coder
diff --git a/‎.envrc
Lines changed: 1 addition & 0 deletions b/‎.envrc
Lines changed: 1 addition & 0 deletions
diff --git a/‎cli/configssh.go
Lines changed: 72 additions & 6 deletions b/‎cli/configssh.go
Lines changed: 72 additions & 6 deletions
diff --git a/‎cli/configssh_internal_test.go
Lines changed: 62 additions & 0 deletions b/‎cli/configssh_internal_test.go
Lines changed: 62 additions & 0 deletions
diff --git a/‎cli/features.go
Lines changed: 6 additions & 3 deletions b/‎cli/features.go
Lines changed: 6 additions & 3 deletions
diff --git a/‎coderd/coderd.go
Lines changed: 7 additions & 18 deletions b/‎coderd/coderd.go
Lines changed: 7 additions & 18 deletions
diff --git a/‎coderd/database/databasefake/databasefake.go
Lines changed: 28 additions & 0 deletions b/‎coderd/database/databasefake/databasefake.go
Lines changed: 28 additions & 0 deletions
diff --git a/‎coderd/database/querier.go
Lines changed: 2 additions & 0 deletions b/‎coderd/database/querier.go
Lines changed: 2 additions & 0 deletions
@@ -0,0 +1 @@
+use nix
@@ -170,10 +170,20 @@ func configSSH() *cobra.Command {
 				// that it's possible to capture the diff.
 				out = cmd.OutOrStderr()
 			}
-			binaryFile, err := currentBinPath(out)
+			coderBinary, err := currentBinPath(out)
 			if err != nil {
 				return err
 			}
+			escapedCoderBinary, err := sshConfigExecEscape(coderBinary)
+			if err != nil {
+				return xerrors.Errorf("escape coder binary for ssh failed: %w", err)
+			}
+
+			root := createConfig(cmd)
+			escapedGlobalConfig, err := sshConfigExecEscape(string(root))
+			if err != nil {
+				return xerrors.Errorf("escape global config for ssh failed: %w", err)
+			}
 
 			homedir, err := os.UserHomeDir()
 			if err != nil {
@@ -238,7 +248,6 @@ func configSSH() *cobra.Command {
 			}
 
 			configModified := configRaw
-			root := createConfig(cmd)
 
 			buf := &bytes.Buffer{}
 			before, after := sshConfigSplitOnCoderSection(configModified)
@@ -280,11 +289,17 @@ func configSSH() *cobra.Command {
 						"\tLogLevel ERROR",
 					)
 					if !skipProxyCommand {
-						if !wireguard {
-							configOptions = append(configOptions, fmt.Sprintf("\tProxyCommand %q --global-config %q ssh --stdio %s", binaryFile, root, hostname))
-						} else {
-							configOptions = append(configOptions, fmt.Sprintf("\tProxyCommand %q --global-config %q ssh --wireguard --stdio %s", binaryFile, root, hostname))
+						wgArg := ""
+						if wireguard {
+							wgArg = "--wireguard "
 						}
+						configOptions = append(
+							configOptions,
+							fmt.Sprintf(
+								"\tProxyCommand %s --global-config %s ssh %s--stdio %s",
+								escapedCoderBinary, escapedGlobalConfig, wgArg, hostname,
+							),
+						)
 					}
 
 					_, _ = buf.WriteString(strings.Join(configOptions, "\n"))
@@ -451,6 +466,11 @@ func writeWithTempFileAndMove(path string, r io.Reader) (err error) {
 	dir := filepath.Dir(path)
 	name := filepath.Base(path)
 
+	// Ensure that e.g. the ~/.ssh directory exists.
+	if err = os.MkdirAll(dir, 0o700); err != nil {
+		return xerrors.Errorf("create directory: %w", err)
+	}
+
 	// Create a tempfile in the same directory for ensuring write
 	// operation does not fail.
 	f, err := os.CreateTemp(dir, fmt.Sprintf(".%s.", name))
@@ -482,6 +502,52 @@ func writeWithTempFileAndMove(path string, r io.Reader) (err error) {
 	return nil
 }
 
