_address,omitempty" typescript:",notnull"`
AutobuildPollInterval clibase.Duration `json:"autobuild_poll_interval,omitempty"`
@ -611,7 +612,19 @@ when required by your organization's security policy.`,
Description: "Specifies the wildcard hostname to use for workspace applications in the form \"*.example.com\".",
Flag: "wildcard-access-url",
Env: "CODER_WILDCARD_ACCESS_URL",
Value: &c.WildcardAccessURL,
// Do not use a clibase.URL here. We are intentionally omitting the
// scheme part of the url (https://), so the standard url parsing
// will yield unexpected results.
//
// We have a validation function to ensure the wildcard url is correct,
// so use that instead.
Value: clibase.Validate(&c.WildcardAccessURL, func(value *clibase.String) error {
if value.Value() == "" {
return nil
}
_, err := appurl.CompileHostnamePattern(value.Value())
return err
}),
Group: &deploymentGroupNetworking,
YAML: "wildcardAccessURL",
Annotations: clibase.Annotations{}.Mark(annotationExternalProxies, "true"),

14
docs/api/general.md generated
View File

@ -401,19 +401,7 @@ curl -X GET http://coder-server:8080/api/v2/deployment/config \
"verbose": true,
"web_terminal_renderer": "string",
"wgtunnel_host": "string",
"wildcard_access_url": {
"forceQuery": true,
"fragment": "string",
"host": "string",
"omitHost": true,
"opaque": "string",
"path": "string",
"rawFragment": "string",
"rawPath": "string",
"rawQuery": "string",
"scheme": "string",
"user": {}
},
"wildcard_access_url": "string",
"write_config": true
},
"options": [

30
docs/api/schemas.md generated
View File

@ -2375,19 +2375,7 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in
"verbose": true,
"web_terminal_renderer": "string",
"wgtunnel_host": "string",
"wildcard_access_url": {
"forceQuery": true,
"fragment": "string",
"host": "string",
"omitHost": true,
"opaque": "string",
"path": "string",
"rawFragment": "string",
"rawPath": "string",
"rawQuery": "string",
"scheme": "string",
"user": {}
},
"wildcard_access_url": "string",
"write_config": true
},
"options": [
@ -2753,19 +2741,7 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in
"verbose": true,
"web_terminal_renderer": "string",
"wgtunnel_host": "string",
"wildcard_access_url": {
"forceQuery": true,
"fragment": "string",
"host": "string",
"omitHost": true,
"opaque": "string",
"path": "string",
"rawFragment": "string",
"rawPath": "string",
"rawQuery": "string",
"scheme": "string",
"user": {}
},
"wildcard_access_url": "string",
"write_config": true
}
```
@ -2829,7 +2805,7 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in
| `verbose` | boolean | false | | |
| `web_terminal_renderer` | string | false | | |
| `wgtunnel_host` | string | false | | |
| `wildcard_access_url` | [clibase.URL](#clibaseurl) | false | | |
| `wildcard_access_url` | string | false | | |
| `write_config` | boolean | false | | |
## codersdk.DisplayApp

2
docs/cli/server.md generated
View File

@ -1088,7 +1088,7 @@ The renderer to use when opening a web terminal. Valid values are 'canvas', 'web
| | |
| ----------- | ----------------------------------------- |
| Type | <code>url</code> |
| Type | <code>string</code> |
| Environment | <code>$CODER_WILDCARD_ACCESS_URL</code> |
| YAML | <code>networking.wildcardAccessURL</code> |

4
enterprise/cli/proxyserver.go
View File

@ -26,8 +26,8 @@ import (
"github.com/coder/coder/v2/cli/clilog"
"github.com/coder/coder/v2/cli/cliui"
"github.com/coder/coder/v2/coderd"
"github.com/coder/coder/v2/coderd/httpapi"
"github.com/coder/coder/v2/coderd/httpmw"
"github.com/coder/coder/v2/coderd/workspaceapps/appurl"
"github.com/coder/coder/v2/codersdk"
"github.com/coder/coder/v2/enterprise/wsproxy"
)
@ -208,7 +208,7 @@ func (r *RootCmd) proxyServer() *clibase.Cmd {
var appHostnameRegex *regexp.Regexp
appHostname := cfg.WildcardAccessURL.String()
if appHostname != "" {
appHostnameRegex, err = httpapi.CompileHostnamePattern(appHostname)
appHostnameRegex, err = appurl.CompileHostnamePattern(appHostname)
if err != nil {
return xerrors.Errorf("parse wildcard access URL %q: %w", appHostname, err)
}

2
enterprise/cli/testdata/coder_server_--help.golden vendored
View File

@ -168,7 +168,7 @@ NETWORKING OPTIONS:
--secure-auth-cookie bool, $CODER_SECURE_AUTH_COOKIE
Controls if the 'Secure' property is set on browser session cookies.
--wildcard-access-url url, $CODER_WILDCARD_ACCESS_URL
--wildcard-access-url string, $CODER_WILDCARD_ACCESS_URL
Specifies the wildcard hostname to use for workspace applications in
the form "*.example.com".

4
enterprise/coderd/coderdenttest/proxytest.go
View File

@ -19,7 +19,7 @@ import (
"cdr.dev/slog"
"cdr.dev/slog/sloggers/slogtest"
"github.com/coder/coder/v2/coderd/httpapi"
"github.com/coder/coder/v2/coderd/workspaceapps/appurl"
"github.com/coder/coder/v2/codersdk"
"github.com/coder/coder/v2/enterprise/coderd"
"github.com/coder/coder/v2/enterprise/wsproxy"
@ -99,7 +99,7 @@ func NewWorkspaceProxy(t *testing.T, coderdAPI *coderd.API, owner *codersdk.Clie
var appHostnameRegex *regexp.Regexp
if options.AppHostname != "" {
var err error
appHostnameRegex, err = httpapi.CompileHostnamePattern(options.AppHostname)
appHostnameRegex, err = appurl.CompileHostnamePattern(options.AppHostname)
require.NoError(t, err)
}

3
enterprise/coderd/workspaceproxy.go
View File

@ -26,6 +26,7 @@ import (
"github.com/coder/coder/v2/coderd/rbac"
"github.com/coder/coder/v2/coderd/telemetry"
"github.com/coder/coder/v2/coderd/workspaceapps"
"github.com/coder/coder/v2/coderd/workspaceapps/appurl"
"github.com/coder/coder/v2/codersdk"
"github.com/coder/coder/v2/cryptorand"
"github.com/coder/coder/v2/enterprise/coderd/proxyhealth"
@ -591,7 +592,7 @@ func (api *API) workspaceProxyRegister(rw http.ResponseWriter, r *http.Request)
}
if req.WildcardHostname != "" {
if _, err := httpapi.CompileHostnamePattern(req.WildcardHostname); err != nil {
if _, err := appurl.CompileHostnamePattern(req.WildcardHostname); err != nil {
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
Message: "Wildcard URL is invalid.",
Detail: err.Error(),

2
enterprise/wsproxy/wsproxy.go
View File

@ -59,7 +59,7 @@ type Options struct {
// E.g. "*.apps.coder.com" or "*-apps.coder.com".
AppHostname string
// AppHostnameRegex contains the regex version of options.AppHostname as
// generated by httpapi.CompileHostnamePattern(). It MUST be set if
// generated by appurl.CompileHostnamePattern(). It MUST be set if
// options.AppHostname is set.
AppHostnameRegex *regexp.Regexp