coder
diff --git a/‎Makefile
Lines changed: 3 additions & 3 deletions b/‎Makefile
Lines changed: 3 additions & 3 deletions
diff --git a/‎cli/root.go
Lines changed: 48 additions & 35 deletions b/‎cli/root.go
Lines changed: 48 additions & 35 deletions
diff --git a/‎cli/server.go
Lines changed: 15 additions & 8 deletions b/‎cli/server.go
Lines changed: 15 additions & 8 deletions
diff --git a/‎coderd/coderd.go
Lines changed: 5 additions & 3 deletions b/‎coderd/coderd.go
Lines changed: 5 additions & 3 deletions
diff --git a/‎coderd/coderdtest/authtest.go
Lines changed: 42 additions & 25 deletions b/‎coderd/coderdtest/authtest.go
Lines changed: 42 additions & 25 deletions
diff --git a/‎coderd/database/databasefake/databasefake.go
Lines changed: 2 additions & 8 deletions b/‎coderd/database/databasefake/databasefake.go
Lines changed: 2 additions & 8 deletions
diff --git a/‎coderd/database/errors.go
Lines changed: 0 additions & 9 deletions b/‎coderd/database/errors.go
Lines changed: 0 additions & 9 deletions
diff --git a/‎coderd/database/dump/main.go renamed to ‎coderd/database/gen/dump/main.go
Lines changed: 1 addition & 1 deletion b/‎coderd/database/dump/main.go renamed to ‎coderd/database/gen/dump/main.go
Lines changed: 1 addition & 1 deletion
@@ -56,11 +56,11 @@ build: site/out/index.html $(shell find . -not -path './vendor/*' -type f -name
 .PHONY: build
 
 # Runs migrations to output a dump of the database.
-coderd/database/dump.sql: coderd/database/dump/main.go $(wildcard coderd/database/migrations/*.sql)
-	go run coderd/database/dump/main.go
+coderd/database/dump.sql: coderd/database/gen/dump/main.go $(wildcard coderd/database/migrations/*.sql)
+	go run coderd/database/gen/dump/main.go
 
 # Generates Go code for querying the database.
-coderd/database/querier.go: coderd/database/sqlc.yaml coderd/database/dump.sql $(wildcard coderd/database/queries/*.sql)
+coderd/database/querier.go: coderd/database/sqlc.yaml coderd/database/dump.sql $(wildcard coderd/database/queries/*.sql) coderd/database/gen/enum/main.go
 	coderd/database/generate.sh
 
 fmt/prettier:
 
@@ -35,18 +35,20 @@ var (
 )
 
 const (
-	varURL             = "url"
-	varToken           = "token"
-	varAgentToken      = "agent-token"
-	varAgentURL        = "agent-url"
-	varGlobalConfig    = "global-config"
-	varNoOpen          = "no-open"
-	varNoVersionCheck  = "no-version-warning"
-	varForceTty        = "force-tty"
-	varVerbose         = "verbose"
-	notLoggedInMessage = "You are not logged in. Try logging in using 'coder login <url>'."
-
-	envNoVersionCheck = "CODER_NO_VERSION_WARNING"
+	varURL              = "url"
+	varToken            = "token"
+	varAgentToken       = "agent-token"
+	varAgentURL         = "agent-url"
+	varGlobalConfig     = "global-config"
+	varNoOpen           = "no-open"
+	varNoVersionCheck   = "no-version-warning"
+	varNoFeatureWarning = "no-feature-warning"
+	varForceTty         = "force-tty"
+	varVerbose          = "verbose"
+	notLoggedInMessage  = "You are not logged in. Try logging in using 'coder login <url>'."
+
+	envNoVersionCheck   = "CODER_NO_VERSION_WARNING"
+	envNoFeatureWarning = "CODER_NO_FEATURE_WARNING"
 )
 
