Skip to content

Commit fe28e42

Browse files
committed
chore: Rename AppSigningKey to AppSecurityKey
1 parent a933d6d commit fe28e42

File tree

14 files changed

+84
-74
lines changed

14 files changed

+84
-74
lines changed

cli/server.go

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -781,7 +781,7 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
781781
// Read the app signing key from the DB. We store it hex encoded
782782
// since the config table uses strings for the value and we
783783
// don't want to deal with automatic encoding issues.
784-
appSigningKeyStr, err := tx.GetAppSigningKey(ctx)
784+
appSecurityKeyStr, err := tx.GetAppSecurityKey(ctx)
785785
if err != nil && !xerrors.Is(err, sql.ErrNoRows) {
786786
return xerrors.Errorf("get app signing key: %w", err)
787787
}
@@ -794,26 +794,26 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
794794
// generated automatically on failure. Any workspace app token
795795
// smuggling operations in progress may fail, although with a
796796
// helpful error.
797-
if decoded, err := hex.DecodeString(appSigningKeyStr); err != nil || len(decoded) != len(workspaceapps.SigningKey{}) {
798-
b := make([]byte, len(workspaceapps.SigningKey{}))
797+
if decoded, err := hex.DecodeString(appSecurityKeyStr); err != nil || len(decoded) != len(workspaceapps.SecurityKey{}) {
798+
b := make([]byte, len(workspaceapps.SecurityKey{}))
799799
_, err := rand.Read(b)
800800
if err != nil {
801801
return xerrors.Errorf("generate fresh app signing key: %w", err)
802802
}
803803

804-
appSigningKeyStr = hex.EncodeToString(b)
805-
err = tx.UpsertAppSigningKey(ctx, appSigningKeyStr)
804+
appSecurityKeyStr = hex.EncodeToString(b)
805+
err = tx.UpsertAppSecurityKey(ctx, appSecurityKeyStr)
806806
if err != nil {
807807
return xerrors.Errorf("insert freshly generated app signing key to database: %w", err)
808808
}
809809
}
810810

811-
appSigningKey, err := workspaceapps.KeyFromString(appSigningKeyStr)
811+
appSecurityKey, err := workspaceapps.KeyFromString(appSecurityKeyStr)
812812
if err != nil {
813813
return xerrors.Errorf("decode app signing key from database: %w", err)
814814
}
815815

816-
options.AppSigningKey = appSigningKey
816+
options.AppSecurityKey = appSecurityKey
817817
return nil
818818
}, nil)
819819
if err != nil {

coderd/coderd.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -123,9 +123,9 @@ type Options struct {
123123
SwaggerEndpoint bool
124124
SetUserGroups func(ctx context.Context, tx database.Store, userID uuid.UUID, groupNames []string) error
125125
TemplateScheduleStore schedule.TemplateScheduleStore
126-
// AppSigningKey denotes the symmetric key to use for signing temporary app
127-
// tokens.
128-
AppSigningKey workspaceapps.SigningKey
126+
// AppSecurityKey is the crypto key used to sign and encrypt tokens related to
127+
// workspace applications. It consists of both a signing and encryption key.
128+
AppSecurityKey workspaceapps.SecurityKey
129129
HealthcheckFunc func(ctx context.Context) (*healthcheck.Report, error)
130130
HealthcheckTimeout time.Duration
131131
HealthcheckRefresh time.Duration
@@ -302,7 +302,7 @@ func New(options *Options) *API {
302302
options.DeploymentValues,
303303
oauthConfigs,
304304
options.AgentInactiveDisconnectTimeout,
305-
options.AppSigningKey,
305+
options.AppSecurityKey,
306306
),
307307
metricsCache: metricsCache,
308308
Auditor: atomic.Pointer[audit.Auditor]{},
@@ -340,7 +340,7 @@ func New(options *Options) *API {
340340

341341
SignedTokenProvider: api.WorkspaceAppsProvider,
342342
WorkspaceConnCache: api.workspaceAgentCache,
343-
AppSigningKey: options.AppSigningKey,
343+
AppSecurityKey: options.AppSecurityKey,
344344
}
345345

346346
apiKeyMiddleware := httpmw.ExtractAPIKeyMW(httpmw.ExtractAPIKeyConfig{

coderd/coderdtest/coderdtest.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -80,9 +80,9 @@ import (
8080
"github.com/coder/coder/testutil"
8181
)
8282

83-
// AppSigningKey is a 64-byte key used to sign JWTs and encrypt JWEs for
83+
// AppSecurityKey is a 96-byte key used to sign JWTs and encrypt JWEs for
8484
// workspace app tokens in tests.
85-
var AppSigningKey = must(workspaceapps.KeyFromString("6465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e2077617320686572"))
85+
var AppSecurityKey = must(workspaceapps.KeyFromString("6465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e207761732068657265206465616e2077617320686572"))
8686

8787
type Options struct {
8888
// AccessURL denotes a custom access URL. By default we use the httptest
@@ -338,7 +338,7 @@ func NewOptions(t *testing.T, options *Options) (func(http.Handler), context.Can
338338
DeploymentValues: options.DeploymentValues,
339339
UpdateCheckOptions: options.UpdateCheckOptions,
340340
SwaggerEndpoint: options.SwaggerEndpoint,
341-
AppSigningKey: AppSigningKey,
341+
AppSecurityKey: AppSecurityKey,
342342
SSHConfig: options.ConfigSSH,
343343
HealthcheckFunc: options.HealthcheckFunc,
344344
HealthcheckTimeout: options.HealthcheckTimeout,

coderd/database/dbauthz/querier.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -379,14 +379,14 @@ func (q *querier) GetLogoURL(ctx context.Context) (string, error) {
379379
return q.db.GetLogoURL(ctx)
380380
}
381381

