coder
diff --git a/‎cli/clibase/option.go
Lines changed: 10 additions & 0 deletions b/‎cli/clibase/option.go
Lines changed: 10 additions & 0 deletions
diff --git a/‎cli/cliui/output.go
Lines changed: 27 additions & 0 deletions b/‎cli/cliui/output.go
Lines changed: 27 additions & 0 deletions
diff --git a/‎cli/server.go
Lines changed: 24 additions & 0 deletions b/‎cli/server.go
Lines changed: 24 additions & 0 deletions
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 43 additions & 3 deletions b/‎coderd/apidoc/docs.go
Lines changed: 43 additions & 3 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 37 additions & 5 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 37 additions & 5 deletions
diff --git a/‎coderd/database/dbauthz/querier.go
Lines changed: 4 additions & 0 deletions b/‎coderd/database/dbauthz/querier.go
Lines changed: 4 additions & 0 deletions
diff --git a/‎coderd/database/dbfake/databasefake.go
Lines changed: 12 additions & 0 deletions b/‎coderd/database/dbfake/databasefake.go
Lines changed: 12 additions & 0 deletions
diff --git a/‎coderd/database/querier.go
Lines changed: 1 addition & 0 deletions b/‎coderd/database/querier.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/database/queries.sql.go
Lines changed: 29 additions & 0 deletions b/‎coderd/database/queries.sql.go
Lines changed: 29 additions & 0 deletions
diff --git a/‎coderd/database/queries/proxies.sql
Lines changed: 10 additions & 0 deletions b/‎coderd/database/queries/proxies.sql
Lines changed: 10 additions & 0 deletions
diff --git a/‎coderd/httpmw/workspaceproxy.go
Lines changed: 51 additions & 0 deletions b/‎coderd/httpmw/workspaceproxy.go
Lines changed: 51 additions & 0 deletions
@@ -80,6 +80,16 @@ func (s *OptionSet) Add(opts ...Option) {
 	*s = append(*s, opts...)
 }
 
+func (s OptionSet) Filter(filter func(opt Option) bool) OptionSet {
+	cpy := make(OptionSet, 0)
+	for _, opt := range s {
+		if filter(opt) {
+			cpy = append(cpy, opt)
+		}
+	}
+	return cpy
+}
+
 // FlagSet returns a pflag.FlagSet for the OptionSet.
 func (s *OptionSet) FlagSet() *pflag.FlagSet {
 	if s == nil {
 
@@ -192,3 +192,30 @@ func (textFormat) AttachOptions(_ *clibase.OptionSet) {}
 func (textFormat) Format(_ context.Context, data any) (string, error) {
 	return fmt.Sprintf("%s", data), nil
 }
+
+type DataChangeFormat struct {
+	format OutputFormat
+	change func(data any) (any, error)
+}
+
+// ChangeFormatterData allows manipulating the data passed to an output
+// format.
+func ChangeFormatterData(format OutputFormat, change func(data any) (any, error)) *DataChangeFormat {
+	return &DataChangeFormat{format: format, change: change}
+}
+
+func (d *DataChangeFormat) ID() string {
+	return d.format.ID()
+}
+
+func (d *DataChangeFormat) AttachOptions(opts *clibase.OptionSet) {
+	d.format.AttachOptions(opts)
+}
+
+func (d *DataChangeFormat) Format(ctx context.Context, data any) (string, error) {
+	newData, err := d.change(data)
+	if err != nil {
+		return "", err
+	}
+	return d.format.Format(ctx, newData)
+}
@@ -163,6 +163,19 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
 	var (
 		cfg  = new(codersdk.DeploymentValues)
 		opts = cfg.Options()
+		// For the develop.sh script, it is helpful to make this key deterministic.
+		devAppSecurityKey string
+	)
+	opts.Add(
+		clibase.Option{
+			Name:        "App Security Key (Development Only)",
+			Description: "Used to override the app security key stored in the database. This should never be used in production.",
+			Flag:        "dangerous-dev-app-security-key",
+			Default:     "",
+			Value:       clibase.StringOf(&devAppSecurityKey),
+			Annotations: clibase.Annotations{}.Mark("secret", "true"),
+			Hidden:      true,
+		},
 	)
 	serverCmd := &clibase.Cmd{
 		Use:     "server",
@@ -621,6 +634,17 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
 					}
 				}
 
+				if devAppSecurityKey != "" {
+					_, err := workspaceapps.KeyFromString(devAppSecurityKey)
+					if err != nil {
+						return xerrors.Errorf("invalid dev app security key: %w", err)
+					}
+					err = tx.UpsertAppSecurityKey(ctx, devAppSecurityKey)
+					if err != nil {
+						return xerrors.Errorf("Insert dev app security key: %w", err)
+					}
+				}
+
 				// Read the app signing key from the DB. We store it hex encoded
 				// since the config table uses strings for the value and we
 				// don't want to deal with automatic encoding issues.
 
