coder

shishantbiswas/coder

Fork 0

mirror of https://github.com/coder/coder.git synced 2026-06-03 13:08:25 +00:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Ethan	6a9b896f5b	fix!: use client ip when creating connection logs for workspace proxied app accesses (#19788 ) Breaking API Change: > The presence of the `ip` field on `codersdk.ConnectionLog` cannot be guaranteed, and so the field has been made optional. It may be omitted on API responses. When running a scaletest, I noticed logs of the form: ``` 2025-09-12 06:34:10.924 [erro] coderd.workspaceapps: upsert connection log failed trace=0xa17580 span=0xa17620 workspace_id=81b937d7-5777-4df5-b5cb-80241f30326f agent_id=78b2ff6d-b4a6-4a4e-88a7-283e05455a88 app_id=00000000-0000-0000-0000-000000000000 user_id=00000000-0000-0000-0000-000000000000 user_agent="" app_slug_or_port=terminal status_code=404 request_id=67f03cf8-9523-444a-97bc-90de080a54c8 ... error= 1 error occurred: * pq: null value in column "ip" of relation "connection_logs" violates not-null constraint ``` to ensure logs are never omitted from the connection log due to a missing IP again (i.e. I'm not sure if we can always rely on a valid, parseable, IP from `(http.Request).RemoteAddr`), I've removed the `NOT NULL` constraint on `ip` on `connection_logs`, and made `ip` on the API response optional. The specific cause for these null IPs was the `/workspaceproxies/me/issue-signed-app-token [post]` endpoint constructing it's own `http.Request` without a `RemoteAddr` set, and then passing that to the token issuer. To solve this, we'll have workspace proxies send the real IP of the client when calling `/workspaceproxies/me/issue-signed-app-token [post]` via the header `Coder-Workspace-Proxy-Real-IP`.	2025-09-15 12:30:17 +10:00
Ethan	7a339a1ffe	feat: add `connectionlogs` API (#18628 ) This is the second PR for moving connection events out of the audit log. This PR: - Adds the `/api/v2/connectionlog` endpoint - Adds filtering for `GetAuthorizedConnectionLogsOffset` and thus the endpoint. There's quite a few, but I was aiming for feature parity with the audit log. 1. `organization:<id\|name>` 2. `workspace_owner:<username>` 3. `workspace_owner_email:<email>` 4. `type:<ssh\|vscode\|jetbrains\|reconnecting_pty\|workspace_app\|port_forwarding>` 5. `username:<username>` - Only includes web-based connection events (workspace apps, web port forwarding) as only those include user metadata. 6. `user_email:<email>` 7. `connected_after:<time>` 8. `connected_before:<time>` 9. `workspace_id:<id>` 10. `connection_id:<id>` - If you have one snapshot of the connection log, and some sessions are ongoing in that snapshot, you could use this filter to check if they've been closed since. 11. `status:<connected\|disconnected>` - If `connected` only sessions with a null `close_time` are returned, if `disconnected`, only those with a non-null `close_time`. If filter is omitted, both are returned. Future PRs: - Populate `count` on `ConnectionLogResponse` using a seperate query (to preemptively mitigate the issue described in #17689) - Implement a table in the Web UI for viewing connection logs. - Write a query to delete old events from the audit log, call it from dbpurge. - Write documentation for the endpoint / feature (including these filters)	2025-07-15 14:55:34 +10:00

Ethan

6a9b896f5b

fix!: use client ip when creating connection logs for workspace proxied app accesses (#19788 )

Breaking API Change: 
> The presence of the `ip` field on `codersdk.ConnectionLog` cannot be
guaranteed, and so the field has been made optional. It may be omitted
on API responses.

When running a scaletest, I noticed logs of the form:
```
2025-09-12 06:34:10.924 [erro]  coderd.workspaceapps: upsert connection log failed  trace=0xa17580  span=0xa17620  workspace_id=81b937d7-5777-4df5-b5cb-80241f30326f  agent_id=78b2ff6d-b4a6-4a4e-88a7-283e05455a88  app_id=00000000-0000-0000-0000-000000000000  user_id=00000000-0000-0000-0000-000000000000  user_agent=""  app_slug_or_port=terminal  status_code=404  request_id=67f03cf8-9523-444a-97bc-90de080a54c8 ...
    error= 1 error occurred:
           	* pq: null value in column "ip" of relation "connection_logs" violates not-null constraint
```

to ensure logs are never omitted from the connection log due to a
missing IP again (i.e. I'm not sure if we can always rely on a valid,
parseable, IP from `(http.Request).RemoteAddr`), I've removed the `NOT
NULL` constraint on `ip` on `connection_logs`, and made `ip` on the API
response optional.


The specific cause for these null IPs was the
`/workspaceproxies/me/issue-signed-app-token [post]` endpoint
constructing it's own `http.Request` without a `RemoteAddr` set, and
then passing that to the token issuer.

To solve this, we'll have workspace proxies send the real IP of the
client when calling `/workspaceproxies/me/issue-signed-app-token [post]`
via the header `Coder-Workspace-Proxy-Real-IP`.

2025-09-15 12:30:17 +10:00

Ethan

7a339a1ffe

feat: add connectionlogs API (#18628 )

This is the second PR for moving connection events out of the audit log.

This PR:
- Adds the `/api/v2/connectionlog` endpoint
- Adds filtering for `GetAuthorizedConnectionLogsOffset` and thus the endpoint. 
There's quite a few, but I was aiming for feature parity with the audit log.
  1. `organization:<id|name>`
  2. `workspace_owner:<username>`
  3. `workspace_owner_email:<email>`
  4. `type:<ssh|vscode|jetbrains|reconnecting_pty|workspace_app|port_forwarding>`
  5. `username:<username>` 
     - Only includes web-based connection events (workspace apps, web port forwarding) as only those include user metadata.
  6. `user_email:<email>`
  7. `connected_after:<time>`
  8. `connected_before:<time>`
  9. `workspace_id:<id>`
  10. `connection_id:<id>`
      - If you have one snapshot of the connection log, and some sessions are ongoing in that snapshot, you could use this filter to check if they've been closed since.
  11. `status:<connected|disconnected>`
       - If `connected` only sessions with a null `close_time` are returned, if `disconnected`, only those with a non-null `close_time`. If filter is omitted, both are returned.
       
Future PRs:
- Populate `count` on `ConnectionLogResponse` using a seperate query (to preemptively mitigate the issue described in #17689)
- Implement a table in the Web UI for viewing connection logs.
- Write a query to delete old events from the audit log, call it from dbpurge.
- Write documentation for the endpoint / feature (including these filters)

2025-07-15 14:55:34 +10:00

2 Commits