coder
diff --git a/‎.github/workflows/dogfood.yaml
+9-1 b/‎.github/workflows/dogfood.yaml
+9-1
diff --git a/‎Makefile
+3-3 b/‎Makefile
+3-3
diff --git a/‎cli/configssh.go
+2-8 b/‎cli/configssh.go
+2-8
diff --git a/‎cli/server.go
+2-2 b/‎cli/server.go
+2-2
diff --git a/‎coderd/coderd.go
+6-3 b/‎coderd/coderd.go
+6-3
diff --git a/‎coderd/coderdtest/authtest.go
+42-25 b/‎coderd/coderdtest/authtest.go
+42-25
diff --git a/‎coderd/database/databasefake/databasefake.go
+2-8 b/‎coderd/database/databasefake/databasefake.go
+2-8
diff --git a/‎coderd/database/errors.go
-9 b/‎coderd/database/errors.go
-9
diff --git a/‎coderd/database/dump/main.go renamed to ‎coderd/database/gen/dump/main.go
+1-1 b/‎coderd/database/dump/main.go renamed to ‎coderd/database/gen/dump/main.go
+1-1
diff --git a/‎coderd/database/gen/enum/main.go
+120 b/‎coderd/database/gen/enum/main.go
+120
@@ -21,6 +21,14 @@ jobs:
         id: branch-name
         uses: tj-actions/branch-names@v5.4
 
+      - name: "Branch name to Docker tag name"
+        id: docker-tag-name
+        run: |
+          tag=${{ steps.branch-name.outputs.current_branch }}
+          # Replace / with --, e.g. user/feature => user--feature.
+          tag=${tag//\//--}
+          echo "::set-output name=tag::${tag}"
+
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
 
@@ -38,6 +46,6 @@ jobs:
         with:
           context: "{{defaultContext}}:dogfood"
           push: true
-          tags: "codercom/oss-dogfood:${{ steps.branch-name.outputs.current_branch }},codercom/oss-dogfood:latest"
+          tags: "codercom/oss-dogfood:${{ steps.docker-tag-name.outputs.tag }},codercom/oss-dogfood:latest"
           cache-from: type=registry,ref=codercom/oss-dogfood:latest
           cache-to: type=inline
@@ -56,11 +56,11 @@ build: site/out/index.html $(shell find . -not -path './vendor/*' -type f -name
 .PHONY: build
 
 # Runs migrations to output a dump of the database.
-coderd/database/dump.sql: coderd/database/dump/main.go $(wildcard coderd/database/migrations/*.sql)
-	go run coderd/database/dump/main.go
+coderd/database/dump.sql: coderd/database/gen/dump/main.go $(wildcard coderd/database/migrations/*.sql)
+	go run coderd/database/gen/dump/main.go
 
 # Generates Go code for querying the database.
-coderd/database/querier.go: coderd/database/sqlc.yaml coderd/database/dump.sql $(wildcard coderd/database/queries/*.sql)
+coderd/database/querier.go: coderd/database/sqlc.yaml coderd/database/dump.sql $(wildcard coderd/database/queries/*.sql) coderd/database/gen/enum/main.go
 	coderd/database/generate.sh
 
 fmt/prettier:
 
@@ -280,16 +280,10 @@ func configSSH() *cobra.Command {
 						"\tLogLevel ERROR",
 					)
 					if !skipProxyCommand {
-						// In SSH configs, strings inside "" are interpreted literally and there
-						// is no need to e.g. escape backslashes (common on Windows platforms).
-						// We will escape the quotes, though.
-						escapedBinaryFile := strings.ReplaceAll(binaryFile, "\"", "\\\"")
 						if !wireguard {
-							//nolint:gocritic // We don't want to use %q here, see above.
-							configOptions = append(configOptions, fmt.Sprintf("\tProxyCommand \"%s\" --global-config \"%s\" ssh --stdio %s", escapedBinaryFile, root, hostname))
+							configOptions = append(configOptions, fmt.Sprintf("\tProxyCommand %q --global-config %q ssh --stdio %s", binaryFile, root, hostname))
 						} else {
-							//nolint:gocritic // We don't want to use %q here, see above.
-							configOptions = append(configOptions, fmt.Sprintf("\tProxyCommand \"%s\" --global-config \"%s\" ssh --wireguard --stdio %s", escapedBinaryFile, root, hostname))
+							configOptions = append(configOptions, fmt.Sprintf("\tProxyCommand %q --global-config %q ssh --wireguard --stdio %s", binaryFile, root, hostname))
 						}
 					}
 