+// sshConfigExecEscape quotes the string if it contains spaces, as per
+// `man 5 ssh_config`. However, OpenSSH uses exec in the users shell to
+// run the command, and as such the formatting/escape requirements
+// cannot simply be covered by `fmt.Sprintf("%q", path)`.
+//
+// Always escaping the path with `fmt.Sprintf("%q", path)` usually works
+// on most platforms, but double quotes sometimes break on Windows 10
+// (see #2853). This function takes a best-effort approach to improving
+// compatibility and covering edge cases.
+//
+// Given the following ProxyCommand:
+//
+//	ProxyCommand "/path/with space/coder" ssh --stdio work
+//
+// This is ~what OpenSSH would execute:
+//
+//	/bin/bash -c '"/path/with space/to/coder" ssh --stdio workspace'
+//
+// However, since it's actually an arg in C, the contents inside the
+// single quotes are interpreted as is, e.g. if there was a '\t', it
+// would be the literal string '\t', not a tab.
+//
+// See:
+//   - https://github.com/coder/coder/issues/2853
+//   - https://github.com/openssh/openssh-portable/blob/V_9_0_P1/sshconnect.c#L158-L167
+//   - https://github.com/PowerShell/openssh-portable/blob/v8.1.0.0/sshconnect.c#L231-L293
+//   - https://github.com/PowerShell/openssh-portable/blob/v8.1.0.0/contrib/win32/win32compat/w32fd.c#L1075-L1100
+func sshConfigExecEscape(path string) (string, error) {
+	// This is unlikely to ever happen, but newlines are allowed on
+	// certain filesystems, but cannot be used inside ssh config.
+	if strings.ContainsAny(path, "\n") {
+		return "", xerrors.Errorf("invalid path: %s", path)
+	}
+	// In the unlikely even that a path contains quotes, they must be
+	// escaped so that they are not interpreted as shell quotes.
+	if strings.Contains(path, "\"") {
+		path = strings.ReplaceAll(path, "\"", "\\\"")
+	}
+	// A space or a tab requires quoting, but tabs must not be escaped
+	// (\t) since OpenSSH interprets it as a literal \t, not a tab.
+	if strings.ContainsAny(path, " \t") {
+		path = fmt.Sprintf("\"%s\"", path) //nolint:gocritic // We don't want %q here.
+	}
+	return path, nil
+}
+
 // currentBinPath returns the path to the coder binary suitable for use in ssh
 // ProxyCommand.
 func currentBinPath(w io.Writer) (string, error) {
 
@@ -0,0 +1,62 @@
+package cli
+
+import (
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+// This test tries to mimic the behavior of OpenSSH
+// when executing e.g. a ProxyCommand.
+func Test_sshConfigExecEscape(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name    string
+		path    string
+		wantErr bool
+		windows bool
+	}{
+		{"no spaces", "simple", false, true},
+		{"spaces", "path with spaces", false, true},
+		{"quotes", "path with \"quotes\"", false, false},
+		{"backslashes", "path with \\backslashes", false, false},
+		{"tabs", "path with \ttabs", false, false},
+		{"newline fails", "path with \nnewline", true, false},
+	}
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			if runtime.GOOS == "windows" {
+				t.Skip("Windows doesn't typically execute via /bin/sh or cmd.exe, so this test is not applicable.")
+			}
+
+			dir := filepath.Join(t.TempDir(), tt.path)
+			err := os.MkdirAll(dir, 0o755)
+			require.NoError(t, err)
+			bin := filepath.Join(dir, "coder")
+			contents := []byte("#!/bin/sh\necho yay\n")
+			err = os.WriteFile(bin, contents, 0o755) //nolint:gosec
+			require.NoError(t, err)
+
+			escaped, err := sshConfigExecEscape(bin)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+
+			b, err := exec.Command("/bin/sh", "-c", escaped).CombinedOutput() //nolint:gosec
+			require.NoError(t, err)
+			got := strings.TrimSpace(string(b))
+			require.Equal(t, "yay", got)
+		})
+	}
+}
@@ -1,6 +1,7 @@
 package cli
 
 import (
+	"bytes"
 	"encoding/json"
 	"fmt"
 	"strings"
@@ -53,12 +54,14 @@ func featuresList() *cobra.Command {
 					return xerrors.Errorf("render table: %w", err)
 				}
 			case "json":
-				outBytes, err := json.Marshal(entitlements)
+				buf := new(bytes.Buffer)
+				enc := json.NewEncoder(buf)
+				enc.SetIndent("", "  ")
+				err = enc.Encode(entitlements)
 				if err != nil {
 					return xerrors.Errorf("marshal features to JSON: %w", err)
 				}
-
-				out = string(outBytes)
+				out = buf.String()
 			default:
 				return xerrors.Errorf(`unknown output format %q, only "table" and "json" are supported`, outputFormat)
 			}
 
