Skip to content

Commit 913c547

Browse files
EmyrkEmyrk
committed
Include app security key
1 parent 203a723 commit 913c547

File tree

1 file changed

+27
-9
lines changed

1 file changed

+27
-9
lines changed

enterprise/cli/workspaceproxy.go

Lines changed: 27 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,7 @@ func (r *RootCmd) proxyServer() *clibase.Cmd {
107107
}
108108
proxySessionToken clibase.String
109109
primaryAccessURL clibase.URL
110+
appSecuritYKey clibase.String
110111
)
111112
opts.Add(
112113
// Options only for external workspace proxies
@@ -134,6 +135,20 @@ func (r *RootCmd) proxyServer() *clibase.Cmd {
134135
Group: &externalProxyOptionGroup,
135136
Hidden: false,
136137
},
138+
139+
// TODO: Make sure this is kept secret. Idk if a flag is the best option
140+
clibase.Option{
141+
Name: "App Security Key",
142+
Description: "App security key used for decrypting/verifying app tokens sent from coderd.",
143+
Flag: "app-security-key",
144+
Env: "CODER_APP_SECURITY_KEY",
145+
YAML: "appSecurityKey",
146+
Default: "",
147+
Value: &appSecuritYKey,
148+
Group: &externalProxyOptionGroup,
149+
Hidden: false,
150+
Annotations: clibase.Annotations{}.Mark("secret", "true"),
151+
},
137152
)
138153

139154
client := new(codersdk.Client)
@@ -153,6 +168,11 @@ func (r *RootCmd) proxyServer() *clibase.Cmd {
153168
return xerrors.Errorf("primary access URL must be http or https: url=%s", primaryAccessURL)
154169
}
155170

171+
secKey, err := workspaceapps.KeyFromString(appSecuritYKey.Value())
172+
if err != nil {
173+
return xerrors.Errorf("app security key: %w", err)
174+
}
175+
156176
var closers closers
157177
// Main command context for managing cancellation of running
158178
// services.
@@ -272,15 +292,13 @@ func (r *RootCmd) proxyServer() *clibase.Cmd {
272292
}
273293

274294
proxy, err := wsproxy.New(&wsproxy.Options{
275-
Logger: logger,
276-
// TODO: PrimaryAccessURL
277-
PrimaryAccessURL: primaryAccessURL.Value(),
278-
AccessURL: cfg.AccessURL.Value(),
279-
AppHostname: appHostname,
280-
AppHostnameRegex: appHostnameRegex,
281-
RealIPConfig: realIPConfig,
282-
// TODO: AppSecurityKey
283-
AppSecurityKey: workspaceapps.SecurityKey{},
295+
Logger: logger,
296+
PrimaryAccessURL: primaryAccessURL.Value(),
297+
AccessURL: cfg.AccessURL.Value(),
298+
AppHostname: appHostname,
299+
AppHostnameRegex: appHostnameRegex,
300+
RealIPConfig: realIPConfig,
301+
AppSecurityKey: secKey,
284302
Tracing: tracer,
285303
PrometheusRegistry: prometheusRegistry,
286304
APIRateLimit: int(cfg.RateLimit.API.Value()),

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy