limiting lifetime days to maxTokenLifetime

coder · Kira-Pilot · Mar 16, 2023 · Mar 8, 2023 · Mar 9, 2023 · Mar 10, 2023
commit f0620fe17726e595c679e72d30388e1eb0234994
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -136,6 +136,7 @@
     "thead",
     "tios",
     "tmpdir",
+    "tokenconfig",
     "tparallel",
     "trialer",
     "trimprefix",

diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go
diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -400,6 +400,7 @@ func New(options *Options) *API {
 		r.Route("/config", func(r chi.Router) {
 			r.Use(apiKeyMiddleware)
 			r.Get("/deployment", api.deploymentValues)
+			r.Get("/tokenconfig", api.tokenConfig)
 		})
 		r.Route("/audit", func(r chi.Router) {
 			r.Use(

diff --git a/coderd/deploymentconfig.go b/coderd/deploymentconfig.go
@@ -1,7 +1,9 @@
 package coderd
 
 import (
+	"math"
 	"net/http"
+    	"time"
 
 	"github.com/coder/coder/coderd/httpapi"
 	"github.com/coder/coder/coderd/rbac"
@@ -35,3 +37,34 @@ func (api *API) deploymentValues(rw http.ResponseWriter, r *http.Request) {
 		},
 	)
 }
+
+// @Summary Get token config
+// @ID get-token-config
+// @Security CoderSessionToken
+// @Produce json
+// @Tags General
+// @Success 200 {object} codersdk.TokenConfig
+// @Router /config/tokenconfig [get]
+func (api *API) tokenConfig(rw http.ResponseWriter, r *http.Request) {
+	values, err := api.DeploymentValues.WithoutSecrets()
+	if err != nil {
+		httpapi.InternalServerError(rw, err)
+		return
+	}
+
+	var maxTokenLifetime time.Duration
+	// if --max-token-lifetime is unset (default value is math.MaxInt64)
+	// send back a falsy value
+	if values.MaxTokenLifetime.Value() == time.Duration(math.MaxInt64) {
+		maxTokenLifetime = 0
+	} else {
+		maxTokenLifetime = values.MaxTokenLifetime.Value()
+	}
+
+	httpapi.Write(
+		r.Context(), rw, http.StatusOK,
+		codersdk.TokenConfig{
+			MaxTokenLifetime: maxTokenLifetime,
+		},
+	)
+}
diff --git a/codersdk/apikey.go b/codersdk/apikey.go
@@ -97,6 +97,10 @@ type APIKeyWithOwner struct {
 	Username string `json:"username"`
 }
 
+type TokenConfig struct {
+	MaxTokenLifetime time.Duration `json:"max_token_lifetime"`
+}
+
 // asRequestOption returns a function that can be used in (*Client).Request.
 // It modifies the request query parameters.
 func (f TokensFilter) asRequestOption() RequestOption {
@@ -161,3 +165,17 @@ func (c *Client) DeleteAPIKey(ctx context.Context, userID string, id string) err
 	}
 	return nil
 }
+
+// GetTokenConfig returns deployment options related to token management
+func (c *Client) GetTokenConfig(ctx context.Context) (TokenConfig, error) {
+	res, err := c.Request(ctx, http.MethodGet, "/api/v2/config/tokenconfig", nil)
+	if err != nil {
+		return TokenConfig{}, err
+	}
+	defer res.Body.Close()
+	if res.StatusCode > http.StatusOK {
+		return TokenConfig{}, ReadBodyAsError(res)
+	}
+	tokenConfig := TokenConfig{}
+	return tokenConfig, json.NewDecoder(res.Body).Decode(&tokenConfig)
+}
diff --git a/docs/api/general.md b/docs/api/general.md
@@ -362,6 +362,37 @@ curl -X GET http://coder-server:8080/api/v2/config/deployment \
 
 To perform this operation, you must be authenticated. [Learn more](authentication.md).
 
+## Get token config
+
+### Code samples
+
+```shell
+# Example request using curl
+curl -X GET http://coder-server:8080/api/v2/config/tokenconfig \
+  -H 'Accept: application/json' \
+  -H 'Coder-Session-Token: API_KEY'
+```
+
+`GET /config/tokenconfig`
+
+### Example responses
+
+> 200 Response
+
+```json
+{
+  "max_token_lifetime": 0
+}
+```
+
+### Responses
+
+| Status | Meaning                                                 | Description | Schema                                                 |
+| ------ | ------------------------------------------------------- | ----------- | ------------------------------------------------------ |
+| 200    | [OK](https://tools.ietf.org/html/rfc7231#section-6.3.1) | OK          | [codersdk.TokenConfig](schemas.md#codersdktokenconfig) |
+
+To perform this operation, you must be authenticated. [Learn more](authentication.md).
+
 ## Report CSP violations
 
 ### Code samples

diff --git a/docs/api/schemas.md b/docs/api/schemas.md
@@ -3754,6 +3754,20 @@ Parameter represents a set value for the scope.
 | `type`   | `number` |
 | `type`   | `bool`   |
 
+## codersdk.TokenConfig
+
+```json
+{
+  "max_token_lifetime": 0
+}
+```
+
+### Properties
+
+| Name                 | Type    | Required | Restrictions | Description |
+| -------------------- | ------- | -------- | ------------ | ----------- |
+| `max_token_lifetime` | integer | false    |              |             |
+
 ## codersdk.TraceConfig
 
 ```json

@@ -164,6 +164,11 @@ export const createToken = async (
   return response.data
 }
 
+export const getTokenConfig = async (): Promise<TypesGen.TokenConfig> => {
+  const response = await axios.get("/api/v2/config/tokenconfig")
+  return response.data
+}
+
 export const getUsers = async (
   options: TypesGen.UsersRequest,
 ): Promise<TypesGen.GetUsersResponse> => {

@@ -902,6 +902,12 @@ export interface TemplateVersionsByTemplateRequest extends Pagination {
   readonly template_id: string
 }
 
+// From codersdk/apikey.go
+export interface TokenConfig {
+  // This is likely an enum in an external package ("time.Duration")
+  readonly max_token_lifetime: number
+}
+
 // From codersdk/apikey.go
 export interface TokensFilter {
   readonly include_all: boolean