coder
diff --git a/‎Makefile
Lines changed: 19 additions & 6 deletions b/‎Makefile
Lines changed: 19 additions & 6 deletions
diff --git a/‎agent/ports_supported.go
Lines changed: 1 addition & 1 deletion b/‎agent/ports_supported.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎cli/clitest/clitest.go
Lines changed: 5 additions & 1 deletion b/‎cli/clitest/clitest.go
Lines changed: 5 additions & 1 deletion
diff --git a/‎cli/deployment/config.go
Lines changed: 9 additions & 1 deletion b/‎cli/deployment/config.go
Lines changed: 9 additions & 1 deletion
diff --git a/‎cli/rename_test.go
Lines changed: 3 additions & 1 deletion b/‎cli/rename_test.go
Lines changed: 3 additions & 1 deletion
diff --git a/‎cli/root.go
Lines changed: 1 addition & 0 deletions b/‎cli/root.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎cli/server.go
Lines changed: 15 additions & 4 deletions b/‎cli/server.go
Lines changed: 15 additions & 4 deletions
diff --git a/‎cli/speedtest.go
Lines changed: 2 additions & 2 deletions b/‎cli/speedtest.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎cli/ssh_test.go
Lines changed: 2 additions & 0 deletions b/‎cli/ssh_test.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎cli/testdata/coder_server_--help.golden
Lines changed: 3 additions & 1 deletion b/‎cli/testdata/coder_server_--help.golden
Lines changed: 3 additions & 1 deletion
diff --git a/‎cli/vscodeipc.go
Lines changed: 88 additions & 0 deletions b/‎cli/vscodeipc.go
Lines changed: 88 additions & 0 deletions
@@ -44,10 +44,17 @@ else
 ZSTDFLAGS := -6
 endif
 
+# Common paths to exclude from find commands, this rule is written so
+# that it can be it can be used in a chain of AND statements (meaning
+# you can simply write `find . $(FIND_EXCLUSIONS) -name thing-i-want`).
+# Note, all find statements should be written with `.` or `./path` as
+# the search path so that these exclusions match.
+FIND_EXCLUSIONS= \
+	-not \( \( -path '*/.git/*' -o -path './build/*' -o -path './vendor/*' -o -path './.coderv2/*' -o -path '*/node_modules/*' -o -path './site/out/*' \) -prune \)
 # Source files used for make targets, evaluated on use.
-GO_SRC_FILES = $(shell find . -not \( -path './.git/*' -o -path './build/*' -o -path './vendor/*' -o -path './.coderv2/*' -o -path './site/node_modules/*' -o -path './site/out/*' \) -type f -name '*.go')
+GO_SRC_FILES = $(shell find . $(FIND_EXCLUSIONS) -type f -name '*.go')
 # All the shell files in the repo, excluding ignored files.
-SHELL_SRC_FILES = $(shell find . -not \( -path './.git/*' -o -path './build/*' -o -path './vendor/*' -o -path './.coderv2/*' -o -path './site/node_modules/*' -o -path './site/out/*' \) -type f -name '*.sh')
+SHELL_SRC_FILES = $(shell find . $(FIND_EXCLUSIONS) -type f -name '*.sh')
 
 # All ${OS}_${ARCH} combos we build for. Windows binaries have the .exe suffix.
 OS_ARCHES := \
@@ -341,7 +348,7 @@ build/coder_helm_$(VERSION).tgz:
 		--version "$(VERSION)" \
 		--output "$@"
 
-site/out/index.html: site/package.json $(shell find ./site -not -path './site/node_modules/*' -type f \( -name '*.ts' -o -name '*.tsx' \))
+site/out/index.html: site/package.json $(shell find ./site $(FIND_EXCLUSIONS) -type f \( -name '*.ts' -o -name '*.tsx' \))
 	./scripts/yarn_install.sh
 	cd site
 	yarn build
@@ -403,13 +410,14 @@ gen: \
 	provisionersdk/proto/provisioner.pb.go \
 	provisionerd/proto/provisionerd.pb.go \
 	site/src/api/typesGenerated.ts \
-	docs/admin/prometheus.md
+	docs/admin/prometheus.md \
+	coderd/apidoc/swagger.json
 .PHONY: gen
 
 # Mark all generated files as fresh so make thinks they're up-to-date. This is
 # used during releases so we don't run generation scripts.
 gen/mark-fresh:
-	files="coderd/database/dump.sql coderd/database/querier.go provisionersdk/proto/provisioner.pb.go provisionerd/proto/provisionerd.pb.go site/src/api/typesGenerated.ts docs/admin/prometheus.md"
+	files="coderd/database/dump.sql coderd/database/querier.go provisionersdk/proto/provisioner.pb.go provisionerd/proto/provisionerd.pb.go site/src/api/typesGenerated.ts docs/admin/prometheus.md coderd/apidoc/swagger.json"
 	for file in $$files; do
 		echo "$$file"
 		if [ ! -f "$$file" ]; then
@@ -447,7 +455,7 @@ provisionerd/proto/provisionerd.pb.go: provisionerd/proto/provisionerd.proto
 		--go-drpc_opt=paths=source_relative \
 		./provisionerd/proto/provisionerd.proto
 