 
@@ -659,13 +659,13 @@ func Server(newAPI func(*coderd.Options) *coderd.API) *cobra.Command {
 	root.AddCommand(&cobra.Command{
 		Use:   "postgres-builtin-url",
 		Short: "Output the connection URL for the built-in PostgreSQL deployment.",
-		RunE: func(cmd *cobra.Command, args []string) error {
+		RunE: func(cmd *cobra.Command, _ []string) error {
 			cfg := createConfig(cmd)
 			url, err := embeddedPostgresURL(cfg)
 			if err != nil {
 				return err
 			}
-			cmd.Println(cliui.Styles.Code.Render("psql \"" + url + "\""))
+			_, _ = fmt.Fprintf(cmd.OutOrStdout(), "psql %q\n", url)
 			return nil
 		},
 	})
 
@@ -131,22 +131,25 @@ func New(options *Options) *API {
 			})
 		},
 		httpmw.Prometheus(options.PrometheusRegistry),
+		api.handleSubdomain,
 	)
 
 	apps := func(r chi.Router) {
 		r.Use(
 			httpmw.RateLimitPerMinute(options.APIRateLimit),
+			tracing.HTTPMW(api.TracerProvider, "coderd.http"),
 			httpmw.ExtractAPIKey(options.Database, oauthConfigs, true),
 			httpmw.ExtractUserParam(api.Database),
-			tracing.HTTPMW(api.TracerProvider, "coderd.http"),
+			// Extracts the <workspace.agent> from the url
+			httpmw.ExtractWorkspaceAndAgentParam(api.Database),
 		)
 		r.HandleFunc("/*", api.workspaceAppsProxyPath)
 	}
 	// %40 is the encoded character of the @ symbol. VS Code Web does
 	// not handle character encoding properly, so it's safe to assume
 	// other applications might not as well.
-	r.Route("/%40{user}/{workspacename}/apps/{workspaceapp}", apps)
-	r.Route("/@{user}/{workspacename}/apps/{workspaceapp}", apps)
+	r.Route("/%40{user}/{workspace_and_agent}/apps/{workspaceapp}", apps)
+	r.Route("/@{user}/{workspace_and_agent}/apps/{workspaceapp}", apps)
 
 	r.Route("/api/v2", func(r chi.Router) {
 		r.NotFound(func(rw http.ResponseWriter, r *http.Request) {
 
@@ -85,6 +85,7 @@ func NewAuthTester(ctx context.Context, t *testing.T, options *Options) *AuthTes
 						Name: "some",
 						Type: "example",
 						Agents: []*proto.Agent{{
+							Name: "agent",
 							Id:   "something",
 							Auth: &proto.Agent_Token{},
 							Apps: []*proto.App{{
@@ -119,22 +120,23 @@ func NewAuthTester(ctx context.Context, t *testing.T, options *Options) *AuthTes
 	require.NoError(t, err, "create template param")
 
 	urlParameters := map[string]string{
-		"{organization}":       admin.OrganizationID.String(),
-		"{user}":               admin.UserID.String(),
-		"{organizationname}":   organization.Name,
-		"{workspace}":          workspace.ID.String(),
-		"{workspacebuild}":     workspace.LatestBuild.ID.String(),
-		"{workspacename}":      workspace.Name,
-		"{workspacebuildname}": workspace.LatestBuild.Name,
-		"{workspaceagent}":     workspaceResources[0].Agents[0].ID.String(),
-		"{buildnumber}":        strconv.FormatInt(int64(workspace.LatestBuild.BuildNumber), 10),
-		"{template}":           template.ID.String(),
-		"{hash}":               file.Hash,
-		"{workspaceresource}":  workspaceResources[0].ID.String(),
-		"{workspaceapp}":       workspaceResources[0].Agents[0].Apps[0].Name,
-		"{templateversion}":    version.ID.String(),
-		"{jobID}":              templateVersionDryRun.ID.String(),
-		"{templatename}":       template.Name,
+		"{organization}":        admin.OrganizationID.String(),
+		"{user}":                admin.UserID.String(),
+		"{organizationname}":    organization.Name,
+		"{workspace}":           workspace.ID.String(),
+		"{workspacebuild}":      workspace.LatestBuild.ID.String(),
+		"{workspacename}":       workspace.Name,
+		"{workspacebuildname}":  workspace.LatestBuild.Name,
+		"{workspaceagent}":      workspaceResources[0].Agents[0].ID.String(),
+		"{buildnumber}":         strconv.FormatInt(int64(workspace.LatestBuild.BuildNumber), 10),
+		"{template}":            template.ID.String(),
+		"{hash}":                file.Hash,
+		"{workspaceresource}":   workspaceResources[0].ID.String(),
+		"{workspaceapp}":        workspaceResources[0].Agents[0].Apps[0].Name,
+		"{templateversion}":     version.ID.String(),
+		"{jobID}":               templateVersionDryRun.ID.String(),
+		"{templatename}":        template.Name,
+		"{workspace_and_agent}": workspace.Name + "." + workspaceResources[0].Agents[0].Name,
 		// Only checking template scoped params here
 		"parameters/{scope}/{id}": fmt.Sprintf("parameters/%s/%s",
 			string(templateParam.Scope), templateParam.ScopeID.String()),
@@ -178,15 +180,6 @@ func AGPLRoutes(a *AuthTester) (map[string]string, map[string]RouteCheck) {
 		"POST:/api/v2/csp/reports":      {NoAuthorize: true},
 		"GET:/api/v2/entitlements":      {NoAuthorize: true},
 
