diff --git a/internal/api/admin_users.go b/internal/api/admin_users.go index 86bbb77b..550014f8 100644 --- a/internal/api/admin_users.go +++ b/internal/api/admin_users.go @@ -1,12 +1,10 @@ package api import ( - "encoding/json" "errors" "net/http" "time" - "github.com/go-chi/chi/v5" "github.com/jackc/pgerrcode" "github.com/jackc/pgx/v5" "github.com/jackc/pgx/v5/pgconn" @@ -58,19 +56,16 @@ type updateUserAdminReq struct { } func (h *handlers) handleUpdateUserAdmin(w http.ResponseWriter, r *http.Request) { - caller, ok := auth.UserFromContext(r.Context()) + caller, ok := requireUser(w, r) if !ok { - writeErr(w, apierror.Unauthorized("auth_required", "")) return } - targetID, ok := parseUUID(chi.URLParam(r, "id")) + targetID, ok := requireURLUUID(w, r, "id") if !ok { - writeErr(w, apierror.BadRequest("invalid_id", "")) return } var req updateUserAdminReq - if err := json.NewDecoder(r.Body).Decode(&req); err != nil { - writeErr(w, apierror.BadRequest("invalid_body", "")) + if !decodeBody(w, r, &req) { return } @@ -139,14 +134,12 @@ type adminCreateUserReq struct { } func (h *handlers) handleAdminCreateUser(w http.ResponseWriter, r *http.Request) { - caller, ok := auth.UserFromContext(r.Context()) + caller, ok := requireUser(w, r) if !ok { - writeErr(w, apierror.Unauthorized("auth_required", "")) return } var req adminCreateUserReq - if err := json.NewDecoder(r.Body).Decode(&req); err != nil { - writeErr(w, apierror.BadRequest("invalid_body", "")) + if !decodeBody(w, r, &req) { return } if !usernameRe.MatchString(req.Username) { @@ -203,9 +196,8 @@ func (h *handlers) handleAdminCreateUser(w http.ResponseWriter, r *http.Request) // --- Admin user delete ----------------------------------------------------- func (h *handlers) handleAdminDeleteUser(w http.ResponseWriter, r *http.Request) { - caller, ok := auth.UserFromContext(r.Context()) + caller, ok := requireUser(w, r) if !ok { - writeErr(w, apierror.Unauthorized("auth_required", "")) return } @@ -248,19 +240,16 @@ type adminResetPasswordReq struct { } func (h *handlers) handleAdminResetPassword(w http.ResponseWriter, r *http.Request) { - caller, ok := auth.UserFromContext(r.Context()) + caller, ok := requireUser(w, r) if !ok { - writeErr(w, apierror.Unauthorized("auth_required", "")) return } - targetID, ok := parseUUID(chi.URLParam(r, "id")) + targetID, ok := requireURLUUID(w, r, "id") if !ok { - writeErr(w, apierror.BadRequest("invalid_id", "")) return } var req adminResetPasswordReq - if err := json.NewDecoder(r.Body).Decode(&req); err != nil { - writeErr(w, apierror.BadRequest("invalid_body", "")) + if !decodeBody(w, r, &req) { return } if len(req.Password) < minPasswordLength { @@ -304,19 +293,16 @@ type adminAutoApproveReq struct { } func (h *handlers) handleAdminAutoApproveToggle(w http.ResponseWriter, r *http.Request) { - caller, ok := auth.UserFromContext(r.Context()) + caller, ok := requireUser(w, r) if !ok { - writeErr(w, apierror.Unauthorized("auth_required", "")) return } - targetID, ok := parseUUID(chi.URLParam(r, "id")) + targetID, ok := requireURLUUID(w, r, "id") if !ok { - writeErr(w, apierror.BadRequest("invalid_id", "")) return } var req adminAutoApproveReq - if err := json.NewDecoder(r.Body).Decode(&req); err != nil { - writeErr(w, apierror.BadRequest("invalid_body", "")) + if !decodeBody(w, r, &req) { return } diff --git a/internal/api/prelude.go b/internal/api/prelude.go new file mode 100644 index 00000000..6c6f6fce --- /dev/null +++ b/internal/api/prelude.go @@ -0,0 +1,50 @@ +package api + +import ( + "encoding/json" + "net/http" + + "github.com/go-chi/chi/v5" + "github.com/jackc/pgx/v5/pgtype" + + "git.fabledsword.com/bvandeusen/minstrel/internal/apierror" + "git.fabledsword.com/bvandeusen/minstrel/internal/auth" + "git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq" +) + +// requireUser returns the authenticated user from request context. On +// missing context, writes a 401 envelope and returns ok=false; the +// caller MUST return immediately on ok=false. Defensive belt against +// middleware bypass — handlers using this don't need a separate check. +func requireUser(w http.ResponseWriter, r *http.Request) (dbq.User, bool) { + user, ok := auth.UserFromContext(r.Context()) + if !ok { + writeErr(w, apierror.Unauthorized("auth_required", "")) + return dbq.User{}, false + } + return user, true +} + +// requireURLUUID parses the chi URL parameter named key as a UUID. On +// invalid input, writes a 400 envelope and returns ok=false; the caller +// MUST return immediately on ok=false. +func requireURLUUID(w http.ResponseWriter, r *http.Request, key string) (pgtype.UUID, bool) { + id, ok := parseUUID(chi.URLParam(r, key)) + if !ok { + writeErr(w, apierror.BadRequest("invalid_id", "")) + return id, false + } + return id, true +} + +// decodeBody decodes the request body as JSON into out. On decode +// failure, writes a 400 envelope and returns false; the caller MUST +// return immediately on false. Out parameter pattern (rather than +// returning T) keeps the type explicit at the call site. +func decodeBody[T any](w http.ResponseWriter, r *http.Request, out *T) bool { + if err := json.NewDecoder(r.Body).Decode(out); err != nil { + writeErr(w, apierror.BadRequest("invalid_body", "")) + return false + } + return true +}