Add dev and entitlement checks to oauth2 provider

code-asher · code-asher · commit 7e7cda599241 · 2023-12-15T13:08:15.000-09:00
The endpoints are disabled until we can implement the token exchange.
diff --git a/enterprise/coderd/coderd.go b/enterprise/coderd/coderd.go
@@ -312,8 +312,10 @@ func New(ctx context.Context, options *Options) (_ *API, err error) {
 			r.Put("/", api.putUserQuietHoursSchedule)
 		})
 		r.Route("/oauth2-provider", func(r chi.Router) {
-			r.Use(apiKeyMiddleware)
-
+			r.Use(
+				apiKeyMiddleware,
+				api.oAuth2ProviderMiddleware,
+			)
 			r.Route("/apps", func(r chi.Router) {
 				r.Get("/", api.oAuth2ProviderApps)
 				r.Post("/", api.postOAuth2ProviderApp)
diff --git a/enterprise/coderd/oauth2.go b/enterprise/coderd/oauth2.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/google/uuid"
 
+	"github.com/coder/coder/v2/buildinfo"
 	"github.com/coder/coder/v2/coderd/database"
 	"github.com/coder/coder/v2/coderd/database/db2sdk"
 	"github.com/coder/coder/v2/coderd/database/dbtime"
@@ -15,6 +16,30 @@ import (
 	"github.com/coder/coder/v2/cryptorand"
 )
 
+func (api *API) oAuth2ProviderMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+		if !buildinfo.IsDev() {
+			httpapi.Write(r.Context(), rw, http.StatusForbidden, codersdk.Response{
+				Message: "OAuth2 provider is under development.",
+			})
+			return
+		}
+
+		api.entitlementsMu.RLock()
+		entitled := api.entitlements.Features[codersdk.FeatureOAuth2Provider].Entitlement != codersdk.EntitlementNotEntitled
+		api.entitlementsMu.RUnlock()
+
+		if !entitled {
+			httpapi.Write(r.Context(), rw, http.StatusForbidden, codersdk.Response{
+				Message: "OAuth2 provider is an Enterprise feature. Contact sales!",
+			})
+			return
+		}
+
+		next.ServeHTTP(rw, r)
+	})
+}
+
 // @Summary Get OAuth2 applications.
 // @ID get-oauth2-applications
 // @Security CoderSessionToken
