This package is not in the latest version of its module.
Go to latest Published: Aug 1, 2023 License: AGPL-3.0The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Modules with tagged versions give importers more predictable builds.
When a project reaches major version v1 it is considered stable.
This section is empty.
WebsocketNetConn wraps websocket.NetConn and returns a context that is tied to the parent context and the lifetime of the conn. Any error during read or write will cancel the context, but not close the conn. Close should be called to release context resources.
WriteWorkspaceApp404 writes a HTML 404 error page for a workspace app. If appReq is not nil, it will be used to log the request details at debug level.
WriteWorkspaceApp500 writes a HTML 500 error page for a workspace app. If appReq is not nil, it's fields will be added to the logged error message.
WriteWorkspaceAppOffline writes a HTML 502 error page for a workspace app. If appReq is not nil, it will be used to log the request details at debug level.
DBTokenProvider provides authentication and authorization for workspace apps by querying the database if the request is missing a valid token.
AppBaseURL returns the base URL of this specific app request. An error is returned if a subdomain app hostname is not provided but the app is a subdomain app.
SecurityKey is used for signing and encrypting app tokens and API keys.
The first 64 bytes of the key are used for signing tokens with HMAC-SHA256, and the last 32 bytes are used for encrypting API keys with AES-256-GCM. We use a single key for both operations to avoid having to store and manage two keys.
DecryptAPIKey undoes EncryptAPIKey and is used in the subdomain app handler.
EncryptAPIKey encrypts an API key for subdomain token smuggling.
SignToken generates a signed workspace app token with the given payload. If the payload doesn't have an expiry, it will be set to the current time plus the default expiry.
VerifySignedToken parses a signed workspace app token with the given key and returns the payload. If the token is invalid or expired, an error is returned.
Server serves workspace apps endpoints, including: - Path-based apps - Subdomain app middleware - Workspace reconnecting-pty (aka. web terminal)
Close waits for all reconnecting-pty WebSocket connections to drain before returning.
HandleSubdomain handles subdomain-based application proxy requests (aka. DevURLs in Coder V1).
There are a lot of paths here:
Rationales for each of the above steps:
SignedToken is the struct data contained inside a workspace app JWE. It contains the details of the workspace app that the token is valid for to avoid database queries.
FromRequest returns the signed token from the request, if it exists and is valid. The caller must check that the token matches the request.
MatchesRequest returns true if the token matches the request. Any token that does not match the request should be considered invalid.
SignedTokenProvider provides signed workspace app tokens (aka. app tickets).
| ? | : This menu |
| / | : Search site |
| f or F | : Jump to |
| y or Y | : Canonical URL |