coder
diff --git a/‎agent/conn.go
Lines changed: 1 addition & 1 deletion b/‎agent/conn.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/coderd.go
Lines changed: 4 additions & 7 deletions b/‎coderd/coderd.go
Lines changed: 4 additions & 7 deletions
diff --git a/‎coderd/coderdtest/coderdtest.go
Lines changed: 1 addition & 1 deletion b/‎coderd/coderdtest/coderdtest.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/database/databasefake/databasefake.go
Lines changed: 1 addition & 1 deletion b/‎coderd/database/databasefake/databasefake.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/workspaceagents.go
Lines changed: 12 additions & 4 deletions b/‎coderd/workspaceagents.go
Lines changed: 12 additions & 4 deletions
diff --git a/‎coderd/workspaceapps.go
Lines changed: 16 additions & 1 deletion b/‎coderd/workspaceapps.go
Lines changed: 16 additions & 1 deletion
diff --git a/‎coderd/workspaceapps_test.go
Lines changed: 68 additions & 56 deletions b/‎coderd/workspaceapps_test.go
Lines changed: 68 additions & 56 deletions
@@ -102,7 +102,7 @@ func (c *Conn) DialContext(ctx context.Context, network string, addr string) (ne
 	var res dialResponse
 	err = dec.Decode(&res)
 	if err != nil {
-		return nil, xerrors.Errorf("failed to decode initial packet: %w", err)
+		return nil, xerrors.Errorf("decode agent dial response: %w", err)
 	}
 	if res.Error != "" {
 		_ = channel.Close()
 
@@ -15,8 +15,6 @@ import (
 	"golang.org/x/xerrors"
 	"google.golang.org/api/idtoken"
 
-	"github.com/go-chi/cors"
-
 	sdktrace "go.opentelemetry.io/otel/sdk/trace"
 
 	"cdr.dev/slog"
@@ -97,7 +95,7 @@ func New(options *Options) *API {
 		tracing.HTTPMW(api.TracerProvider, "coderd.http"),
 	)
 
-	r.Route("/{user}/{workspaceagent}/{application}", func(r chi.Router) {
+	r.Route("/@{user}/{workspaceagent}/apps/{application}", func(r chi.Router) {
 		r.Use(
 			httpmw.RateLimitPerMinute(options.APIRateLimit),
 			apiKeyMiddleware,
@@ -327,9 +325,6 @@ func New(options *Options) *API {
 				r.Put("/extend", api.putExtendWorkspace)
 			})
 		})
-		r.Route("/wildcardauth", func(r chi.Router) {
-			r.Use(cors.Handler(cors.Options{}))
-		})
 		r.Route("/workspacebuilds/{workspacebuild}", func(r chi.Router) {
 			r.Use(
 				apiKeyMiddleware,
@@ -357,10 +352,12 @@ type API struct {
 }
 
 // Close waits for all WebSocket connections to drain before returning.
-func (api *API) Close() {
+func (api *API) Close() error {
 	api.websocketWaitMutex.Lock()
 	api.websocketWaitGroup.Wait()
 	api.websocketWaitMutex.Unlock()
+
+	return api.workspaceAgentCache.Close()
 }
 
 func debugLogRequest(log slog.Logger) func(http.Handler) http.Handler {
 
@@ -172,7 +172,7 @@ func NewWithAPI(t *testing.T, options *Options) (*codersdk.Client, *coderd.API)
 		cancelFunc()
 		_ = turnServer.Close()
 		srv.Close()
-		coderAPI.Close()
+		_ = coderAPI.Close()
 	})
 
 	return codersdk.New(serverURL), coderAPI
 
@@ -1061,7 +1061,7 @@ func (q *fakeQuerier) GetWorkspaceAgentsByResourceIDs(_ context.Context, resourc
 	return workspaceAgents, nil
 }
 
-func (q *fakeQuerier) GetWorkspaceAppByAgentIDAndName(ctx context.Context, arg database.GetWorkspaceAppByAgentIDAndNameParams) (database.WorkspaceApp, error) {
+func (q *fakeQuerier) GetWorkspaceAppByAgentIDAndName(_ context.Context, arg database.GetWorkspaceAppByAgentIDAndNameParams) (database.WorkspaceApp, error) {
 	q.mutex.RLock()
 	defer q.mutex.RUnlock()
 