-site/src/api/typesGenerated.ts: scripts/apitypings/main.go $(shell find codersdk -type f -name '*.go')
+site/src/api/typesGenerated.ts: scripts/apitypings/main.go $(shell find ./codersdk $(FIND_EXCLUSIONS) -type f -name '*.go')
 	go run scripts/apitypings/main.go > site/src/api/typesGenerated.ts
 	cd site
 	yarn run format:types
@@ -457,6 +465,11 @@ docs/admin/prometheus.md: scripts/metricsdocgen/main.go scripts/metricsdocgen/me
 	cd site
 	yarn run format:write ../docs/admin/prometheus.md
 
+coderd/apidoc/swagger.json: $(shell find ./scripts/apidocgen -not \( -path './scripts/apidocgen/node_modules' -prune \) -type f) $(wildcard coderd/*.go) $(wildcard codersdk/*.go)
+	./scripts/apidocgen/generate.sh
+	cd site
+	yarn run format:write ../docs/api ../docs/manifest.json ../coderd/apidoc/swagger.json
+
 update-golden-files: cli/testdata/.gen-golden
 .PHONY: update-golden-files
 
 
@@ -32,7 +32,7 @@ func (lp *listeningPortsHandler) getListeningPorts() ([]codersdk.ListeningPort,
 	seen := make(map[uint16]struct{}, len(tabs))
 	ports := []codersdk.ListeningPort{}
 	for _, tab := range tabs {
-		if tab.LocalAddr == nil || tab.LocalAddr.Port < uint16(codersdk.MinimumListeningPort) {
+		if tab.LocalAddr == nil || tab.LocalAddr.Port < codersdk.MinimumListeningPort {
 			continue
 		}
 
 
@@ -8,6 +8,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"strings"
 	"testing"
 
 	"github.com/spf13/cobra"
@@ -55,7 +56,7 @@ func CreateTemplateVersionSource(t *testing.T, responses *echo.Responses) string
 	directory := t.TempDir()
 	f, err := ioutil.TempFile(directory, "*.tf")
 	require.NoError(t, err)
-	f.Close()
+	_ = f.Close()
 	data, err := echo.Tar(responses)
 	require.NoError(t, err)
 	extractTar(t, data, directory)
@@ -70,6 +71,9 @@ func extractTar(t *testing.T, data []byte, directory string) {
 			break
 		}
 		require.NoError(t, err)
+		if header.Name == "." || strings.Contains(header.Name, "..") {
+			continue
+		}
 		// #nosec
 		path := filepath.Join(directory, header.Name)
 		mode := header.FileInfo().Mode()
 
@@ -303,7 +303,7 @@ func newConfig() *codersdk.DeploymentConfig {
 				Name:    "TLS Client Auth",
 				Usage:   "Policy the server will follow for TLS Client Authentication. Accepted values are \"none\", \"request\", \"require-any\", \"verify-if-given\", or \"require-and-verify\".",
 				Flag:    "tls-client-auth",
-				Default: "request",
+				Default: "none",
 			},
 			KeyFiles: &codersdk.DeploymentConfigField[[]string]{
 				Name:  "TLS Key Files",
@@ -452,6 +452,14 @@ func newConfig() *codersdk.DeploymentConfig {
 			Flag:    "max-token-lifetime",
 			Default: 24 * 30 * time.Hour,
 		},
+		Swagger: &codersdk.SwaggerConfig{
+			Enable: &codersdk.DeploymentConfigField[bool]{
+				Name:    "Enable swagger endpoint",
+				Usage:   "Expose the swagger endpoint via /swagger.",
+				Flag:    "swagger-enable",
+				Default: false,
+			},
+		},
 	}
 }
 
 
@@ -27,7 +27,9 @@ func TestRename(t *testing.T) {
 	ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
 	defer cancel()
 
-	want := workspace.Name + "-test"
+	// Only append one letter because it's easy to exceed maximum length:
+	// E.g. "compassionate-chandrasekhar82" + "t".
+	want := workspace.Name + "t"
 	cmd, root := clitest.New(t, "rename", workspace.Name, want, "--yes")
 	clitest.SetupConfig(t, client, root)
 	pty := ptytest.New(t)
 
@@ -98,6 +98,7 @@ func Core() []*cobra.Command {
 		users(),
 		versionCmd(),
 		workspaceAgent(),
+		vscodeipcCmd(),
 	}
 }
 
