add slug or port to support separation of terminal and ports

mafredri · mafredri · commit 5bb42c2d5603 · 2025-03-06T13:55:56.000+02:00
diff --git a/coderd/database/dbmem/dbmem.go b/coderd/database/dbmem/dbmem.go
@@ -9262,13 +9262,14 @@ func (q *FakeQuerier) InsertWorkspaceAppAuditSession(_ context.Context, arg data
 
 	id := uuid.New()
 	q.workspaceAppAuditSessions = append(q.workspaceAppAuditSessions, database.WorkspaceAppAuditSession{
-		ID:        id,
-		AgentID:   arg.AgentID,
-		AppID:     arg.AppID,
-		UserID:    arg.UserID,
-		Ip:        arg.Ip,
-		StartedAt: arg.StartedAt,
-		UpdatedAt: arg.UpdatedAt,
+		ID:         id,
+		AgentID:    arg.AgentID,
+		AppID:      arg.AppID,
+		UserID:     arg.UserID,
+		Ip:         arg.Ip,
+		SlugOrPort: arg.SlugOrPort,
+		StartedAt:  arg.StartedAt,
+		UpdatedAt:  arg.UpdatedAt,
 	})
 
 	return id, nil
@@ -11043,6 +11044,9 @@ func (q *FakeQuerier) UpdateWorkspaceAppAuditSession(_ context.Context, arg data
 		if s.Ip.IPNet.String() != arg.Ip.IPNet.String() {
 			continue
 		}
+		if s.SlugOrPort != arg.SlugOrPort {
+			continue
+		}
 		staleTime := dbtime.Now().Add(-(time.Duration(arg.StaleIntervalMS) * time.Millisecond))
 		if !s.UpdatedAt.After(staleTime) {
 			continue
diff --git a/coderd/database/migrations/000301_add_workspace_app_audit_sessions.up.sql b/coderd/database/migrations/000301_add_workspace_app_audit_sessions.up.sql
@@ -2,8 +2,9 @@ CREATE UNLOGGED TABLE workspace_app_audit_sessions (
 	id UUID PRIMARY KEY NOT NULL DEFAULT gen_random_uuid(),
 	agent_id UUID NOT NULL,
 	app_id UUID NULL,
-	user_id UUID,
-	ip inet,
+	user_id UUID NULL,
+	ip inet NOT NULL,
+	slug_or_port TEXT NOT NULL,
 	started_at TIMESTAMP WITH TIME ZONE NOT NULL,
 	updated_at TIMESTAMP WITH TIME ZONE NOT NULL,
 	FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE,
@@ -13,13 +14,14 @@ CREATE UNLOGGED TABLE workspace_app_audit_sessions (
 
 COMMENT ON TABLE workspace_app_audit_sessions IS 'Audit sessions for workspace apps, the data in this table is ephemeral and is used to track the current session of a user in a workspace app.';
 COMMENT ON COLUMN workspace_app_audit_sessions.id IS 'Unique identifier for the workspace app audit session.';
-COMMENT ON COLUMN workspace_app_audit_sessions.user_id IS 'The user that is currently using the workspace app. This is nullable because the app may be public.';
-COMMENT ON COLUMN workspace_app_audit_sessions.ip IS 'The IP address of the user that is currently using the workspace app.';
 COMMENT ON COLUMN workspace_app_audit_sessions.agent_id IS 'The agent that is currently in the workspace app.';
 COMMENT ON COLUMN workspace_app_audit_sessions.app_id IS 'The app that is currently in the workspace app. This is nullable because ports are not associated with an app.';
+COMMENT ON COLUMN workspace_app_audit_sessions.user_id IS 'The user that is currently using the workspace app. This is nullable because the app may be public.';
+COMMENT ON COLUMN workspace_app_audit_sessions.ip IS 'The IP address of the user that is currently using the workspace app.';
+COMMENT ON COLUMN workspace_app_audit_sessions.slug_or_port IS 'The slug or port of the workspace app that the user is currently using.';
 COMMENT ON COLUMN workspace_app_audit_sessions.started_at IS 'The time the user started the session.';
 COMMENT ON COLUMN workspace_app_audit_sessions.updated_at IS 'The time the session was last updated.';
 
-CREATE INDEX workspace_app_audit_sessions_agent_id_app_id ON workspace_app_audit_sessions (agent_id, app_id);
+CREATE INDEX workspace_app_audit_sessions_agent_id_app_id_slug_or_port ON workspace_app_audit_sessions (agent_id, app_id, slug_or_port);
 
-COMMENT ON INDEX workspace_app_audit_sessions_agent_id_app_id IS 'Index for the agent_id and app_id columns to perform updates.';
+COMMENT ON INDEX workspace_app_audit_sessions_agent_id_app_id_slug_or_port IS 'Index for the agent_id and app_id columns to perform updates.';
diff --git a/coderd/database/queries/workspaceappaudit.sql b/coderd/database/queries/workspaceappaudit.sql
@@ -5,6 +5,7 @@ INSERT INTO
 		app_id,
 		user_id,
 		ip,
+		slug_or_port,
 		started_at,
 		updated_at
 	)
@@ -15,7 +16,8 @@ VALUES
 		$3,
 		$4,
 		$5,
-		$6
+		$6,
+		$7
 	)
 RETURNING
 	id;
@@ -33,6 +35,7 @@ WHERE
 	AND app_id IS NOT DISTINCT FROM @app_id
 	AND user_id IS NOT DISTINCT FROM @user_id
 	AND ip IS NOT DISTINCT FROM @ip
+	AND slug_or_port = @slug_or_port
 	AND updated_at > NOW() - (@stale_interval_ms::bigint || ' ms')::interval
 RETURNING
 	id;
diff --git a/coderd/workspaceapps/db.go b/coderd/workspaceapps/db.go
@@ -414,15 +414,21 @@ func (p *DBTokenProvider) auditInitAutocommitRequest(ctx context.Context, w http
 
 		type additionalFields struct {
 			audit.AdditionalFields
-			App string `json:"app"`
+			SlugOrPort string `json:"slug_or_port,omitempty"`
 		}
 		appInfo := additionalFields{
 			AdditionalFields: audit.AdditionalFields{
 				WorkspaceOwner: aReq.dbReq.Workspace.OwnerUsername,
 				WorkspaceName:  aReq.dbReq.Workspace.Name,
 				WorkspaceID:    aReq.dbReq.Workspace.ID,
 			},
-			App: aReq.dbReq.AppSlugOrPort,
+		}
+		switch {
+		case aReq.dbReq.AccessMethod == AccessMethodTerminal:
+			appInfo.SlugOrPort = "terminal"
+		case aReq.dbReq.App.ID == uuid.Nil:
+			// If this isn't an app or a terminal, it's a port.
+			appInfo.SlugOrPort = aReq.dbReq.AppSlugOrPort
 		}
 
 		appInfoBytes, err := json.Marshal(appInfo)
@@ -448,6 +454,7 @@ func (p *DBTokenProvider) auditInitAutocommitRequest(ctx context.Context, w http
 				AppID:           uuid.NullUUID{Valid: aReq.dbReq.App.ID != uuid.Nil, UUID: aReq.dbReq.App.ID},
 				UserID:          userID,
 				Ip:              aReq.ip,
+				SlugOrPort:      appInfo.SlugOrPort,
 				UpdatedAt:       aReq.time,
 				StaleIntervalMS: p.WorkspaceAppAuditSessionTimeout.Milliseconds(),
 			})
