Skip to content

Commit 8ccc6ea

Browse files
mafredrimafredri
committed
add app audit session timeout to dbtokenprovider
1 parent d8628f1 commit 8ccc6ea

File tree

2 files changed

+26
-18
lines changed

2 files changed

+26
-18
lines changed

coderd/coderd.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -226,6 +226,7 @@ type Options struct {
226226
UpdateAgentMetrics func(ctx context.Context, labels prometheusmetrics.AgentMetricLabels, metrics []*agentproto.Stats_Metric)
227227
StatsBatcher workspacestats.Batcher
228228

229+
WorkspaceAppAuditSessionTimeout time.Duration
229230
WorkspaceAppsStatsCollectorOptions workspaceapps.StatsCollectorOptions
230231

231232
// This janky function is used in telemetry to parse fields out of the raw
@@ -560,6 +561,7 @@ func New(options *Options) *API {
560561
options.DeploymentValues,
561562
oauthConfigs,
562563
options.AgentInactiveDisconnectTimeout,
564+
options.WorkspaceAppAuditSessionTimeout,
563565
options.AppSigningKeyCache,
564566
)
565567

coderd/workspaceapps/db.go

Lines changed: 24 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -39,14 +39,15 @@ type DBTokenProvider struct {
3939
Logger slog.Logger
4040

4141
// DashboardURL is the main dashboard access URL for error pages.
42-
DashboardURL *url.URL
43-
Authorizer rbac.Authorizer
44-
Auditor *atomic.Pointer[audit.Auditor]
45-
Database database.Store
46-
DeploymentValues *codersdk.DeploymentValues
47-
OAuth2Configs *httpmw.OAuth2Configs
48-
WorkspaceAgentInactiveTimeout time.Duration
49-
Keycache cryptokeys.SigningKeycache
42+
DashboardURL *url.URL
43+
Authorizer rbac.Authorizer
44+
Auditor *atomic.Pointer[audit.Auditor]
45+
Database database.Store
46+
DeploymentValues *codersdk.DeploymentValues
47+
OAuth2Configs *httpmw.OAuth2Configs
48+
WorkspaceAgentInactiveTimeout time.Duration
49+
WorkspaceAppAuditSessionTimeout time.Duration
50+
Keycache cryptokeys.SigningKeycache
5051
}
5152

5253
var _ SignedTokenProvider = &DBTokenProvider{}
@@ -59,22 +60,27 @@ func NewDBTokenProvider(log slog.Logger,
5960
cfg *codersdk.DeploymentValues,
6061
oauth2Cfgs *httpmw.OAuth2Configs,
6162
workspaceAgentInactiveTimeout time.Duration,
63+
workspaceAppAuditSessionTimeout time.Duration,
6264
signer cryptokeys.SigningKeycache,
6365
) SignedTokenProvider {
6466
if workspaceAgentInactiveTimeout == 0 {
6567
workspaceAgentInactiveTimeout = 1 * time.Minute
6668
}
69+
if workspaceAppAuditSessionTimeout == 0 {
70+
workspaceAppAuditSessionTimeout = time.Hour
71+
}
6772

6873
return &DBTokenProvider{
69-
Logger: log,
70-
DashboardURL: accessURL,
71-
Authorizer: authz,
72-
Auditor: auditor,
73-
Database: db,
74-
DeploymentValues: cfg,
75-
OAuth2Configs: oauth2Cfgs,
76-
WorkspaceAgentInactiveTimeout: workspaceAgentInactiveTimeout,
77-
Keycache: signer,
74+
Logger: log,
75+
DashboardURL: accessURL,
76+
Authorizer: authz,
77+
Auditor: auditor,
78+
Database: db,
79+
DeploymentValues: cfg,
80+
OAuth2Configs: oauth2Cfgs,
81+
WorkspaceAgentInactiveTimeout: workspaceAgentInactiveTimeout,
82+
WorkspaceAppAuditSessionTimeout: workspaceAppAuditSessionTimeout,
83+
Keycache: signer,
7884
}
7985
}
8086

@@ -446,7 +452,7 @@ func (p *DBTokenProvider) auditInitAutocommitRequest(ctx context.Context, w http
446452
UserID: userID,
447453
Ip: aReq.ip,
448454
UpdatedAt: aReq.time,
449-
StaleIntervalMS: (2 * time.Hour).Milliseconds(),
455+
StaleIntervalMS: p.WorkspaceAppAuditSessionTimeout.Milliseconds(),
450456
})
451457
if err != nil {
452458
return xerrors.Errorf("update workspace app audit session: %w", err)

0 commit comments

Comments
 (0)