 var (
@@ -103,36 +105,33 @@ func Root(subcommands []*cobra.Command) *cobra.Command {
 		Long: `Coder — A tool for provisioning self-hosted development environments.
 `,
 		PersistentPreRun: func(cmd *cobra.Command, args []string) {
-			err := func() error {
-				if cliflag.IsSetBool(cmd, varNoVersionCheck) {
-					return nil
-				}
-
-				// Login handles checking the versions itself since it
-				// has a handle to an unauthenticated client.
-				// Server is skipped for obvious reasons.
-				if cmd.Name() == "login" || cmd.Name() == "server" || cmd.Name() == "gitssh" {
-					return nil
-				}
-
-				client, err := CreateClient(cmd)
-				// If the client is unauthenticated we can ignore the check.
-				// The child commands should handle an unauthenticated client.
-				if xerrors.Is(err, errUnauthenticated) {
-					return nil
-				}
-				if err != nil {
-					return xerrors.Errorf("create client: %w", err)
-				}
-				return checkVersions(cmd, client)
-			}()
+			if cliflag.IsSetBool(cmd, varNoVersionCheck) &&
+				cliflag.IsSetBool(cmd, varNoFeatureWarning) {
+				return
+			}
+
+			// Login handles checking the versions itself since it
+			// has a handle to an unauthenticated client.
+			// Server is skipped for obvious reasons.
+			if cmd.Name() == "login" || cmd.Name() == "server" || cmd.Name() == "gitssh" {
+				return
+			}
+
+			client, err := CreateClient(cmd)
+			// If we are unable to create a client, presumably the subcommand will fail as well
+			// so we can bail out here.
+			if err != nil {
+				return
+			}
+			err = checkVersions(cmd, client)
 			if err != nil {
 				// Just log the error here. We never want to fail a command
 				// due to a pre-run.
 				_, _ = fmt.Fprintf(cmd.ErrOrStderr(),
 					cliui.Styles.Warn.Render("check versions error: %s"), err)
 				_, _ = fmt.Fprintln(cmd.ErrOrStderr())
 			}
+			checkWarnings(cmd, client)
 		},
 		Example: formatExamples(
 			example{
@@ -152,6 +151,7 @@ func Root(subcommands []*cobra.Command) *cobra.Command {
 
 	cmd.PersistentFlags().String(varURL, "", "Specify the URL to your deployment.")
 	cliflag.Bool(cmd.PersistentFlags(), varNoVersionCheck, "", envNoVersionCheck, false, "Suppress warning when client and server versions do not match.")
+	cliflag.Bool(cmd.PersistentFlags(), varNoFeatureWarning, "", envNoFeatureWarning, false, "Suppress warnings about unlicensed features.")
 	cliflag.String(cmd.PersistentFlags(), varToken, "", envSessionToken, "", fmt.Sprintf("Specify an authentication token. For security reasons setting %s is preferred.", envSessionToken))
 	cliflag.String(cmd.PersistentFlags(), varAgentToken, "", "CODER_AGENT_TOKEN", "", "Specify an agent authentication token.")
 	_ = cmd.PersistentFlags().MarkHidden(varAgentToken)
@@ -493,3 +493,16 @@ download the server version with: 'curl -L https://coder.com/install.sh | sh -s
 
 	return nil
 }
+
+func checkWarnings(cmd *cobra.Command, client *codersdk.Client) {
+	if cliflag.IsSetBool(cmd, varNoFeatureWarning) {
+		return
+	}
+	entitlements, err := client.Entitlements(cmd.Context())
+	if err != nil {
+		return
+	}
+	for _, w := range entitlements.Warnings {
+		_, _ = fmt.Fprintln(cmd.ErrOrStderr(), cliui.Styles.Warn.Render(w))
+	}
+}
@@ -496,12 +496,16 @@ func Server(newAPI func(*coderd.Options) *coderd.API) *cobra.Command {
 
 			shutdownConnsCtx, shutdownConns := context.WithCancel(ctx)
 			defer shutdownConns()
+
+			// ReadHeaderTimeout is purposefully not enabled. It caused some issues with
+			// websockets over the dev tunnel.
+			// See: https://github.com/coder/coder/pull/3730
+			//nolint:gosec
 			server := &http.Server{
 				// These errors are typically noise like "TLS: EOF". Vault does similar:
 				// https://github.com/hashicorp/vault/blob/e2490059d0711635e529a4efcbaa1b26998d6e1c/command/server.go#L2714
-				ErrorLog:          log.New(io.Discard, "", 0),
-				Handler:           coderAPI.Handler,
-				ReadHeaderTimeout: time.Minute,
+				ErrorLog: log.New(io.Discard, "", 0),
+				Handler:  coderAPI.Handler,
 				BaseContext: func(_ net.Listener) context.Context {
 					return shutdownConnsCtx
 				},
@@ -659,13 +663,13 @@ func Server(newAPI func(*coderd.Options) *coderd.API) *cobra.Command {
 	root.AddCommand(&cobra.Command{
 		Use:   "postgres-builtin-url",
 		Short: "Output the connection URL for the built-in PostgreSQL deployment.",
-		RunE: func(cmd *cobra.Command, args []string) error {
+		RunE: func(cmd *cobra.Command, _ []string) error {
 			cfg := createConfig(cmd)
 			url, err := embeddedPostgresURL(cfg)
 			if err != nil {
 				return err
 			}
-			cmd.Println(cliui.Styles.Code.Render("psql \"" + url + "\""))
+			_, _ = fmt.Fprintf(cmd.OutOrStdout(), "psql %q\n", url)
 			return nil
 		},
 	})
@@ -1106,10 +1110,13 @@ func configureGithubOAuth2(accessURL *url.URL, clientID, clientSecret string, al
 func serveHandler(ctx context.Context, logger slog.Logger, handler http.Handler, addr, name string) (closeFunc func()) {
 	logger.Debug(ctx, "http server listening", slog.F("addr", addr), slog.F("name", name))
 
