refactor(server/api): prelude helpers (requireUser/requireURLUUID/decodeBody); migrate admin_users.go (A2 1/N)
This commit is contained in:
+12
-26
@@ -1,12 +1,10 @@
|
||||
package api
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"github.com/go-chi/chi/v5"
|
||||
"github.com/jackc/pgerrcode"
|
||||
"github.com/jackc/pgx/v5"
|
||||
"github.com/jackc/pgx/v5/pgconn"
|
||||
@@ -58,19 +56,16 @@ type updateUserAdminReq struct {
|
||||
}
|
||||
|
||||
func (h *handlers) handleUpdateUserAdmin(w http.ResponseWriter, r *http.Request) {
|
||||
caller, ok := auth.UserFromContext(r.Context())
|
||||
caller, ok := requireUser(w, r)
|
||||
if !ok {
|
||||
writeErr(w, apierror.Unauthorized("auth_required", ""))
|
||||
return
|
||||
}
|
||||
targetID, ok := parseUUID(chi.URLParam(r, "id"))
|
||||
targetID, ok := requireURLUUID(w, r, "id")
|
||||
if !ok {
|
||||
writeErr(w, apierror.BadRequest("invalid_id", ""))
|
||||
return
|
||||
}
|
||||
var req updateUserAdminReq
|
||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||
writeErr(w, apierror.BadRequest("invalid_body", ""))
|
||||
if !decodeBody(w, r, &req) {
|
||||
return
|
||||
}
|
||||
|
||||
@@ -139,14 +134,12 @@ type adminCreateUserReq struct {
|
||||
}
|
||||
|
||||
func (h *handlers) handleAdminCreateUser(w http.ResponseWriter, r *http.Request) {
|
||||
caller, ok := auth.UserFromContext(r.Context())
|
||||
caller, ok := requireUser(w, r)
|
||||
if !ok {
|
||||
writeErr(w, apierror.Unauthorized("auth_required", ""))
|
||||
return
|
||||
}
|
||||
var req adminCreateUserReq
|
||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||
writeErr(w, apierror.BadRequest("invalid_body", ""))
|
||||
if !decodeBody(w, r, &req) {
|
||||
return
|
||||
}
|
||||
if !usernameRe.MatchString(req.Username) {
|
||||
@@ -203,9 +196,8 @@ func (h *handlers) handleAdminCreateUser(w http.ResponseWriter, r *http.Request)
|
||||
// --- Admin user delete -----------------------------------------------------
|
||||
|
||||
func (h *handlers) handleAdminDeleteUser(w http.ResponseWriter, r *http.Request) {
|
||||
caller, ok := auth.UserFromContext(r.Context())
|
||||
caller, ok := requireUser(w, r)
|
||||
if !ok {
|
||||
writeErr(w, apierror.Unauthorized("auth_required", ""))
|
||||
return
|
||||
}
|
||||
|
||||
@@ -248,19 +240,16 @@ type adminResetPasswordReq struct {
|
||||
}
|
||||
|
||||
func (h *handlers) handleAdminResetPassword(w http.ResponseWriter, r *http.Request) {
|
||||
caller, ok := auth.UserFromContext(r.Context())
|
||||
caller, ok := requireUser(w, r)
|
||||
if !ok {
|
||||
writeErr(w, apierror.Unauthorized("auth_required", ""))
|
||||
return
|
||||
}
|
||||
targetID, ok := parseUUID(chi.URLParam(r, "id"))
|
||||
targetID, ok := requireURLUUID(w, r, "id")
|
||||
if !ok {
|
||||
writeErr(w, apierror.BadRequest("invalid_id", ""))
|
||||
return
|
||||
}
|
||||
var req adminResetPasswordReq
|
||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||
writeErr(w, apierror.BadRequest("invalid_body", ""))
|
||||
if !decodeBody(w, r, &req) {
|
||||
return
|
||||
}
|
||||
if len(req.Password) < minPasswordLength {
|
||||
@@ -304,19 +293,16 @@ type adminAutoApproveReq struct {
|
||||
}
|
||||
|
||||
func (h *handlers) handleAdminAutoApproveToggle(w http.ResponseWriter, r *http.Request) {
|
||||
caller, ok := auth.UserFromContext(r.Context())
|
||||
caller, ok := requireUser(w, r)
|
||||
if !ok {
|
||||
writeErr(w, apierror.Unauthorized("auth_required", ""))
|
||||
return
|
||||
}
|
||||
targetID, ok := parseUUID(chi.URLParam(r, "id"))
|
||||
targetID, ok := requireURLUUID(w, r, "id")
|
||||
if !ok {
|
||||
writeErr(w, apierror.BadRequest("invalid_id", ""))
|
||||
return
|
||||
}
|
||||
var req adminAutoApproveReq
|
||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||
writeErr(w, apierror.BadRequest("invalid_body", ""))
|
||||
if !decodeBody(w, r, &req) {
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,50 @@
|
||||
package api
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
|
||||
"github.com/go-chi/chi/v5"
|
||||
"github.com/jackc/pgx/v5/pgtype"
|
||||
|
||||
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
|
||||
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
|
||||
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
||||
)
|
||||
|
||||
// requireUser returns the authenticated user from request context. On
|
||||
// missing context, writes a 401 envelope and returns ok=false; the
|
||||
// caller MUST return immediately on ok=false. Defensive belt against
|
||||
// middleware bypass — handlers using this don't need a separate check.
|
||||
func requireUser(w http.ResponseWriter, r *http.Request) (dbq.User, bool) {
|
||||
user, ok := auth.UserFromContext(r.Context())
|
||||
if !ok {
|
||||
writeErr(w, apierror.Unauthorized("auth_required", ""))
|
||||
return dbq.User{}, false
|
||||
}
|
||||
return user, true
|
||||
}
|
||||
|
||||
// requireURLUUID parses the chi URL parameter named key as a UUID. On
|
||||
// invalid input, writes a 400 envelope and returns ok=false; the caller
|
||||
// MUST return immediately on ok=false.
|
||||
func requireURLUUID(w http.ResponseWriter, r *http.Request, key string) (pgtype.UUID, bool) {
|
||||
id, ok := parseUUID(chi.URLParam(r, key))
|
||||
if !ok {
|
||||
writeErr(w, apierror.BadRequest("invalid_id", ""))
|
||||
return id, false
|
||||
}
|
||||
return id, true
|
||||
}
|
||||
|
||||
// decodeBody decodes the request body as JSON into out. On decode
|
||||
// failure, writes a 400 envelope and returns false; the caller MUST
|
||||
// return immediately on false. Out parameter pattern (rather than
|
||||
// returning T) keeps the type explicit at the call site.
|
||||
func decodeBody[T any](w http.ResponseWriter, r *http.Request, out *T) bool {
|
||||
if err := json.NewDecoder(r.Body).Decode(out); err != nil {
|
||||
writeErr(w, apierror.BadRequest("invalid_body", ""))
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
Reference in New Issue
Block a user