-		"GET:/%40{user}/{workspacename}/apps/{workspaceapp}/*": {
-			AssertAction: rbac.ActionCreate,
-			AssertObject: workspaceExecObj,
-		},
-		"GET:/@{user}/{workspacename}/apps/{workspaceapp}/*": {
-			AssertAction: rbac.ActionCreate,
-			AssertObject: workspaceExecObj,
-		},
-
 		// Has it's own auth
 		"GET:/api/v2/users/oauth2/github/callback": {NoAuthorize: true},
 		"GET:/api/v2/users/oidc/callback":          {NoAuthorize: true},
@@ -399,6 +392,29 @@ func AGPLRoutes(a *AuthTester) (map[string]string, map[string]RouteCheck) {
 		"POST:/api/v2/workspaces/{workspace}/builds":                    {StatusCode: http.StatusBadRequest, NoAuthorize: true},
 		"POST:/api/v2/organizations/{organization}/templateversions":    {StatusCode: http.StatusBadRequest, NoAuthorize: true},
 	}
+
+	// Routes like proxy routes support all HTTP methods. A helper func to expand
+	// 1 url to all http methods.
+	assertAllHTTPMethods := func(url string, check RouteCheck) {
+		methods := []string{http.MethodGet, http.MethodHead, http.MethodPost,
+			http.MethodPut, http.MethodPatch, http.MethodDelete,
+			http.MethodConnect, http.MethodOptions, http.MethodTrace}
+
+		for _, method := range methods {
+			route := method + ":" + url
+			assertRoute[route] = check
+		}
+	}
+
+	assertAllHTTPMethods("/%40{user}/{workspace_and_agent}/apps/{workspaceapp}/*", RouteCheck{
+		AssertAction: rbac.ActionCreate,
+		AssertObject: workspaceExecObj,
+	})
+	assertAllHTTPMethods("/@{user}/{workspace_and_agent}/apps/{workspaceapp}/*", RouteCheck{
+		AssertAction: rbac.ActionCreate,
+		AssertObject: workspaceExecObj,
+	})
+
 	return skipRoutes, assertRoute
 }
 
@@ -446,6 +462,7 @@ func (a *AuthTester) Test(ctx context.Context, assertRoute map[string]RouteCheck
 			a.t.Run(name, func(t *testing.T) {
 				a.authorizer.reset()
 				routeKey := strings.TrimRight(name, "/")
+
 				routeAssertions, ok := assertRoute[routeKey]
 				if !ok {
 					// By default, all omitted routes check for just "authorize" called
 
@@ -592,14 +592,14 @@ func (q *fakeQuerier) GetLatestWorkspaceBuildByWorkspaceID(_ context.Context, wo
 	defer q.mutex.RUnlock()
 
 	var row database.WorkspaceBuild
-	var buildNum int32
+	var buildNum int32 = -1
 	for _, workspaceBuild := range q.workspaceBuilds {
 		if workspaceBuild.WorkspaceID.String() == workspaceID.String() && workspaceBuild.BuildNumber > buildNum {
 			row = workspaceBuild
 			buildNum = workspaceBuild.BuildNumber
 		}
 	}
-	if buildNum == 0 {
+	if buildNum == -1 {
 		return database.WorkspaceBuild{}, sql.ErrNoRows
 	}
 	return row, nil
@@ -1263,9 +1263,6 @@ func (q *fakeQuerier) GetWorkspaceAgentsByResourceIDs(_ context.Context, resourc
 			workspaceAgents = append(workspaceAgents, agent)
 		}
 	}
-	if len(workspaceAgents) == 0 {
-		return nil, sql.ErrNoRows
-	}
 	return workspaceAgents, nil
 }
 