 
@@ -1,6 +1,7 @@
 package coderd
 
 import (
+	"context"
 	"database/sql"
 	"encoding/json"
 	"fmt"
@@ -382,12 +383,12 @@ func (api *API) workspaceAgentPTY(rw http.ResponseWriter, r *http.Request) {
 	}()
 	// Accept text connections, because it's more developer friendly.
 	wsNetConn := websocket.NetConn(r.Context(), conn, websocket.MessageBinary)
-	agentConn, err := api.dialWorkspaceAgent(r, workspaceAgent.ID)
+	agentConn, release, err := api.workspaceAgentCache.Acquire(r, workspaceAgent.ID)
 	if err != nil {
 		_ = conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("dial workspace agent: %s", err))
 		return
 	}
-	defer agentConn.Close()
+	defer release()
 	ptNetConn, err := agentConn.ReconnectingPTY(reconnect.String(), uint16(height), uint16(width), "")
 	if err != nil {
 		_ = conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("dial: %s", err))
@@ -404,8 +405,9 @@ func (api *API) workspaceAgentPTY(rw http.ResponseWriter, r *http.Request) {
 // dialWorkspaceAgent connects to a workspace agent by ID.
 func (api *API) dialWorkspaceAgent(r *http.Request, agentID uuid.UUID) (*agent.Conn, error) {
 	client, server := provisionersdk.TransportPipe()
+	ctx, cancelFunc := context.WithCancel(context.Background())
 	go func() {
-		_ = peerbroker.ProxyListen(r.Context(), server, peerbroker.ProxyOptions{
+		_ = peerbroker.ProxyListen(ctx, server, peerbroker.ProxyOptions{
 			ChannelID: agentID.String(),
 			Logger:    api.Logger.Named("peerbroker-proxy-dial"),
 			Pubsub:    api.Pubsub,
@@ -415,8 +417,9 @@ func (api *API) dialWorkspaceAgent(r *http.Request, agentID uuid.UUID) (*agent.C
 	}()
 
 	peerClient := proto.NewDRPCPeerBrokerClient(provisionersdk.Conn(client))
-	stream, err := peerClient.NegotiateConnection(r.Context())
+	stream, err := peerClient.NegotiateConnection(ctx)
 	if err != nil {
+		cancelFunc()
 		return nil, xerrors.Errorf("negotiate: %w", err)
 	}
 	options := &peer.ConnOptions{
@@ -452,8 +455,13 @@ func (api *API) dialWorkspaceAgent(r *http.Request, agentID uuid.UUID) (*agent.C
 	}))
 	peerConn, err := peerbroker.Dial(stream, append(api.ICEServers, turnconn.Proxy), options)
 	if err != nil {
+		cancelFunc()
 		return nil, xerrors.Errorf("dial: %w", err)
 	}
+	go func() {
+		<-peerConn.Closed()
+		cancelFunc()
+	}()
 	return &agent.Conn{
 		Negotiator: peerClient,
 		Conn:       peerConn,
 
@@ -123,7 +123,22 @@ func (api *API) workspaceAppsProxyPath(rw http.ResponseWriter, r *http.Request)
 	defer release()
 
 	proxy := httputil.NewSingleHostReverseProxy(appURL)
+	// Write the error directly using our format!
+	proxy.ErrorHandler = func(w http.ResponseWriter, r *http.Request, err error) {
+		httpapi.Write(w, http.StatusBadGateway, httpapi.Response{
+			Message: err.Error(),
+		})
+	}
 	proxy.Transport = conn.HTTPTransport()
-	r.URL.Path = chi.URLParam(r, "*")
+	path := chi.URLParam(r, "*")
+	if !strings.HasSuffix(r.URL.Path, "/") && path == "" {
+		// Web applications typically request paths relative to the
+		// root URL. This allows for routing behind a proxy or subpath.
+		// See https://github.com/coder/code-server/issues/241 for examples.
+		r.URL.Path += "/"
+		http.Redirect(rw, r, r.URL.String(), http.StatusTemporaryRedirect)
+		return
+	}
+	r.URL.Path = path
 	proxy.ServeHTTP(rw, r)
 }
@@ -21,69 +21,81 @@ import (
 
 func TestWorkspaceAppsProxyPath(t *testing.T) {
 	t.Parallel()
-	t.Run("Proxies", func(t *testing.T) {
-		t.Parallel()
-		// #nosec
-		ln, err := net.Listen("tcp", ":0")
-		require.NoError(t, err)
-		server := http.Server{
-			Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				w.WriteHeader(http.StatusOK)
-			}),
-		}
-		t.Cleanup(func() {
-			_ = server.Close()
-			_ = ln.Close()
-		})
-		go server.Serve(ln)
-		tcpAddr, _ := ln.Addr().(*net.TCPAddr)
+	// #nosec
+	ln, err := net.Listen("tcp", ":0")
+	require.NoError(t, err)
+	server := http.Server{
+		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			w.WriteHeader(http.StatusOK)
+		}),
+	}
+	t.Cleanup(func() {
+		_ = server.Close()
+		_ = ln.Close()
+	})
+	go server.Serve(ln)
+	tcpAddr, _ := ln.Addr().(*net.TCPAddr)
 
