Prune old login records + Add debug flag for deployments

Author: EhabY

package.json

@@ -255,6 +255,12 @@
 				"title": "Search",
 				"category": "Coder",
 				"icon": "$(search)"
+			},
+			{
+				"command": "coder.debug.listDeployments",
+				"title": "List Stored Deployments",
+				"category": "Coder Debug",
+				"when": "coder.devMode"
 			}
 		],
 		"menus": {

src/core/container.ts

@@ -41,7 +41,7 @@ export class ServiceContainer implements vscode.Disposable {
 			this.logger,
 			this.pathResolver,
 		);
-		this.contextManager = new ContextManager();
+		this.contextManager = new ContextManager(context);
 		this.loginCoordinator = new LoginCoordinator(
 			this.secretsManager,
 			this.mementoManager,

src/core/contextManager.ts

@@ -5,17 +5,22 @@ const CONTEXT_DEFAULTS = {
 	"coder.isOwner": false,
 	"coder.loaded": false,
 	"coder.workspace.updatable": false,
+	"coder.devMode": false,
 } as const;
 
 type CoderContext = keyof typeof CONTEXT_DEFAULTS;
 
 export class ContextManager implements vscode.Disposable {
 	private readonly context = new Map<CoderContext, boolean>();
 
-	public constructor() {
-		(Object.keys(CONTEXT_DEFAULTS) as CoderContext[]).forEach((key) => {
+	public constructor(extensionContext: vscode.ExtensionContext) {
+		for (const key of Object.keys(CONTEXT_DEFAULTS) as CoderContext[]) {
 			this.set(key, CONTEXT_DEFAULTS[key]);
-		});
+		}
+		this.set(
+			"coder.devMode",
+			extensionContext.extensionMode === vscode.ExtensionMode.Development,
+		);
 	}
 
 	public set(key: CoderContext, value: boolean): void {

src/core/secretsManager.ts

@@ -13,10 +13,16 @@ const OAUTH_CLIENT_PREFIX = "coder.oauth.client.";
 const CURRENT_DEPLOYMENT_KEY = "coder.currentDeployment";
 const OAUTH_CALLBACK_KEY = "coder.oauthCallback";
 
-const KNOWN_LABELS_KEY = "coder.knownLabels";
+const DEPLOYMENT_USAGE_KEY = "coder.deploymentUsage";
+const DEFAULT_MAX_DEPLOYMENTS = 10;
 
 const LEGACY_SESSION_TOKEN_KEY = "sessionToken";
 
+export interface DeploymentUsage {
+	label: string;
+	lastAccessedAt: string;
+}
+
 export type StoredOAuthTokens = Omit<TokenResponse, "expires_in"> & {
 	expiry_timestamp: number;
 	deployment_url: string;
@@ -179,7 +185,7 @@ export class SecretsManager {
 			`${SESSION_KEY_PREFIX}${label}`,
 			JSON.stringify(auth),
 		);
-		await this.addKnownLabel(label);
+		await this.recordDeploymentAccess(label);
 	}
 
 	public async clearSessionAuth(label: string): Promise<void> {
@@ -208,7 +214,7 @@ export class SecretsManager {
 			`${OAUTH_TOKENS_PREFIX}${label}`,
 			JSON.stringify(tokens),
 		);
-		await this.addKnownLabel(label);
+		await this.recordDeploymentAccess(label);
 	}
 
 	public async clearOAuthTokens(label: string): Promise<void> {
@@ -237,7 +243,7 @@ export class SecretsManager {
 			`${OAUTH_CLIENT_PREFIX}${label}`,
 			JSON.stringify(registration),
 		);
-		await this.addKnownLabel(label);
+		await this.recordDeploymentAccess(label);
 	}
 
 	public async clearOAuthClientRegistration(label: string): Promise<void> {
@@ -252,42 +258,48 @@ export class SecretsManager {
 	}
 
 	/**
-	 * TODO currently it might be used wrong because we can be connected to a remote deployment
-	 * and we log out from the sidebar causing the session to be removed and the auto-refresh disabled.
-	 *
-	 * Potential solutions:
-	 * 1. Keep the last 10 auths and possibly remove entries not used in a while instead.
-	 * 	  We do not remove entries on logout!
-	 * 2. Show the user a warning that their remote deployment might be disconnected.
-	 *
-	 * Update all usages of this after arriving at a decision!
+	 * Record that a deployment was accessed, moving it to the front of the LRU list.
+	 * Prunes deployments beyond maxCount, clearing their auth data.
+	 */
+	public async recordDeploymentAccess(
+		label: string,
+		maxCount = DEFAULT_MAX_DEPLOYMENTS,
+	): Promise<void> {
+		const usage = this.getDeploymentUsage();
+		const filtered = usage.filter((u) => u.label !== label);
+		filtered.unshift({ label, lastAccessedAt: new Date().toISOString() });
+
+		const toKeep = filtered.slice(0, maxCount);
+		const toRemove = filtered.slice(maxCount);
+
+		await Promise.all(toRemove.map((u) => this.clearAllAuthData(u.label)));
+		await this.memento.update(DEPLOYMENT_USAGE_KEY, toKeep);
+	}
+
+	/**
+	 * Clear all auth data for a deployment and remove it from the usage list.
 	 */
 	public async clearAllAuthData(label: string): Promise<void> {
 		await Promise.all([
 			this.clearSessionAuth(label),
 			this.clearOAuthData(label),
 		]);
-		await this.removeKnownLabel(label);
+		const usage = this.getDeploymentUsage().filter((u) => u.label !== label);
+		await this.memento.update(DEPLOYMENT_USAGE_KEY, usage);
 	}
 