@@ -1347,9 +1344,6 @@ func (q *fakeQuerier) GetWorkspaceResourcesByJobID(_ context.Context, jobID uuid
 		}
 		resources = append(resources, resource)
 	}
-	if len(resources) == 0 {
-		return nil, sql.ErrNoRows
-	}
 	return resources, nil
 }
 
 
@@ -6,15 +6,6 @@ import (
 	"github.com/lib/pq"
 )
 
-// UniqueConstraint represents a named unique constraint on a table.
-type UniqueConstraint string
-
-// UniqueConstraint enums.
-// TODO(mafredri): Generate these from the database schema.
-const (
-	UniqueWorkspacesOwnerIDLowerIdx UniqueConstraint = "workspaces_owner_id_lower_idx"
-)
-
 // IsUniqueViolation checks if the error is due to a unique violation.
 // If one or more specific unique constraints are given as arguments,
 // the error must be caused by one of them. If no constraints are given,
 
@@ -88,7 +88,7 @@ func main() {
 	if !ok {
 		panic("couldn't get caller path")
 	}
-	err = os.WriteFile(filepath.Join(mainPath, "..", "..", "dump.sql"), []byte(dump), 0600)
+	err = os.WriteFile(filepath.Join(mainPath, "..", "..", "..", "dump.sql"), []byte(dump), 0o600)
 	if err != nil {
 		panic(err)
 	}
 