-		client, coderAPI := coderdtest.NewWithAPI(t, nil)
-		user := coderdtest.CreateFirstUser(t, client)
-		daemonCloser := coderdtest.NewProvisionerDaemon(t, coderAPI)
-		authToken := uuid.NewString()
-		version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{
-			Parse:           echo.ParseComplete,
-			ProvisionDryRun: echo.ProvisionComplete,
-			Provision: []*proto.Provision_Response{{
-				Type: &proto.Provision_Response_Complete{
-					Complete: &proto.Provision_Complete{
-						Resources: []*proto.Resource{{
-							Name: "example",
-							Type: "aws_instance",
-							Agents: []*proto.Agent{{
-								Id: uuid.NewString(),
-								Auth: &proto.Agent_Token{
-									Token: authToken,
-								},
-								Apps: []*proto.App{{
-									Name: "example",
-									Url:  fmt.Sprintf("http://127.0.0.1:%d", tcpAddr.Port),
-								}},
+	client, coderAPI := coderdtest.NewWithAPI(t, nil)
+	user := coderdtest.CreateFirstUser(t, client)
+	daemonCloser := coderdtest.NewProvisionerDaemon(t, coderAPI)
+	authToken := uuid.NewString()
+	version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{
+		Parse:           echo.ParseComplete,
+		ProvisionDryRun: echo.ProvisionComplete,
+		Provision: []*proto.Provision_Response{{
+			Type: &proto.Provision_Response_Complete{
+				Complete: &proto.Provision_Complete{
+					Resources: []*proto.Resource{{
+						Name: "example",
+						Type: "aws_instance",
+						Agents: []*proto.Agent{{
+							Id: uuid.NewString(),
+							Auth: &proto.Agent_Token{
+								Token: authToken,
+							},
+							Apps: []*proto.App{{
+								Name: "example",
+								Url:  fmt.Sprintf("http://127.0.0.1:%d", tcpAddr.Port),
 							}},
 						}},
-					},
+					}},
 				},
-			}},
-		})
-		template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
-		coderdtest.AwaitTemplateVersionJob(t, client, version.ID)
-		workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID)
-		coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID)
-		daemonCloser.Close()
+			},
+		}},
+	})
+	template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
+	coderdtest.AwaitTemplateVersionJob(t, client, version.ID)
+	workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID)
+	coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID)
+	daemonCloser.Close()
 
-		agentClient := codersdk.New(client.URL)
-		agentClient.SessionToken = authToken
-		agentCloser := agent.New(agentClient.ListenWorkspaceAgent, &agent.Options{
-			Logger: slogtest.Make(t, nil),
-		})
-		t.Cleanup(func() {
-			_ = agentCloser.Close()
-		})
-		coderdtest.AwaitWorkspaceAgents(t, client, workspace.LatestBuild.ID)
+	agentClient := codersdk.New(client.URL)
+	agentClient.SessionToken = authToken
+	agentCloser := agent.New(agentClient.ListenWorkspaceAgent, &agent.Options{
+		Logger: slogtest.Make(t, nil),
+	})
+	t.Cleanup(func() {
+		_ = agentCloser.Close()
+	})
+	coderdtest.AwaitWorkspaceAgents(t, client, workspace.LatestBuild.ID)
+	client.HTTPClient.CheckRedirect = func(req *http.Request, via []*http.Request) error {
+		return http.ErrUseLastResponse
+	}
 
-		resp, err := client.Request(context.Background(), http.MethodGet, "/me/"+workspace.Name+"/example", nil)
+	t.Run("RedirectsWithSlash", func(t *testing.T) {
+		t.Parallel()
+		resp, err := client.Request(context.Background(), http.MethodGet, "/@me/"+workspace.Name+"/apps/example", nil)
+		require.NoError(t, err)
+		defer resp.Body.Close()
+		require.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
+	})
+
+	t.Run("Proxies", func(t *testing.T) {
+		t.Parallel()
+		resp, err := client.Request(context.Background(), http.MethodGet, "/@me/"+workspace.Name+"/apps/example/", nil)
 		require.NoError(t, err)
+		defer resp.Body.Close()
 		body, err := io.ReadAll(resp.Body)
 		require.NoError(t, err)
 		require.Equal(t, "", string(body))
Original file line number	Diff line number	Diff line change
`@@ -102,7 +102,7 @@ func (c *Conn) DialContext(ctx context.Context, network string, addr string) (ne`
`102`	`102`	`var res dialResponse`
`103`	`103`	`err = dec.Decode(&res)`
`104`	`104`	`if err != nil {`
`105`		`- return nil, xerrors.Errorf("failed to decode initial packet: %w", err)`
	`105`	`+ return nil, xerrors.Errorf("decode agent dial response: %w", err)`
`106`	`106`	`}`
`107`	`107`	`if res.Error != "" {`
`108`	`108`	`_ = channel.Close()`
Original file line number	Diff line number	Diff line change
`@@ -1061,7 +1061,7 @@ func (q *fakeQuerier) GetWorkspaceAgentsByResourceIDs(_ context.Context, resourc`
`1061`	`1061`	`return workspaceAgents, nil`
`1062`	`1062`	`}`
`1063`	`1063`
`1064`		`-func (q *fakeQuerier) GetWorkspaceAppByAgentIDAndName(ctx context.Context, arg database.GetWorkspaceAppByAgentIDAndNameParams) (database.WorkspaceApp, error) {`
	`1064`	`+func (q *fakeQuerier) GetWorkspaceAppByAgentIDAndName(_ context.Context, arg database.GetWorkspaceAppByAgentIDAndNameParams) (database.WorkspaceApp, error) {`
`1065`	`1065`	`q.mutex.RLock()`
`1066`	`1066`	`defer q.mutex.RUnlock()`
`1067`	`1067`