 
@@ -678,6 +678,10 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
 				), cfg.Prometheus.Address.Value, "prometheus")()
 			}
 
+			if cfg.Swagger.Enable.Value {
+				options.SwaggerEndpoint = cfg.Swagger.Enable.Value
+			}
+
 			// We use a separate coderAPICloser so the Enterprise API
 			// can have it's own close functions. This is cleaner
 			// than abstracting the Coder API itself.
@@ -687,16 +691,17 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
 			}
 
 			client := codersdk.New(localURL)
-			if cfg.TLS.Enable.Value {
-				// Secure transport isn't needed for locally communicating!
+			if localURL.Scheme == "https" && isLocalhost(localURL.Hostname()) {
+				// The certificate will likely be self-signed or for a different
+				// hostname, so we need to skip verification.
 				client.HTTPClient.Transport = &http.Transport{
 					TLSClientConfig: &tls.Config{
 						//nolint:gosec
 						InsecureSkipVerify: true,
 					},
 				}
-				defer client.HTTPClient.CloseIdleConnections()
 			}
+			defer client.HTTPClient.CloseIdleConnections()
 
 			// This is helpful for tests, but can be silently ignored.
 			// Coder may be ran as users that don't have permission to write in the homedir,
@@ -1400,7 +1405,7 @@ func startBuiltinPostgres(ctx context.Context, cfg config.Root, logger slog.Logg
 	if err != nil {
 		return "", nil, xerrors.Errorf("read postgres port: %w", err)
 	}
-	pgPort, err := strconv.Atoi(pgPortRaw)
+	pgPort, err := strconv.ParseUint(pgPortRaw, 10, 16)
 	if err != nil {
 		return "", nil, xerrors.Errorf("parse postgres port: %w", err)
 	}
@@ -1461,3 +1466,9 @@ func redirectHTTPToAccessURL(handler http.Handler, accessURL *url.URL) http.Hand
 		handler.ServeHTTP(w, r)
 	})
 }
+
+// isLocalhost returns true if the host points to the local machine. Intended to
+// be called with `u.Hostname()`.
+func isLocalhost(host string) bool {
+	return host == "localhost" || host == "127.0.0.1" || host == "::1"
+}
@@ -71,7 +71,7 @@ func speedtest() *cobra.Command {
 						return ctx.Err()
 					case <-ticker.C:
 					}
-					dur, err := conn.Ping(ctx)
+					dur, p2p, err := conn.Ping(ctx)
 					if err != nil {
 						continue
 					}
@@ -80,7 +80,7 @@ func speedtest() *cobra.Command {
 						continue
 					}
 					peer := status.Peer[status.Peers()[0]]
-					if peer.CurAddr == "" && direct {
+					if !p2p && direct {
 						cmd.Printf("Waiting for a direct connection... (%dms via %s)\n", dur.Milliseconds(), peer.Relay)
 						continue
 					}
 
@@ -65,6 +65,8 @@ func setupWorkspaceForAgent(t *testing.T, mutate func([]*proto.Agent) []*proto.A
 	template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
 	workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID)
 	coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID)
+	workspace, err := client.Workspace(context.Background(), workspace.ID)
+	require.NoError(t, err)
 
 	return client, workspace, agentToken
 }
 
@@ -169,6 +169,8 @@ Flags:
                                                      "ecdsa", or "rsa4096".
                                                      Consumes $CODER_SSH_KEYGEN_ALGORITHM
                                                      (default "ed25519")
+      --swagger-enable                               Expose the swagger endpoint via /swagger.
+                                                     Consumes $CODER_SWAGGER_ENABLE
       --telemetry                                    Whether telemetry is enabled or not.
                                                      Coder collects anonymized usage data to
                                                      help improve our product.
@@ -196,7 +198,7 @@ Flags:
                                                      "verify-if-given", or
                                                      "require-and-verify".
                                                      Consumes $CODER_TLS_CLIENT_AUTH (default
-                                                     "request")
+                                                     "none")
       --tls-client-ca-file string                    PEM-encoded Certificate Authority file
                                                      used for checking the authenticity of
                                                      client
 