+	// ReadHeaderTimeout is purposefully not enabled. It caused some issues with
+	// websockets over the dev tunnel.
+	// See: https://github.com/coder/coder/pull/3730
+	//nolint:gosec
 	srv := &http.Server{
-		Addr:              addr,
-		Handler:           handler,
-		ReadHeaderTimeout: time.Minute,
+		Addr:    addr,
+		Handler: handler,
 	}
 	go func() {
 		err := srv.ListenAndServe()
 
@@ -136,17 +136,19 @@ func New(options *Options) *API {
 	apps := func(r chi.Router) {
 		r.Use(
 			httpmw.RateLimitPerMinute(options.APIRateLimit),
+			tracing.HTTPMW(api.TracerProvider, "coderd.http"),
 			httpmw.ExtractAPIKey(options.Database, oauthConfigs, true),
 			httpmw.ExtractUserParam(api.Database),
-			tracing.HTTPMW(api.TracerProvider, "coderd.http"),
+			// Extracts the <workspace.agent> from the url
+			httpmw.ExtractWorkspaceAndAgentParam(api.Database),
 		)
 		r.HandleFunc("/*", api.workspaceAppsProxyPath)
 	}
 	// %40 is the encoded character of the @ symbol. VS Code Web does
 	// not handle character encoding properly, so it's safe to assume
 	// other applications might not as well.
-	r.Route("/%40{user}/{workspacename}/apps/{workspaceapp}", apps)
-	r.Route("/@{user}/{workspacename}/apps/{workspaceapp}", apps)
+	r.Route("/%40{user}/{workspace_and_agent}/apps/{workspaceapp}", apps)
+	r.Route("/@{user}/{workspace_and_agent}/apps/{workspaceapp}", apps)
 
 	r.Route("/api/v2", func(r chi.Router) {
 		r.NotFound(func(rw http.ResponseWriter, r *http.Request) {
 
@@ -85,6 +85,7 @@ func NewAuthTester(ctx context.Context, t *testing.T, options *Options) *AuthTes
 						Name: "some",
 						Type: "example",
 						Agents: []*proto.Agent{{
+							Name: "agent",
 							Id:   "something",
 							Auth: &proto.Agent_Token{},
 							Apps: []*proto.App{{
@@ -119,22 +120,23 @@ func NewAuthTester(ctx context.Context, t *testing.T, options *Options) *AuthTes
 	require.NoError(t, err, "create template param")
 
 	urlParameters := map[string]string{
-		"{organization}":       admin.OrganizationID.String(),
-		"{user}":               admin.UserID.String(),
-		"{organizationname}":   organization.Name,
-		"{workspace}":          workspace.ID.String(),
-		"{workspacebuild}":     workspace.LatestBuild.ID.String(),
-		"{workspacename}":      workspace.Name,
-		"{workspacebuildname}": workspace.LatestBuild.Name,
-		"{workspaceagent}":     workspaceResources[0].Agents[0].ID.String(),
-		"{buildnumber}":        strconv.FormatInt(int64(workspace.LatestBuild.BuildNumber), 10),
-		"{template}":           template.ID.String(),
-		"{hash}":               file.Hash,
-		"{workspaceresource}":  workspaceResources[0].ID.String(),
-		"{workspaceapp}":       workspaceResources[0].Agents[0].Apps[0].Name,
-		"{templateversion}":    version.ID.String(),
-		"{jobID}":              templateVersionDryRun.ID.String(),
-		"{templatename}":       template.Name,
+		"{organization}":        admin.OrganizationID.String(),
+		"{user}":                admin.UserID.String(),
+		"{organizationname}":    organization.Name,
+		"{workspace}":           workspace.ID.String(),
+		"{workspacebuild}":      workspace.LatestBuild.ID.String(),
+		"{workspacename}":       workspace.Name,
+		"{workspacebuildname}":  workspace.LatestBuild.Name,
+		"{workspaceagent}":      workspaceResources[0].Agents[0].ID.String(),
+		"{buildnumber}":         strconv.FormatInt(int64(workspace.LatestBuild.BuildNumber), 10),
+		"{template}":            template.ID.String(),
+		"{hash}":                file.Hash,
+		"{workspaceresource}":   workspaceResources[0].ID.String(),
+		"{workspaceapp}":        workspaceResources[0].Agents[0].Apps[0].Name,
+		"{templateversion}":     version.ID.String(),
+		"{jobID}":               templateVersionDryRun.ID.String(),
+		"{templatename}":        template.Name,
+		"{workspace_and_agent}": workspace.Name + "." + workspaceResources[0].Agents[0].Name,
 		// Only checking template scoped params here
 		"parameters/{scope}/{id}": fmt.Sprintf("parameters/%s/%s",
 			string(templateParam.Scope), templateParam.ScopeID.String()),
@@ -178,15 +180,6 @@ func AGPLRoutes(a *AuthTester) (map[string]string, map[string]RouteCheck) {
 		"POST:/api/v2/csp/reports":      {NoAuthorize: true},
 		"GET:/api/v2/entitlements":      {NoAuthorize: true},
 