@@ -1,9 +1,7 @@
 package coderd
 
 import (
-	"context"
 	"crypto/x509"
-	"fmt"
 	"io"
 	"net/http"
 	"net/url"
@@ -68,6 +66,7 @@ type Options struct {
 	TracerProvider       *sdktrace.TracerProvider
 	AutoImportTemplates  []AutoImportTemplate
 	LicenseHandler       http.Handler
+	FeaturesService      FeaturesService
 }
 
 // New constructs a Coder API handler.
@@ -97,6 +96,9 @@ func New(options *Options) *API {
 	if options.LicenseHandler == nil {
 		options.LicenseHandler = licenses()
 	}
+	if options.FeaturesService == nil {
+		options.FeaturesService = featuresService{}
+	}
 
 	siteCacheDir := options.CacheDir
 	if siteCacheDir != "" {
@@ -125,11 +127,8 @@ func New(options *Options) *API {
 	apiKeyMiddleware := httpmw.ExtractAPIKey(options.Database, oauthConfigs, false)
 
 	r.Use(
-		func(next http.Handler) http.Handler {
-			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				next.ServeHTTP(middleware.NewWrapResponseWriter(w, r.ProtoMajor), r)
-			})
-		},
+		httpmw.Recover(api.Logger),
+		httpmw.Logger(api.Logger),
 		httpmw.Prometheus(options.PrometheusRegistry),
 	)
 
@@ -159,7 +158,6 @@ func New(options *Options) *API {
 		r.Use(
 			// Specific routes can specify smaller limits.
 			httpmw.RateLimitPerMinute(options.APIRateLimit),
-			debugLogRequest(api.Logger),
 			tracing.HTTPMW(api.TracerProvider, "coderd.http"),
 		)
 		r.Get("/", func(w http.ResponseWriter, r *http.Request) {
@@ -406,7 +404,7 @@ func New(options *Options) *API {
 		})
 		r.Route("/entitlements", func(r chi.Router) {
 			r.Use(apiKeyMiddleware)
-			r.Get("/", entitlements)
+			r.Get("/", api.FeaturesService.EntitlementsAPI)
 		})
 		r.Route("/licenses", func(r chi.Router) {
 			r.Use(apiKeyMiddleware)
@@ -438,15 +436,6 @@ func (api *API) Close() error {
 	return api.workspaceAgentCache.Close()
 }
 
-func debugLogRequest(log slog.Logger) func(http.Handler) http.Handler {
-	return func(next http.Handler) http.Handler {
-		return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
-			log.Debug(context.Background(), fmt.Sprintf("%s %s", r.Method, r.URL.Path))
-			next.ServeHTTP(rw, r)
-		})
-	}
-}
-
 func compressHandler(h http.Handler) http.Handler {
 	cmp := middleware.NewCompressor(5,
 		"text/*",
 
@@ -246,6 +246,19 @@ func (q *fakeQuerier) GetUserCount(_ context.Context) (int64, error) {
 	return int64(len(q.users)), nil
 }
 
+func (q *fakeQuerier) GetActiveUserCount(_ context.Context) (int64, error) {
+	q.mutex.RLock()
+	defer q.mutex.RUnlock()
+
+	active := int64(0)
+	for _, u := range q.users {
+		if u.Status == database.UserStatusActive {
+			active++
+		}
+	}
+	return active, nil
+}
+
 func (q *fakeQuerier) GetUsers(_ context.Context, params database.GetUsersParams) ([]database.User, error) {
 	q.mutex.RLock()
 	defer q.mutex.RUnlock()
@@ -2322,6 +2335,21 @@ func (q *fakeQuerier) GetLicenses(_ context.Context) ([]database.License, error)
 	return results, nil
 }
 
+func (q *fakeQuerier) GetUnexpiredLicenses(_ context.Context) ([]database.License, error) {
+	q.mutex.RLock()
+	defer q.mutex.RUnlock()
+
+	now := time.Now()
+	var results []database.License
+	for _, l := range q.licenses {
+		if l.Exp.After(now) {
+			results = append(results, l)
+		}
+	}
+	sort.Slice(results, func(i, j int) bool { return results[i].ID < results[j].ID })
+	return results, nil
+}
+
 func (q *fakeQuerier) DeleteLicense(_ context.Context, id int32) (int32, error) {
 	q.mutex.Lock()
 	defer q.mutex.Unlock()