chore: support signed token query param for web terminal (#7197)

* chore: add endpoint to get token for web terminal * chore: support signed token query param for web terminal
2026-06-02 20:48:20 +00:00 · 2023-04-20 16:59:45 -07:00
parent ac3c530283
commit 68667323f3
25 changed files with 886 additions and 164 deletions
@@ -47,6 +47,15 @@ const (
 	// token.
 	//nolint:gosec
 	DevURLSignedAppTokenCookie = "coder_devurl_signed_app_token"
+	// SignedAppTokenQueryParameter is the name of the query parameter that
+	// stores a temporary JWT that can be used to authenticate instead of the
+	// session token. This is only acceptable on reconnecting-pty requests, not
+	// apps.
+	//
+	// It has a random suffix to avoid conflict with user query parameters on
+	// apps.
+	//nolint:gosec
+	SignedAppTokenQueryParameter = "coder_signed_app_token_23db1dde"

 	// BypassRatelimitHeader is the custom header to use to bypass ratelimits.
 	// Only owners can bypass rate limits. This is typically used for scale testing.
@@ -289,8 +298,8 @@ func ReadBodyAsError(res *http.Response) error {

 	mimeType := parseMimeType(contentType)
 	if mimeType != "application/json" {
-		if len(resp) > 1024 {
-			resp = append(resp[:1024], []byte("...")...)
+		if len(resp) > 2048 {
+			resp = append(resp[:2048], []byte("...")...)
 		}
 		if len(resp) == 0 {
 			resp = []byte("no response body")