Add proxying based on path

coder · kylecarbs · Jun 4, 2022 · May 6, 2022 · May 15, 2022 · May 24, 2022
commit 866eeed5970424939bec2b1618ce25a573ff7ad3
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -2,7 +2,6 @@ package coderd
 
 import (
 	"context"
-	"crypto/cipher"
 	"crypto/x509"
 	"fmt"
 	"net/http"
@@ -36,11 +35,10 @@ import (
 
 // Options are requires parameters for Coder to start.
 type Options struct {
-	AccessURL   *url.URL
-	WildcardURL *url.URL
-	Logger      slog.Logger
-	Database    database.Store
-	Pubsub      database.Pubsub
+	AccessURL *url.URL
+	Logger    slog.Logger
+	Database  database.Store
+	Pubsub    database.Pubsub
 
 	AgentConnectionUpdateFrequency time.Duration
 	// APIRateLimit is the minutely throughput rate limit per user or ip.
@@ -57,9 +55,6 @@ type Options struct {
 	SSHKeygenAlgorithm   gitsshkey.Algorithm
 	TURNServer           *turnconn.Server
 	TracerProvider       *sdktrace.TracerProvider
-	// WildcardCipher is used to encrypt session tokens so that authentication
-	// can be securely transferred to the wildcard host.
-	WildcardCipher cipher.AEAD
 }
 
 // New constructs a Coder API handler.
@@ -109,6 +104,7 @@ func New(options *Options) *API {
 			httpmw.ExtractUserParam(api.Database),
 			authRolesMiddleware,
 		)
+		r.Get("/", api.workspaceAppsProxyPath)
 	})
 
 	r.Route("/api/v2", func(r chi.Router) {

diff --git a/coderd/httpmw/wildcard.go b/coderd/httpmw/wildcard.go
diff --git a/coderd/httpmw/wildcard_test.go b/coderd/httpmw/wildcard_test.go
diff --git a/coderd/workspaceagents.go b/coderd/workspaceagents.go
@@ -462,11 +462,10 @@ func convertApps(dbApps []database.WorkspaceApp) []codersdk.WorkspaceApp {
 	apps := make([]codersdk.WorkspaceApp, 0)
 	for _, dbApp := range dbApps {
 		apps = append(apps, codersdk.WorkspaceApp{
-			ID:        dbApp.ID,
-			Name:      dbApp.Name,
-			Command:   dbApp.Command.String,
-			AccessURL: dbApp.Url.String,
-			Icon:      dbApp.Icon,
+			ID:      dbApp.ID,
+			Name:    dbApp.Name,
+			Command: dbApp.Command.String,
+			Icon:    dbApp.Icon,
 		})
 	}
 	return apps

diff --git a/coderd/workspaceapps.go b/coderd/workspaceapps.go
@@ -1,33 +1,133 @@
 package coderd
 
 import (
+	"database/sql"
+	"errors"
+	"fmt"
 	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"strings"
 
-	"github.com/coder/coder/coderd/database"
+	"github.com/go-chi/chi/v5"
 	"github.com/google/uuid"
-)
 
-// workspaceAppsAuthWildcard authenticates the wildcard domain.
-func (api *API) workspaceAppsAuthWildcard(rw http.ResponseWriter, r *http.Request) {
-	// r.URL.Query().Get("redirect")
+	"github.com/coder/coder/coderd/database"
+	"github.com/coder/coder/coderd/httpapi"
+	"github.com/coder/coder/coderd/httpmw"
+)
 
-}
+func (api *API) workspaceAppsProxyPath(rw http.ResponseWriter, r *http.Request) {
+	user := httpmw.UserParam(r)
+	// This can be in the form of: "<workspace-name>.[workspace-agent]" or "<workspace-name>"
+	workspaceWithAgent := chi.URLParam(r, "workspaceagent")
+	workspaceParts := strings.Split(workspaceWithAgent, ".")
 
-func (api *API) workspaceAppsProxyWildcard(rw http.ResponseWriter, r *http.Request) {
+	workspace, err := api.Database.GetWorkspaceByOwnerIDAndName(r.Context(), database.GetWorkspaceByOwnerIDAndNameParams{
+		OwnerID: user.ID,
+		Name:    workspaceParts[0],
+	})
+	if errors.Is(err, sql.ErrNoRows) {
+		httpapi.Write(rw, http.StatusNotFound, httpapi.Response{
+			Message: "workspace not found",
+		})
+		return
+	}
+	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
+			Message: fmt.Sprintf("get workspace: %s", err),
+		})
+		return
+	}
 
-}
+	build, err := api.Database.GetLatestWorkspaceBuildByWorkspaceID(r.Context(), workspace.ID)
+	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
+			Message: fmt.Sprintf("get workspace build: %s", err),
+		})
+		return
+	}
 