-		"GET:/%40{user}/{workspacename}/apps/{workspaceapp}/*": {
-			AssertAction: rbac.ActionCreate,
-			AssertObject: workspaceExecObj,
-		},
-		"GET:/@{user}/{workspacename}/apps/{workspaceapp}/*": {
-			AssertAction: rbac.ActionCreate,
-			AssertObject: workspaceExecObj,
-		},
-
 		// Has it's own auth
 		"GET:/api/v2/users/oauth2/github/callback": {NoAuthorize: true},
 		"GET:/api/v2/users/oidc/callback":          {NoAuthorize: true},
@@ -399,6 +392,29 @@ func AGPLRoutes(a *AuthTester) (map[string]string, map[string]RouteCheck) {
 		"POST:/api/v2/workspaces/{workspace}/builds":                    {StatusCode: http.StatusBadRequest, NoAuthorize: true},
 		"POST:/api/v2/organizations/{organization}/templateversions":    {StatusCode: http.StatusBadRequest, NoAuthorize: true},
 	}
+
+	// Routes like proxy routes support all HTTP methods. A helper func to expand
+	// 1 url to all http methods.
+	assertAllHTTPMethods := func(url string, check RouteCheck) {
+		methods := []string{http.MethodGet, http.MethodHead, http.MethodPost,
+			http.MethodPut, http.MethodPatch, http.MethodDelete,
+			http.MethodConnect, http.MethodOptions, http.MethodTrace}
+
+		for _, method := range methods {
+			route := method + ":" + url
+			assertRoute[route] = check
+		}
+	}
+
+	assertAllHTTPMethods("/%40{user}/{workspace_and_agent}/apps/{workspaceapp}/*", RouteCheck{
+		AssertAction: rbac.ActionCreate,
+		AssertObject: workspaceExecObj,
+	})
+	assertAllHTTPMethods("/@{user}/{workspace_and_agent}/apps/{workspaceapp}/*", RouteCheck{
+		AssertAction: rbac.ActionCreate,
+		AssertObject: workspaceExecObj,
+	})
+
 	return skipRoutes, assertRoute
 }
 
@@ -446,6 +462,7 @@ func (a *AuthTester) Test(ctx context.Context, assertRoute map[string]RouteCheck
 			a.t.Run(name, func(t *testing.T) {
 				a.authorizer.reset()
 				routeKey := strings.TrimRight(name, "/")
+
 				routeAssertions, ok := assertRoute[routeKey]
 				if !ok {
 					// By default, all omitted routes check for just "authorize" called
 
@@ -592,14 +592,14 @@ func (q *fakeQuerier) GetLatestWorkspaceBuildByWorkspaceID(_ context.Context, wo
 	defer q.mutex.RUnlock()
 
 	var row database.WorkspaceBuild
-	var buildNum int32
+	var buildNum int32 = -1
 	for _, workspaceBuild := range q.workspaceBuilds {
 		if workspaceBuild.WorkspaceID.String() == workspaceID.String() && workspaceBuild.BuildNumber > buildNum {
 			row = workspaceBuild
 			buildNum = workspaceBuild.BuildNumber
 		}
 	}
-	if buildNum == 0 {
+	if buildNum == -1 {
 		return database.WorkspaceBuild{}, sql.ErrNoRows
 	}
 	return row, nil
@@ -1263,9 +1263,6 @@ func (q *fakeQuerier) GetWorkspaceAgentsByResourceIDs(_ context.Context, resourc
 			workspaceAgents = append(workspaceAgents, agent)
 		}
 	}
-	if len(workspaceAgents) == 0 {
-		return nil, sql.ErrNoRows
-	}
 	return workspaceAgents, nil
 }
 
