Skip to content

Commit 838e562

Browse files
EmyrkEmyrk
committed
Include app security key
1 parent 1be275b commit 838e562

File tree

1 file changed

+27
-9
lines changed

1 file changed

+27
-9
lines changed

enterprise/cli/workspaceproxy.go

Lines changed: 27 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,7 @@ func (r *RootCmd) proxyServer() *clibase.Cmd {
107107
}
108108
proxySessionToken clibase.String
109109
primaryAccessURL clibase.URL
110+
appSecuritYKey clibase.String
110111
)
111112
opts.Add(
112113
// Options only for external workspace proxies
@@ -134,6 +135,20 @@ func (r *RootCmd) proxyServer() *clibase.Cmd {
134135
Group: &externalProxyOptionGroup,
135136
Hidden: false,
136137
},
138+
139+
// TODO: Make sure this is kept secret. Idk if a flag is the best option
140+
clibase.Option{
141+
Name: "App Security Key",
142+
Description: "App security key used for decrypting/verifying app tokens sent from coderd.",
143+
Flag: "app-security-key",
144+
Env: "CODER_APP_SECURITY_KEY",
145+
YAML: "appSecurityKey",
146+
Default: "",
147+
Value: &appSecuritYKey,
148+
Group: &externalProxyOptionGroup,
149+
Hidden: false,
150+
Annotations: clibase.Annotations{}.Mark("secret", "true"),
151+
},
137152
)
138153

139154
client := new(codersdk.Client)
@@ -153,6 +168,11 @@ func (r *RootCmd) proxyServer() *clibase.Cmd {
153168
return xerrors.Errorf("primary access URL must be http or https: url=%s", primaryAccessURL)
154169
}
155170

171+
secKey, err := workspaceapps.KeyFromString(appSecuritYKey.Value())
172+
if err != nil {
173+
return xerrors.Errorf("app security key: %w", err)
174+
}
175+
156176
var closers closers
157177
// Main command context for managing cancellation of running
158178
// services.
@@ -272,15 +292,13 @@ func (r *RootCmd) proxyServer() *clibase.Cmd {
272292
}
273293

274294
proxy, err := wsproxy.New(&wsproxy.Options{
275-
Logger: logger,
276-
// TODO: PrimaryAccessURL
277-
PrimaryAccessURL: primaryAccessURL.Value(),
278-
AccessURL: cfg.AccessURL.Value(),
279-
AppHostname: appHostname,
280-
AppHostnameRegex: appHostnameRegex,
281-
RealIPConfig: realIPConfig,
282-
// TODO: AppSecurityKey
283-
AppSecurityKey: workspaceapps.SecurityKey{},
295+
Logger: logger,
296+
PrimaryAccessURL: primaryAccessURL.Value(),
297+
AccessURL: cfg.AccessURL.Value(),
298+
AppHostname: appHostname,
299+
AppHostnameRegex: appHostnameRegex,
300+
RealIPConfig: realIPConfig,
301+
AppSecurityKey: secKey,
284302
Tracing: tracer,
285303
PrometheusRegistry: prometheusRegistry,
286304
APIRateLimit: int(cfg.RateLimit.API.Value()),

0 commit comments

Comments
 (0)