+	/**
+	 * Get all known deployment labels, ordered by most recently accessed.
+	 */
 	public getKnownLabels(): string[] {
-		return this.memento.get<string[]>(KNOWN_LABELS_KEY) ?? [];
+		return this.getDeploymentUsage().map((u) => u.label);
 	}
 
-	private async addKnownLabel(label: string): Promise<void> {
-		const labels = new Set(this.getKnownLabels());
-		if (!labels.has(label)) {
-			labels.add(label);
-			await this.memento.update(KNOWN_LABELS_KEY, Array.from(labels));
-		}
-	}
-
-	private async removeKnownLabel(label: string): Promise<void> {
-		const labels = new Set(this.getKnownLabels());
-		if (labels.has(label)) {
-			labels.delete(label);
-			await this.memento.update(KNOWN_LABELS_KEY, Array.from(labels));
-		}
+	/**
+	 * Get the full deployment usage list with access timestamps.
+	 */
+	private getDeploymentUsage(): DeploymentUsage[] {
+		return this.memento.get<DeploymentUsage[]>(DEPLOYMENT_USAGE_KEY) ?? [];
 	}
 
 	/**

src/extension.ts

@@ -319,6 +319,9 @@ export async function activate(ctx: vscode.ExtensionContext): Promise<void> {
 		vscode.commands.registerCommand("coder.searchAllWorkspaces", async () =>
 			showTreeViewSearch(ALL_WORKSPACES_TREE_ID),
 		),
+		vscode.commands.registerCommand("coder.debug.listDeployments", () =>
+			listStoredDeployments(secretsManager),
+		),
 	);
 
 	const remote = new Remote(serviceContainer, commands, ctx);
@@ -560,3 +563,25 @@ async function getToken(
 	}
 	return "";
 }
+
+async function listStoredDeployments(
+	secretsManager: SecretsManager,
+): Promise<void> {
+	const labels = secretsManager.getKnownLabels();
+	if (labels.length === 0) {
+		vscode.window.showInformationMessage("No deployments stored.");
+		return;
+	}
+
+	const selected = await vscode.window.showQuickPick(
+		labels.map((label) => ({ label, description: "Click to forget" })),
+		{ placeHolder: "Select a deployment to forget" },
+	);
+
+	if (selected) {
+		await secretsManager.clearAllAuthData(selected.label);
+		vscode.window.showInformationMessage(
+			`Cleared auth data for ${selected.label}`,
+		);
+	}
+}

test/unit/core/secretsManager.test.ts

@@ -97,6 +97,45 @@ describe("SecretsManager", () => {
 			await secretsManager.clearAllAuthData("example.com");
 			expect(secretsManager.getKnownLabels()).not.toContain("example.com");
 		});
+
+		it("should order labels by most recently accessed", async () => {
+			await secretsManager.setSessionAuth("first.com", {
+				url: "https://first.com",
+				token: "token1",
+			});
+			await secretsManager.setSessionAuth("second.com", {
+				url: "https://second.com",
+				token: "token2",
+			});
+			await secretsManager.setSessionAuth("first.com", {
+				url: "https://first.com",
+				token: "token1-updated",
+			});
+
+			expect(secretsManager.getKnownLabels()).toEqual([
+				"first.com",
+				"second.com",
+			]);
+		});
+
+		it("should prune old deployments when exceeding maxCount", async () => {
+			for (let i = 1; i <= 5; i++) {
+				await secretsManager.setSessionAuth(`host${i}.com`, {
+					url: `https://host${i}.com`,
+					token: `token${i}`,
+				});
+			}
+
+			await secretsManager.recordDeploymentAccess("new.com", 3);
+
+			expect(secretsManager.getKnownLabels()).toEqual([
+				"new.com",
+				"host5.com",
+				"host4.com",
+			]);
+			expect(await secretsManager.getSessionToken("host1.com")).toBeUndefined();
+			expect(await secretsManager.getSessionToken("host2.com")).toBeUndefined();
+		});
 	});
 
 	describe("current deployment", () => {