@@ -116,7 +116,7 @@ func ExtractAPIKey(cfg ExtractAPIKeyConfig) func(http.Handler) http.Handler {
116
116
return func (next http.Handler ) http.Handler {
117
117
return http .HandlerFunc (func (rw http.ResponseWriter , r * http.Request ) {
118
118
ctx := r .Context ()
119
- systemCtx := dbauthz .WithAuthorizeSystemContext (ctx , rbac .RolesAdminSystem ())
119
+ // systemCtx := dbauthz.WithAuthorizeSystemContext(ctx, rbac.RolesAdminSystem())
120
120
// Write wraps writing a response to redirect if the handler
121
121
// specified it should. This redirect is used for user-facing pages
122
122
// like workspace applications.
@@ -161,7 +161,7 @@ func ExtractAPIKey(cfg ExtractAPIKeyConfig) func(http.Handler) http.Handler {
161
161
return
162
162
}
163
163
164
- key , err := cfg .DB .GetAPIKeyByID (systemCtx , keyID )
164
+ key , err := cfg .DB .GetAPIKeyByID (dbauthz . AsSystem ( ctx ) , keyID )
165
165
if err != nil {
166
166
if errors .Is (err , sql .ErrNoRows ) {
167
167
optionalWrite (http .StatusUnauthorized , codersdk.Response {
@@ -194,7 +194,7 @@ func ExtractAPIKey(cfg ExtractAPIKeyConfig) func(http.Handler) http.Handler {
194
194
changed = false
195
195
)
196
196
if key .LoginType == database .LoginTypeGithub || key .LoginType == database .LoginTypeOIDC {
197
- link , err = cfg .DB .GetUserLinkByUserIDLoginType (systemCtx , database.GetUserLinkByUserIDLoginTypeParams {
197
+ link , err = cfg .DB .GetUserLinkByUserIDLoginType (dbauthz . AsSystem ( ctx ) , database.GetUserLinkByUserIDLoginTypeParams {
198
198
UserID : key .UserID ,
199
199
LoginType : key .LoginType ,
200
200
})
@@ -277,7 +277,7 @@ func ExtractAPIKey(cfg ExtractAPIKeyConfig) func(http.Handler) http.Handler {
277
277
}
278
278
}
279
279
if changed {
280
- err := cfg .DB .UpdateAPIKeyByID (systemCtx , database.UpdateAPIKeyByIDParams {
280
+ err := cfg .DB .UpdateAPIKeyByID (dbauthz . AsSystem ( ctx ) , database.UpdateAPIKeyByIDParams {
281
281
ID : key .ID ,
282
282
LastUsed : key .LastUsed ,
283
283
ExpiresAt : key .ExpiresAt ,
@@ -293,7 +293,7 @@ func ExtractAPIKey(cfg ExtractAPIKeyConfig) func(http.Handler) http.Handler {
293
293
// If the API Key is associated with a user_link (e.g. Github/OIDC)
294
294
// then we want to update the relevant oauth fields.
295
295
if link .UserID != uuid .Nil {
296
- link , err = cfg .DB .UpdateUserLink (systemCtx , database.UpdateUserLinkParams {
296
+ link , err = cfg .DB .UpdateUserLink (dbauthz . AsSystem ( ctx ) , database.UpdateUserLinkParams {
297
297
UserID : link .UserID ,
298
298
LoginType : link .LoginType ,
299
299
OAuthAccessToken : link .OAuthAccessToken ,
@@ -312,7 +312,7 @@ func ExtractAPIKey(cfg ExtractAPIKeyConfig) func(http.Handler) http.Handler {
312
312
// We only want to update this occasionally to reduce DB write
313
313
// load. We update alongside the UserLink and APIKey since it's
314
314
// easier on the DB to colocate writes.
315
- _ , err = cfg .DB .UpdateUserLastSeenAt (systemCtx , database.UpdateUserLastSeenAtParams {
315
+ _ , err = cfg .DB .UpdateUserLastSeenAt (dbauthz . AsSystem ( ctx ) , database.UpdateUserLastSeenAtParams {
316
316
ID : key .UserID ,
317
317
LastSeenAt : database .Now (),
318
318
UpdatedAt : database .Now (),
@@ -329,7 +329,7 @@ func ExtractAPIKey(cfg ExtractAPIKeyConfig) func(http.Handler) http.Handler {
329
329
// If the key is valid, we also fetch the user roles and status.
330
330
// The roles are used for RBAC authorize checks, and the status
331
331
// is to block 'suspended' users from accessing the platform.
332
- roles , err := cfg .DB .GetAuthorizationUserRoles (systemCtx , key .UserID )
332
+ roles , err := cfg .DB .GetAuthorizationUserRoles (dbauthz . AsSystem ( ctx ) , key .UserID )
333
333
if err != nil {
334
334
write (http .StatusUnauthorized , codersdk.Response {
335
335
Message : internalErrorMessage ,
@@ -358,7 +358,7 @@ func ExtractAPIKey(cfg ExtractAPIKeyConfig) func(http.Handler) http.Handler {
358
358
Actor : actor ,
359
359
})
360
360
// Set the auth context for the authzquerier as well.
361
- ctx = dbauthz .WithAuthorizeContext (ctx , actor )
361
+ ctx = dbauthz .As (ctx , actor )
362
362
363
363
next .ServeHTTP (rw , r .WithContext (ctx ))
364
364
})
0 commit comments