|
6 | 6 | "database/sql" |
7 | 7 | "fmt" |
8 | 8 | "net/http" |
9 | | - "net/http/httptest" |
10 | 9 | "net/url" |
11 | 10 | "strings" |
12 | 11 |
|
@@ -257,16 +256,23 @@ func (api *API) issueSignedAppToken(rw http.ResponseWriter, r *http.Request) { |
257 | 256 | return |
258 | 257 | } |
259 | 258 |
|
260 | | - // HACK: the CreateToken code reads the session token from the request, but |
261 | | - // since the session token is in a header, we need to make a fake request. |
| 259 | + // userReq is a http request from the user on the other side of the proxy. |
| 260 | + // Although the workspace proxy is making this call, we want to use the user's |
| 261 | + // authorization context to create the token. |
262 | 262 | // |
263 | | - // TODO(@dean): fix this hack. This could be fixed by providing the token as |
264 | | - // a param to CreateToken instead of the whole request. |
265 | | - fakeReq := httptest.NewRequest("GET", req.AppRequest.BasePath, nil) |
266 | | - fakeReq.Header.Set(codersdk.SessionTokenHeader, req.SessionToken) |
| 263 | + // We can use the existing request context for all tracing/logging purposes. |
| 264 | + // Any workspace proxy auth uses different context keys so we don't need to |
| 265 | + // worry about that. |
| 266 | + userReq, err := http.NewRequestWithContext(ctx, "GET", req.AppRequest.BasePath, nil) |
| 267 | + if err != nil { |
| 268 | + // This should never happen |
| 269 | + httpapi.InternalServerError(rw, xerrors.Errorf("[DEV ERROR] new request: %w", err)) |
| 270 | + return |
| 271 | + } |
| 272 | + userReq.Header.Set(codersdk.SessionTokenHeader, req.SessionToken) |
267 | 273 |
|
268 | 274 | // Exchange the token. |
269 | | - token, tokenStr, ok := api.AGPL.WorkspaceAppsProvider.CreateToken(ctx, rw, fakeReq, req.AppRequest) |
| 275 | + token, tokenStr, ok := api.AGPL.WorkspaceAppsProvider.CreateToken(ctx, rw, userReq, req.AppRequest) |
270 | 276 | if !ok { |
271 | 277 | return |
272 | 278 | } |
|
0 commit comments