-func (api *API) workspaceAppsProxyPath(rw http.ResponseWriter, r *http.Request) {
-	conn, err := api.dialWorkspaceAgent(r, uuid.Nil)
+	resources, err := api.Database.GetWorkspaceResourcesByJobID(r.Context(), build.JobID)
 	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
+			Message: fmt.Sprintf("get workspace resources: %s", err),
+		})
 		return
 	}
+	resourceIDs := make([]uuid.UUID, 0)
+	for _, resource := range resources {
+		resourceIDs = append(resourceIDs, resource.ID)
+	}
+	agents, err := api.Database.GetWorkspaceAgentsByResourceIDs(r.Context(), resourceIDs)
+	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
+			Message: fmt.Sprintf("get workspace agents: %s", err),
+		})
+		return
+	}
+	if len(agents) == 0 {
+		httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{
+			Message: "no agents exist",
+		})
+	}
+
+	agent := agents[0]
+	if len(workspaceParts) > 1 {
+		for _, otherAgent := range agents {
+			if otherAgent.Name == workspaceParts[1] {
+				agent = otherAgent
+				break
+			}
+		}
+	}
+
 	app, err := api.Database.GetWorkspaceAppByAgentIDAndName(r.Context(), database.GetWorkspaceAppByAgentIDAndNameParams{
-		AgentID: uuid.Nil,
-		Name:    "something",
+		AgentID: agent.ID,
+		Name:    chi.URLParam(r, "application"),
 	})
+	if errors.Is(err, sql.ErrNoRows) {
+		httpapi.Write(rw, http.StatusNotFound, httpapi.Response{
+			Message: "application not found",
+		})
+		return
+	}
 	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
+			Message: fmt.Sprintf("get workspace app: %s", err),
+		})
 		return
 	}
-	conn.DialContext(r.Context(), "tcp", "localhost:3000")
+	if !app.Url.Valid {
+		httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{
+			Message: fmt.Sprintf("application does not have a url: %s", err),
+		})
+		return
+	}
+
+	appURL, err := url.Parse(app.Url.String)
+	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
+			Message: fmt.Sprintf("parse app url: %s", err),
+		})
+		return
+	}
+
+	conn, err := api.dialWorkspaceAgent(r, agent.ID)
+	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
+			Message: fmt.Sprintf("dial workspace agent: %s", err),
+		})
+		return
+	}
+
+	proxy := httputil.NewSingleHostReverseProxy(appURL)
+	defaultTransport, valid := http.DefaultTransport.(*http.Transport)
+	if !valid {
+		panic("dev error: default transport isn't a transport")
+	}
+	transport := defaultTransport.Clone()
+	transport.DialContext = conn.DialContext
+	proxy.Transport = transport
+	proxy.ServeHTTP(rw, r)
 }
diff --git a/coderd/workspaceapps_test.go b/coderd/workspaceapps_test.go
@@ -1,21 +1,43 @@
 package coderd_test
 
 import (
+	"context"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
 	"testing"
 
+	"github.com/google/uuid"
+	"github.com/stretchr/testify/require"
+
 	"cdr.dev/slog/sloggers/slogtest"
 	"github.com/coder/coder/agent"
 	"github.com/coder/coder/coderd/coderdtest"
 	"github.com/coder/coder/codersdk"
 	"github.com/coder/coder/provisioner/echo"
 	"github.com/coder/coder/provisionersdk/proto"
-	"github.com/google/uuid"
 )
 
 func TestWorkspaceAppsProxyPath(t *testing.T) {
 	t.Parallel()
 	t.Run("Proxies", func(t *testing.T) {
 		t.Parallel()
+		// #nosec
+		ln, err := net.Listen("tcp", ":0")
+		require.NoError(t, err)
+		server := http.Server{
+			Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				w.WriteHeader(http.StatusOK)
+			}),
+		}
+		t.Cleanup(func() {
+			_ = server.Close()
+			_ = ln.Close()
+		})
+		go server.Serve(ln)
+		tcpAddr, _ := ln.Addr().(*net.TCPAddr)
+
 		client, coderAPI := coderdtest.NewWithAPI(t, nil)
 		user := coderdtest.CreateFirstUser(t, client)
 		daemonCloser := coderdtest.NewProvisionerDaemon(t, coderAPI)
@@ -34,6 +56,10 @@ func TestWorkspaceAppsProxyPath(t *testing.T) {
 								Auth: &proto.Agent_Token{
 									Token: authToken,
 								},
+								Apps: []*proto.App{{
+									Name: "example",
+									Url:  fmt.Sprintf("http://127.0.0.1:%d", tcpAddr.Port),
+								}},
 							}},
 						}},
 					},
@@ -54,6 +80,13 @@ func TestWorkspaceAppsProxyPath(t *testing.T) {
 		t.Cleanup(func() {
 			_ = agentCloser.Close()
 		})
-		resources := coderdtest.AwaitWorkspaceAgents(t, client, workspace.LatestBuild.ID)
+		coderdtest.AwaitWorkspaceAgents(t, client, workspace.LatestBuild.ID)
+
+		resp, err := client.Request(context.Background(), http.MethodGet, "/me/"+workspace.Name+"/example", nil)
+		require.NoError(t, err)
+		body, err := io.ReadAll(resp.Body)
+		require.NoError(t, err)
+		require.Equal(t, "", string(body))
+		require.Equal(t, http.StatusOK, resp.StatusCode)
 	})
 }
diff --git a/coderd/workspaceresources_test.go b/coderd/workspaceresources_test.go
@@ -46,7 +46,7 @@ func TestWorkspaceResource(t *testing.T) {
 
 	t.Run("Apps", func(t *testing.T) {
 		t.Parallel()
-		_, client, coderd := coderdtest.NewWithServer(t, nil)
+		client, coderd := coderdtest.NewWithAPI(t, nil)
 		user := coderdtest.CreateFirstUser(t, client)
 		coderdtest.NewProvisionerDaemon(t, coderd)
 		app := &proto.App{