@@ -0,0 +1,88 @@
+package cli
+
+import (
+	"fmt"
+	"net"
+	"net/http"
+	"net/url"
+
+	"github.com/google/uuid"
+	"github.com/spf13/cobra"
+	"golang.org/x/xerrors"
+
+	"github.com/coder/coder/cli/cliflag"
+	"github.com/coder/coder/cli/vscodeipc"
+	"github.com/coder/coder/codersdk"
+)
+
+// vscodeipcCmd spawns a local HTTP server on the provided port that listens to messages.
+// It's made for use by the Coder VS Code extension. See: https://github.com/coder/vscode-coder
+func vscodeipcCmd() *cobra.Command {
+	var (
+		rawURL string
+		token  string
+		port   uint16
+	)
+	cmd := &cobra.Command{
+		Use:          "vscodeipc <workspace-agent>",
+		Args:         cobra.ExactArgs(1),
+		SilenceUsage: true,
+		Hidden:       true,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if rawURL == "" {
+				return xerrors.New("CODER_URL must be set!")
+			}
+			// token is validated in a header on each request to prevent
+			// unauthenticated clients from connecting.
+			if token == "" {
+				return xerrors.New("CODER_TOKEN must be set!")
+			}
+			listener, err := net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", port))
+			if err != nil {
+				return xerrors.Errorf("listen: %w", err)
+			}
+			defer listener.Close()
+			addr, ok := listener.Addr().(*net.TCPAddr)
+			if !ok {
+				return xerrors.Errorf("listener.Addr() is not a *net.TCPAddr: %T", listener.Addr())
+			}
+			url, err := url.Parse(rawURL)
+			if err != nil {
+				return err
+			}
+			agentID, err := uuid.Parse(args[0])
+			if err != nil {
+				return err
+			}
+			client := codersdk.New(url)
+			client.SetSessionToken(token)
+
+			handler, closer, err := vscodeipc.New(cmd.Context(), client, agentID, nil)
+			if err != nil {
+				return err
+			}
+			defer closer.Close()
+			// nolint:gosec
+			server := http.Server{
+				Handler: handler,
+			}
+			defer server.Close()
+			_, _ = fmt.Fprintf(cmd.OutOrStdout(), "%s\n", addr.String())
+			errChan := make(chan error, 1)
+			go func() {
+				err := server.Serve(listener)
+				errChan <- err
+			}()
+			select {
+			case <-cmd.Context().Done():
+				return cmd.Context().Err()
+			case err := <-errChan:
+				return err
+			}
+		},
+	}
+	cliflag.StringVarP(cmd.Flags(), &rawURL, "url", "u", "CODER_URL", "", "The URL of the Coder instance!")
+	cliflag.StringVarP(cmd.Flags(), &token, "token", "t", "CODER_TOKEN", "", "The session token of the user!")
+	cmd.Flags().Uint16VarP(&port, "port", "p", 0, "The port to listen on!")
+	return cmd
+}
Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ func (lp *listeningPortsHandler) getListeningPorts() ([]codersdk.ListeningPort,`
`32`	`32`	`seen := make(map[uint16]struct{}, len(tabs))`
`33`	`33`	`ports := []codersdk.ListeningPort{}`
`34`	`34`	`for _, tab := range tabs {`
`35`		`- if tab.LocalAddr == nil \|\| tab.LocalAddr.Port < uint16(codersdk.MinimumListeningPort) {`
	`35`	`+ if tab.LocalAddr == nil \|\| tab.LocalAddr.Port < codersdk.MinimumListeningPort {`
`36`	`36`	`continue`
`37`	`37`	`}`
`38`	`38`
Original file line number	Diff line number	Diff line change
`@@ -98,6 +98,7 @@ func Core() []*cobra.Command {`
`98`	`98`	`users(),`
`99`	`99`	`versionCmd(),`
`100`	`100`	`workspaceAgent(),`
	`101`	`+ vscodeipcCmd(),`
`101`	`102`	`}`
`102`	`103`	`}`
`103`	`104`
Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@ func speedtest() *cobra.Command {`
`71`	`71`	`return ctx.Err()`
`72`	`72`	`case <-ticker.C:`
`73`	`73`	`}`
`74`		`- dur, err := conn.Ping(ctx)`
	`74`	`+ dur, p2p, err := conn.Ping(ctx)`
`75`	`75`	`if err != nil {`
`76`	`76`	`continue`
`77`	`77`	`}`
`@@ -80,7 +80,7 @@ func speedtest() *cobra.Command {`
`80`	`80`	`continue`
`81`	`81`	`}`
`82`	`82`	`peer := status.Peer[status.Peers()[0]]`
`83`		`- if peer.CurAddr == "" && direct {`
	`83`	`+ if !p2p && direct {`
`84`	`84`	`cmd.Printf("Waiting for a direct connection... (%dms via %s)\n", dur.Milliseconds(), peer.Relay)`
`85`	`85`	`continue`
`86`	`86`	`}`
Original file line number	Diff line number	Diff line change
`@@ -65,6 +65,8 @@ func setupWorkspaceForAgent(t testing.T, mutate func([]proto.Agent) []*proto.A`
`65`	`65`	`template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)`
`66`	`66`	`workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID)`
`67`	`67`	`coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID)`
	`68`	`+ workspace, err := client.Workspace(context.Background(), workspace.ID)`
	`69`	`+ require.NoError(t, err)`
`68`	`70`
`69`	`71`	`return client, workspace, agentToken`
`70`	`72`	`}`