382-
func (q *querier) GetAppSigningKey(ctx context.Context) (string, error) {
382+
func (q *querier) GetAppSecurityKey(ctx context.Context) (string, error) {
383383
// No authz checks
384-
return q.db.GetAppSigningKey(ctx)
384+
return q.db.GetAppSecurityKey(ctx)
385385
}
386386

387-
func (q *querier) UpsertAppSigningKey(ctx context.Context, data string) error {
387+
func (q *querier) UpsertAppSecurityKey(ctx context.Context, data string) error {
388388
// No authz checks as this is done during startup
389-
return q.db.UpsertAppSigningKey(ctx, data)
389+
return q.db.UpsertAppSecurityKey(ctx, data)
390390
}
391391

392392
func (q *querier) GetServiceBanner(ctx context.Context) (string, error) {

coderd/database/dbfake/databasefake.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -141,7 +141,7 @@ type data struct {
141141
lastUpdateCheck []byte
142142
serviceBanner []byte
143143
logoURL string
144-
appSigningKey string
144+
appSecurityKey string
145145
lastLicenseID int32
146146
}
147147

@@ -4444,18 +4444,18 @@ func (q *fakeQuerier) GetLogoURL(_ context.Context) (string, error) {
44444444
return q.logoURL, nil
44454445
}
44464446

4447-
func (q *fakeQuerier) GetAppSigningKey(_ context.Context) (string, error) {
4447+
func (q *fakeQuerier) GetAppSecurityKey(_ context.Context) (string, error) {
44484448
q.mutex.RLock()
44494449
defer q.mutex.RUnlock()
44504450

4451-
return q.appSigningKey, nil
4451+
return q.appSecurityKey, nil
44524452
}
44534453

4454-
func (q *fakeQuerier) UpsertAppSigningKey(_ context.Context, data string) error {
4454+
func (q *fakeQuerier) UpsertAppSecurityKey(_ context.Context, data string) error {
44554455
q.mutex.Lock()
44564456
defer q.mutex.Unlock()
44574457

4458-
q.appSigningKey = data
4458+
q.appSecurityKey = data
44594459
return nil
44604460
}
44614461

coderd/database/querier.go

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries.sql.go

Lines changed: 6 additions & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/queries/siteconfig.sql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,9 +31,9 @@ ON CONFLICT (key) DO UPDATE SET value = $1 WHERE site_configs.key = 'logo_url';
3131
-- name: GetLogoURL :one
3232
SELECT value FROM site_configs WHERE key = 'logo_url';
3333

34-
-- name: GetAppSigningKey :one
34+
-- name: GetAppSecurityKey :one
3535
SELECT value FROM site_configs WHERE key = 'app_signing_key';
3636

37-
-- name: UpsertAppSigningKey :exec
37+
-- name: UpsertAppSecurityKey :exec
3838
INSERT INTO site_configs (key, value) VALUES ('app_signing_key', $1)
3939
ON CONFLICT (key) DO UPDATE set value = $1 WHERE site_configs.key = 'app_signing_key';

coderd/workspaceapps.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -123,7 +123,7 @@ func (api *API) workspaceApplicationAuth(rw http.ResponseWriter, r *http.Request
123123
}
124124

125125
// Encrypt the API key.
126-
encryptedAPIKey, err := api.AppSigningKey.EncryptAPIKey(workspaceapps.EncryptedAPIKeyPayload{
126+
encryptedAPIKey, err := api.AppSecurityKey.EncryptAPIKey(workspaceapps.EncryptedAPIKeyPayload{
127127
APIKey: cookie.Value,
128128
})
129129
if err != nil {

coderd/workspaceapps/db.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,12 +32,12 @@ type DBTokenProvider struct {
3232
DeploymentValues *codersdk.DeploymentValues
3333
OAuth2Configs *httpmw.OAuth2Configs
3434
WorkspaceAgentInactiveTimeout time.Duration
35-
SigningKey SigningKey
35+
SigningKey SecurityKey
3636
}
3737

3838
var _ SignedTokenProvider = &DBTokenProvider{}
3939

40-
func NewDBTokenProvider(log slog.Logger, accessURL *url.URL, authz rbac.Authorizer, db database.Store, cfg *codersdk.DeploymentValues, oauth2Cfgs *httpmw.OAuth2Configs, workspaceAgentInactiveTimeout time.Duration, signingKey SigningKey) SignedTokenProvider {
40+
func NewDBTokenProvider(log slog.Logger, accessURL *url.URL, authz rbac.Authorizer, db database.Store, cfg *codersdk.DeploymentValues, oauth2Cfgs *httpmw.OAuth2Configs, workspaceAgentInactiveTimeout time.Duration, signingKey SecurityKey) SignedTokenProvider {
4141
if workspaceAgentInactiveTimeout == 0 {
4242
workspaceAgentInactiveTimeout = 1 * time.Minute
4343
}

0 commit comments

Comments
 (0)