@@ -0,0 +1,120 @@
+package main
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"os"
+	"os/exec"
+	"strings"
+
+	"golang.org/x/xerrors"
+)
+
+const header = `// Code generated by gen/enum. DO NOT EDIT.
+package database
+`
+
+func main() {
+	if err := run(); err != nil {
+		panic(err)
+	}
+}
+
+func run() error {
+	dump, err := os.Open("dump.sql")
+	if err != nil {
+		_, _ = fmt.Fprintf(os.Stderr, "error: %s must be run in the database directory with dump.sql present\n", os.Args[0])
+		return err
+	}
+	defer dump.Close()
+
+	var uniqueConstraints []string
+
+	s := bufio.NewScanner(dump)
+	query := ""
+	for s.Scan() {
+		line := strings.TrimSpace(s.Text())
+		switch {
+		case strings.HasPrefix(line, "--"):
+		case line == "":
+		case strings.HasSuffix(line, ";"):
+			query += line
+			if isUniqueConstraint(query) {
+				uniqueConstraints = append(uniqueConstraints, query)
+			}
+			query = ""
+		default:
+			query += line + " "
+		}
+	}
+	if err = s.Err(); err != nil {
+		return err
+	}
+
+	return writeContents("unique_constraint.go", uniqueConstraints, generateUniqueConstraints)
+}
+
+func isUniqueConstraint(query string) bool {
+	return strings.Contains(query, "UNIQUE")
+}
+
+func generateUniqueConstraints(queries []string) ([]byte, error) {
+	s := &bytes.Buffer{}
+
+	_, _ = fmt.Fprint(s, header)
+	_, _ = fmt.Fprint(s, `
+// UniqueConstraint represents a named unique constraint on a table.
+type UniqueConstraint string
+
+// UniqueConstraint enums.
+const (
+`)
+	for _, query := range queries {
+		name := ""
+		switch {
+		case strings.Contains(query, "ALTER TABLE") && strings.Contains(query, "ADD CONSTRAINT"):
+			name = strings.Split(query, " ")[6]
+		case strings.Contains(query, "CREATE UNIQUE INDEX"):
+			name = strings.Split(query, " ")[3]
+		default:
+			return nil, xerrors.Errorf("unknown unique constraint format: %s", query)
+		}
+		_, _ = fmt.Fprintf(s, "\tUnique%s UniqueConstraint = %q // %s\n", nameFromSnakeCase(name), name, query)
+	}
+	_, _ = fmt.Fprint(s, ")\n")
+
+	return s.Bytes(), nil
+}
+
+func writeContents[T any](dest string, arg T, fn func(T) ([]byte, error)) error {
+	b, err := fn(arg)
+	if err != nil {
+		return err
+	}
+	err = os.WriteFile(dest, b, 0o600)
+	if err != nil {
+		return err
+	}
+	cmd := exec.Command("goimports", "-w", dest)
+	return cmd.Run()
+}
+
+func nameFromSnakeCase(s string) string {
+	var ret string
+	for _, ss := range strings.Split(s, "_") {
+		switch ss {
+		case "id":
+			ret += "ID"
+		case "ids":
+			ret += "IDs"
+		case "jwt":
+			ret += "JWT"
+		case "idx":
+			ret += "Index"
+		default:
+			ret += strings.Title(ss)
+		}
+	}
+	return ret
+}
Original file line number	Diff line number	Diff line change
`@@ -280,16 +280,10 @@ func configSSH() *cobra.Command {`
`280`	`280`	`"\tLogLevel ERROR",`
`281`	`281`	`)`
`282`	`282`	`if !skipProxyCommand {`
`283`		`- // In SSH configs, strings inside "" are interpreted literally and there`
`284`		`- // is no need to e.g. escape backslashes (common on Windows platforms).`
`285`		`- // We will escape the quotes, though.`
`286`		`- escapedBinaryFile := strings.ReplaceAll(binaryFile, "\"", "\\\"")`
`287`	`283`	`if !wireguard {`
`288`		`- //nolint:gocritic // We don't want to use %q here, see above.`
`289`		`- configOptions = append(configOptions, fmt.Sprintf("\tProxyCommand \"%s\" --global-config \"%s\" ssh --stdio %s", escapedBinaryFile, root, hostname))`
	`284`	`+ configOptions = append(configOptions, fmt.Sprintf("\tProxyCommand %q --global-config %q ssh --stdio %s", binaryFile, root, hostname))`
`290`	`285`	`} else {`
`291`		`- //nolint:gocritic // We don't want to use %q here, see above.`
`292`		`- configOptions = append(configOptions, fmt.Sprintf("\tProxyCommand \"%s\" --global-config \"%s\" ssh --wireguard --stdio %s", escapedBinaryFile, root, hostname))`
	`286`	`+ configOptions = append(configOptions, fmt.Sprintf("\tProxyCommand %q --global-config %q ssh --wireguard --stdio %s", binaryFile, root, hostname))`
`293`	`287`	`}`
`294`	`288`	`}`
`295`	`289`
Original file line number	Diff line number	Diff line change
`@@ -592,14 +592,14 @@ func (q *fakeQuerier) GetLatestWorkspaceBuildByWorkspaceID(_ context.Context, wo`
`592`	`592`	`defer q.mutex.RUnlock()`
`593`	`593`
`594`	`594`	`var row database.WorkspaceBuild`
`595`		`- var buildNum int32`
	`595`	`+ var buildNum int32 = -1`
`596`	`596`	`for _, workspaceBuild := range q.workspaceBuilds {`
`597`	`597`	`if workspaceBuild.WorkspaceID.String() == workspaceID.String() && workspaceBuild.BuildNumber > buildNum {`
`598`	`598`	`row = workspaceBuild`
`599`	`599`	`buildNum = workspaceBuild.BuildNumber`
`600`	`600`	`}`
`601`	`601`	`}`
`602`		`- if buildNum == 0 {`
	`602`	`+ if buildNum == -1 {`
`603`	`603`	`return database.WorkspaceBuild{}, sql.ErrNoRows`
`604`	`604`	`}`
`605`	`605`	`return row, nil`
`@@ -1263,9 +1263,6 @@ func (q *fakeQuerier) GetWorkspaceAgentsByResourceIDs(_ context.Context, resourc`
`1263`	`1263`	`workspaceAgents = append(workspaceAgents, agent)`
`1264`	`1264`	`}`
`1265`	`1265`	`}`
`1266`		`- if len(workspaceAgents) == 0 {`
`1267`		`- return nil, sql.ErrNoRows`
`1268`		`- }`
`1269`	`1266`	`return workspaceAgents, nil`
`1270`	`1267`	`}`
`1271`	`1268`
`@@ -1347,9 +1344,6 @@ func (q *fakeQuerier) GetWorkspaceResourcesByJobID(_ context.Context, jobID uuid`
`1347`	`1344`	`}`
`1348`	`1345`	`resources = append(resources, resource)`
`1349`	`1346`	`}`
`1350`		`- if len(resources) == 0 {`
`1351`		`- return nil, sql.ErrNoRows`
`1352`		`- }`
`1353`	`1347`	`return resources, nil`
`1354`	`1348`	`}`
`1355`	`1349`
Original file line number	Diff line number	Diff line change
`@@ -88,7 +88,7 @@ func main() {`
`88`	`88`	`if !ok {`
`89`	`89`	`panic("couldn't get caller path")`
`90`	`90`	`}`
`91`		`- err = os.WriteFile(filepath.Join(mainPath, "..", "..", "dump.sql"), []byte(dump), 0600)`
	`91`	`+ err = os.WriteFile(filepath.Join(mainPath, "..", "..", "..", "dump.sql"), []byte(dump), 0o600)`
`92`	`92`	`if err != nil {`
`93`	`93`	`panic(err)`
`94`	`94`	`}`