@@ -1347,9 +1344,6 @@ func (q *fakeQuerier) GetWorkspaceResourcesByJobID(_ context.Context, jobID uuid
 		}
 		resources = append(resources, resource)
 	}
-	if len(resources) == 0 {
-		return nil, sql.ErrNoRows
-	}
 	return resources, nil
 }
 
 
@@ -6,15 +6,6 @@ import (
 	"github.com/lib/pq"
 )
 
-// UniqueConstraint represents a named unique constraint on a table.
-type UniqueConstraint string
-
-// UniqueConstraint enums.
-// TODO(mafredri): Generate these from the database schema.
-const (
-	UniqueWorkspacesOwnerIDLowerIdx UniqueConstraint = "workspaces_owner_id_lower_idx"
-)
-
 // IsUniqueViolation checks if the error is due to a unique violation.
 // If one or more specific unique constraints are given as arguments,
 // the error must be caused by one of them. If no constraints are given,
 
@@ -88,7 +88,7 @@ func main() {
 	if !ok {
 		panic("couldn't get caller path")
 	}
-	err = os.WriteFile(filepath.Join(mainPath, "..", "..", "dump.sql"), []byte(dump), 0600)
+	err = os.WriteFile(filepath.Join(mainPath, "..", "..", "..", "dump.sql"), []byte(dump), 0o600)
 	if err != nil {
 		panic(err)
 	}
Original file line number	Diff line number	Diff line change
`@@ -592,14 +592,14 @@ func (q *fakeQuerier) GetLatestWorkspaceBuildByWorkspaceID(_ context.Context, wo`
`592`	`592`	`defer q.mutex.RUnlock()`
`593`	`593`
`594`	`594`	`var row database.WorkspaceBuild`
`595`		`- var buildNum int32`
	`595`	`+ var buildNum int32 = -1`
`596`	`596`	`for _, workspaceBuild := range q.workspaceBuilds {`
`597`	`597`	`if workspaceBuild.WorkspaceID.String() == workspaceID.String() && workspaceBuild.BuildNumber > buildNum {`
`598`	`598`	`row = workspaceBuild`
`599`	`599`	`buildNum = workspaceBuild.BuildNumber`
`600`	`600`	`}`
`601`	`601`	`}`
`602`		`- if buildNum == 0 {`
	`602`	`+ if buildNum == -1 {`
`603`	`603`	`return database.WorkspaceBuild{}, sql.ErrNoRows`
`604`	`604`	`}`
`605`	`605`	`return row, nil`
`@@ -1263,9 +1263,6 @@ func (q *fakeQuerier) GetWorkspaceAgentsByResourceIDs(_ context.Context, resourc`
`1263`	`1263`	`workspaceAgents = append(workspaceAgents, agent)`
`1264`	`1264`	`}`
`1265`	`1265`	`}`
`1266`		`- if len(workspaceAgents) == 0 {`
`1267`		`- return nil, sql.ErrNoRows`
`1268`		`- }`
`1269`	`1266`	`return workspaceAgents, nil`
`1270`	`1267`	`}`
`1271`	`1268`
`@@ -1347,9 +1344,6 @@ func (q *fakeQuerier) GetWorkspaceResourcesByJobID(_ context.Context, jobID uuid`
`1347`	`1344`	`}`
`1348`	`1345`	`resources = append(resources, resource)`
`1349`	`1346`	`}`
`1350`		`- if len(resources) == 0 {`
`1351`		`- return nil, sql.ErrNoRows`
`1352`		`- }`
`1353`	`1347`	`return resources, nil`
`1354`	`1348`	`}`
`1355`	`1349`
Original file line number	Diff line number	Diff line change
`@@ -88,7 +88,7 @@ func main() {`
`88`	`88`	`if !ok {`
`89`	`89`	`panic("couldn't get caller path")`
`90`	`90`	`}`
`91`		`- err = os.WriteFile(filepath.Join(mainPath, "..", "..", "dump.sql"), []byte(dump), 0600)`
	`91`	`+ err = os.WriteFile(filepath.Join(mainPath, "..", "..", "..", "dump.sql"), []byte(dump), 0o600)`
`92`	`92`	`if err != nil {`
`93`	`93`	`panic(err)`
`94`	`94`	`}`