[server] WorkspaceService.getOwnerToken

Author: geropl

components/server/src/workspace/gitpod-server-impl.ts

@@ -875,7 +875,7 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
         traceAPIParams(ctx, { workspaceId });
         traceWI(ctx, { workspaceId });
 
-        await this.checkAndBlockUser("getOwnerToken");
+        const user = await this.checkAndBlockUser("getOwnerToken");
 
         const workspace = await this.workspaceDb.trace(ctx).findById(workspaceId);
         if (!workspace) {
@@ -886,11 +886,7 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
         const latestInstance = await this.workspaceDb.trace(ctx).findCurrentInstance(workspaceId);
         await this.guardAccess({ kind: "workspaceInstance", subject: latestInstance, workspace }, "get");
 
-        const ownerToken = latestInstance?.status.ownerToken;
-        if (!ownerToken) {
-            throw new Error("owner token not found");
-        }
-        return ownerToken;
+        return await this.workspaceService.getOwnerToken(user.id, workspaceId);
     }
 
     public async getIDECredentials(ctx: TraceContext, workspaceId: string): Promise<string> {
@@ -3261,7 +3257,7 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
 
     async adminForceStopWorkspace(ctx: TraceContext, workspaceId: string): Promise<void> {
         traceAPIParams(ctx, { workspaceId });
-        
+
         const admin = await this.guardAdminAccess(
             "adminForceStopWorkspace",
             { id: workspaceId },

components/server/src/workspace/workspace-service.spec.db.ts

@@ -98,6 +98,23 @@ describe("WorkspaceService", async () => {
         await expectError(ErrorCodes.NOT_FOUND, () => svc.getWorkspace(stranger.id, ws.id));
     });
 
+    it("should getOwnerToken", async () => {
+        const svc = container.get(WorkspaceService);
+        const ws = await createTestWorkspace(svc, org, owner, project);
+
+        await expectError(
+            ErrorCodes.NOT_FOUND,
+            () => svc.getWorkspace(owner.id, ws.id),
+            "NOT_FOUND for non-running workspace",
+        );
+
+        await expectError(
+            ErrorCodes.NOT_FOUND,
+            () => svc.getWorkspace(stranger.id, ws.id),
+            "NOT_FOUND if stranger asks for the owner token",
+        );
+    });
+
     it("should stopWorkspace", async () => {
         const svc = container.get(WorkspaceService);
         const ws = await createTestWorkspace(svc, org, owner, project);
@@ -144,7 +161,7 @@ describe("WorkspaceService", async () => {
         );
     });
 
-    it("should dhardDeleteWorkspace", async () => {
+    it("should hardDeleteWorkspace", async () => {
         const svc = container.get(WorkspaceService);
         const ws = await createTestWorkspace(svc, org, owner, project);
 

components/server/src/workspace/workspace-service.ts

@@ -61,11 +61,21 @@ export class WorkspaceService {
     async getWorkspace(userId: string, workspaceId: string): Promise<Workspace> {
         await this.auth.checkPermissionOnWorkspace(userId, "access", workspaceId);
 
-        const workspace = await this.db.findById(workspaceId);
-        if (!workspace || !!workspace.softDeleted || workspace.deleted) {
-            throw new ApplicationError(ErrorCodes.NOT_FOUND, "Workspace not found.");
+        return this.doGetWorkspace(workspaceId);
+    }
+
+    async getOwnerToken(userId: string, workspaceId: string): Promise<string> {
+        await this.auth.checkPermissionOnWorkspace(userId, "access", workspaceId);
+
+        // Check: is deleted?
+        await this.doGetWorkspace(workspaceId);
+
+        const latestInstance = await this.db.findCurrentInstance(workspaceId);
+        const ownerToken = latestInstance?.status.ownerToken;
+        if (!ownerToken) {
+            throw new ApplicationError(ErrorCodes.NOT_FOUND, "owner token not found");
         }
-        return workspace;
+        return ownerToken;
     }
 
     async stopWorkspace(
@@ -76,7 +86,7 @@ export class WorkspaceService {
     ): Promise<void> {
         await this.auth.checkPermissionOnWorkspace(userId, "stop", workspaceId);
 
-        const workspace = await this.getWorkspace(userId, workspaceId);
+        const workspace = await this.doGetWorkspace(workspaceId);
         const instance = await this.db.findRunningInstance(workspace.id);
         if (!instance) {
             // there's no instance running - we're done
@@ -139,4 +149,12 @@ export class WorkspaceService {
         }
         log.info(`Purged Workspace ${workspaceId} and all WorkspaceInstances for this workspace`, { workspaceId });
     }
+
+    private async doGetWorkspace(workspaceId: string): Promise<Workspace> {
+        const workspace = await this.db.findById(workspaceId);
+        if (!workspace || !!workspace.softDeleted || workspace.deleted) {
+            throw new ApplicationError(ErrorCodes.NOT_FOUND, "Workspace not found.");
+        }
+        return workspace;
+    }
 }