@@ -1697,6 +1697,10 @@ func (q *querier) GetWorkspaceProxyByID(ctx context.Context, id uuid.UUID) (data
 	return fetch(q.log, q.auth, q.db.GetWorkspaceProxyByID)(ctx, id)
 }
 
+func (q *querier) GetWorkspaceProxyByName(ctx context.Context, name string) (database.WorkspaceProxy, error) {
+	return fetch(q.log, q.auth, q.db.GetWorkspaceProxyByName)(ctx, name)
+}
+
 func (q *querier) GetWorkspaceProxyByHostname(ctx context.Context, hostname string) (database.WorkspaceProxy, error) {
 	return fetch(q.log, q.auth, q.db.GetWorkspaceProxyByHostname)(ctx, hostname)
 }
 
@@ -5097,6 +5097,18 @@ func (q *fakeQuerier) GetWorkspaceProxyByID(_ context.Context, id uuid.UUID) (da
 	return database.WorkspaceProxy{}, sql.ErrNoRows
 }
 
+func (q *fakeQuerier) GetWorkspaceProxyByName(_ context.Context, name string) (database.WorkspaceProxy, error) {
+	q.mutex.Lock()
+	defer q.mutex.Unlock()
+
+	for _, proxy := range q.workspaceProxies {
+		if proxy.Name == name {
+			return proxy, nil
+		}
+	}
+	return database.WorkspaceProxy{}, sql.ErrNoRows
+}
+
 func (q *fakeQuerier) GetWorkspaceProxyByHostname(_ context.Context, hostname string) (database.WorkspaceProxy, error) {
 	q.mutex.Lock()
 	defer q.mutex.Unlock()
 
@@ -49,6 +49,16 @@ WHERE
 LIMIT
 	1;
 
+-- name: GetWorkspaceProxyByName :one
+SELECT
+	*
+FROM
+	workspace_proxies
+WHERE
+	name = $1
+LIMIT
+	1;
+
 -- Finds a workspace proxy that has an access URL or app hostname that matches
 -- the provided hostname. This is to check if a hostname matches any workspace
 -- proxy.
 
@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"strings"
 
+	"github.com/go-chi/chi/v5"
 	"github.com/google/uuid"
 	"golang.org/x/xerrors"
 
@@ -156,3 +157,53 @@ func ExtractWorkspaceProxy(opts ExtractWorkspaceProxyConfig) func(http.Handler)
 		})
 	}
 }
+
+type workspaceProxyParamContextKey struct{}
+
+// WorkspaceProxyParam returns the worksace proxy from the ExtractWorkspaceProxyParam handler.
+func WorkspaceProxyParam(r *http.Request) database.WorkspaceProxy {
+	user, ok := r.Context().Value(workspaceProxyParamContextKey{}).(database.WorkspaceProxy)
+	if !ok {
+		panic("developer error: workspace proxy parameter middleware not provided")
+	}
+	return user
+}
+
+// ExtractWorkspaceProxyParam extracts a workspace proxy from an ID/name in the {workspaceproxy} URL
+// parameter.
+//
+//nolint:revive
+func ExtractWorkspaceProxyParam(db database.Store) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+			ctx := r.Context()
+
+			proxyQuery := chi.URLParam(r, "workspaceproxy")
+			if proxyQuery == "" {
+				httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+					Message: "\"workspaceproxy\" must be provided.",
+				})
+				return
+			}
+
+			var proxy database.WorkspaceProxy
+			var dbErr error
+			if proxyID, err := uuid.Parse(proxyQuery); err == nil {
+				proxy, dbErr = db.GetWorkspaceProxyByID(ctx, proxyID)
+			} else {
+				proxy, dbErr = db.GetWorkspaceProxyByName(ctx, proxyQuery)
+			}
+			if httpapi.Is404Error(dbErr) {
+				httpapi.ResourceNotFound(rw)
+				return
+			}
+			if dbErr != nil {
+				httpapi.InternalServerError(rw, dbErr)
+				return
+			}
+
+			ctx = context.WithValue(ctx, workspaceProxyParamContextKey{}, proxy)
+			next.ServeHTTP(rw, r.WithContext(ctx))
+		})
+	}
+}
Original file line number	Diff line number	Diff line change
`@@ -1697,6 +1697,10 @@ func (q *querier) GetWorkspaceProxyByID(ctx context.Context, id uuid.UUID) (data`
`1697`	`1697`	`return fetch(q.log, q.auth, q.db.GetWorkspaceProxyByID)(ctx, id)`
`1698`	`1698`	`}`
`1699`	`1699`
	`1700`	`+func (q *querier) GetWorkspaceProxyByName(ctx context.Context, name string) (database.WorkspaceProxy, error) {`
	`1701`	`+ return fetch(q.log, q.auth, q.db.GetWorkspaceProxyByName)(ctx, name)`
	`1702`	`+}`
	`1703`	`+`
`1700`	`1704`	`func (q *querier) GetWorkspaceProxyByHostname(ctx context.Context, hostname string) (database.WorkspaceProxy, error) {`
`1701`	`1705`	`return fetch(q.log, q.auth, q.db.GetWorkspaceProxyByHostname)(ctx, hostname)`
`1702`	`1706`	`}`