diff --git a/internal/api/admin_invites.go b/internal/api/admin_invites.go index 555ab2dd..c9fd3fd4 100644 --- a/internal/api/admin_invites.go +++ b/internal/api/admin_invites.go @@ -57,9 +57,8 @@ type createInviteReq struct { } func (h *handlers) handleCreateInvite(w http.ResponseWriter, r *http.Request) { - user, ok := auth.UserFromContext(r.Context()) + user, ok := requireUser(w, r) if !ok { - writeErr(w, apierror.Unauthorized("auth_required", "")) return } var req createInviteReq @@ -100,9 +99,8 @@ func (h *handlers) handleCreateInvite(w http.ResponseWriter, r *http.Request) { } func (h *handlers) handleDeleteInvite(w http.ResponseWriter, r *http.Request) { - user, ok := auth.UserFromContext(r.Context()) + user, ok := requireUser(w, r) if !ok { - writeErr(w, apierror.Unauthorized("auth_required", "")) return } token := chi.URLParam(r, "token") diff --git a/internal/api/listenbrainz.go b/internal/api/listenbrainz.go index 9e474ea1..571b5a71 100644 --- a/internal/api/listenbrainz.go +++ b/internal/api/listenbrainz.go @@ -2,7 +2,6 @@ package api import ( "context" - "encoding/json" "errors" "net/http" "time" @@ -11,7 +10,6 @@ import ( "github.com/jackc/pgx/v5/pgtype" "git.fabledsword.com/bvandeusen/minstrel/internal/apierror" - "git.fabledsword.com/bvandeusen/minstrel/internal/auth" "git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq" ) @@ -25,9 +23,8 @@ type LBStatus struct { } func (h *handlers) handleGetListenBrainz(w http.ResponseWriter, r *http.Request) { - user, ok := auth.UserFromContext(r.Context()) + user, ok := requireUser(w, r) if !ok { - writeErr(w, apierror.ErrUnauthorized) return } resp, err := h.buildLBStatus(r.Context(), user.ID) @@ -45,14 +42,12 @@ type putLBBody struct { } func (h *handlers) handlePutListenBrainz(w http.ResponseWriter, r *http.Request) { - user, ok := auth.UserFromContext(r.Context()) + user, ok := requireUser(w, r) if !ok { - writeErr(w, apierror.ErrUnauthorized) return } var body putLBBody - if err := json.NewDecoder(r.Body).Decode(&body); err != nil { - writeErr(w, apierror.BadRequest("bad_request", "invalid json")) + if !decodeBody(w, r, &body) { return } diff --git a/internal/api/me_token.go b/internal/api/me_token.go index f596bf4f..a9ddf1d4 100644 --- a/internal/api/me_token.go +++ b/internal/api/me_token.go @@ -15,9 +15,8 @@ type apiTokenResp struct { // handleGetMyAPIToken implements GET /api/me/api-token. func (h *handlers) handleGetMyAPIToken(w http.ResponseWriter, r *http.Request) { - user, ok := auth.UserFromContext(r.Context()) + user, ok := requireUser(w, r) if !ok { - writeErr(w, apierror.Unauthorized("auth_required", "")) return } q := dbq.New(h.pool) @@ -32,9 +31,8 @@ func (h *handlers) handleGetMyAPIToken(w http.ResponseWriter, r *http.Request) { // handleRegenerateMyAPIToken implements POST /api/me/api-token. func (h *handlers) handleRegenerateMyAPIToken(w http.ResponseWriter, r *http.Request) { - user, ok := auth.UserFromContext(r.Context()) + user, ok := requireUser(w, r) if !ok { - writeErr(w, apierror.Unauthorized("auth_required", "")) return } newToken, err := auth.MintSessionToken() diff --git a/internal/api/quarantine.go b/internal/api/quarantine.go index 73fa8713..fe2eacd9 100644 --- a/internal/api/quarantine.go +++ b/internal/api/quarantine.go @@ -1,15 +1,12 @@ package api import ( - "encoding/json" "errors" "net/http" - "github.com/go-chi/chi/v5" "github.com/jackc/pgx/v5/pgtype" "git.fabledsword.com/bvandeusen/minstrel/internal/apierror" - "git.fabledsword.com/bvandeusen/minstrel/internal/auth" "git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq" "git.fabledsword.com/bvandeusen/minstrel/internal/lidarrquarantine" ) @@ -44,14 +41,12 @@ type flagBody struct { // handleFlag implements POST /api/quarantine. Upserts via Service.Flag. func (h *handlers) handleFlag(w http.ResponseWriter, r *http.Request) { - user, ok := auth.UserFromContext(r.Context()) + user, ok := requireUser(w, r) if !ok { - writeErr(w, apierror.ErrUnauthorized) return } var body flagBody - if err := json.NewDecoder(r.Body).Decode(&body); err != nil { - writeErr(w, apierror.BadRequest("bad_request", "invalid JSON body")) + if !decodeBody(w, r, &body) { return } trackID, ok := parseUUID(body.TrackID) @@ -77,14 +72,12 @@ func (h *handlers) handleFlag(w http.ResponseWriter, r *http.Request) { // handleUnflag implements DELETE /api/quarantine/{track_id}. func (h *handlers) handleUnflag(w http.ResponseWriter, r *http.Request) { - user, ok := auth.UserFromContext(r.Context()) + user, ok := requireUser(w, r) if !ok { - writeErr(w, apierror.ErrUnauthorized) return } - id, ok := parseUUID(chi.URLParam(r, "track_id")) + id, ok := requireURLUUID(w, r, "track_id") if !ok { - writeErr(w, apierror.BadRequest("bad_request", "invalid track id")) return } if err := h.lidarrQuarantine.Unflag(r.Context(), user.ID, id); err != nil { @@ -118,9 +111,8 @@ type quarantineMineView struct { // handleListMyQuarantine implements GET /api/quarantine/mine. Returns the // caller's quarantines with track/album/artist detail. func (h *handlers) handleListMyQuarantine(w http.ResponseWriter, r *http.Request) { - user, ok := auth.UserFromContext(r.Context()) + user, ok := requireUser(w, r) if !ok { - writeErr(w, apierror.ErrUnauthorized) return } rows, err := h.lidarrQuarantine.ListMine(r.Context(), user.ID) diff --git a/internal/api/requests.go b/internal/api/requests.go index cdc76a3d..787ae252 100644 --- a/internal/api/requests.go +++ b/internal/api/requests.go @@ -2,15 +2,12 @@ package api import ( "context" - "encoding/json" "errors" "net/http" - "github.com/go-chi/chi/v5" "github.com/jackc/pgx/v5/pgtype" "git.fabledsword.com/bvandeusen/minstrel/internal/apierror" - "git.fabledsword.com/bvandeusen/minstrel/internal/auth" "git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq" "git.fabledsword.com/bvandeusen/minstrel/internal/lidarrrequests" ) @@ -123,15 +120,13 @@ type createRequestBody struct { // handleCreateRequest implements POST /api/requests. func (h *handlers) handleCreateRequest(w http.ResponseWriter, r *http.Request) { - user, ok := auth.UserFromContext(r.Context()) + user, ok := requireUser(w, r) if !ok { - writeErr(w, apierror.ErrUnauthorized) return } var body createRequestBody - if err := json.NewDecoder(r.Body).Decode(&body); err != nil { - writeErr(w, apierror.BadRequest("bad_request", "invalid JSON body")) + if !decodeBody(w, r, &body) { return } @@ -185,9 +180,8 @@ func (h *handlers) handleCreateRequest(w http.ResponseWriter, r *http.Request) { // handleListRequests implements GET /api/requests — returns caller's own requests. func (h *handlers) handleListRequests(w http.ResponseWriter, r *http.Request) { - user, ok := auth.UserFromContext(r.Context()) + user, ok := requireUser(w, r) if !ok { - writeErr(w, apierror.ErrUnauthorized) return } @@ -211,9 +205,8 @@ func (h *handlers) handleListRequests(w http.ResponseWriter, r *http.Request) { // handleGetRequest implements GET /api/requests/:id. // The caller must own the request, or be an admin. func (h *handlers) handleGetRequest(w http.ResponseWriter, r *http.Request) { - user, ok := auth.UserFromContext(r.Context()) + user, ok := requireUser(w, r) if !ok { - writeErr(w, apierror.ErrUnauthorized) return } @@ -237,15 +230,13 @@ func (h *handlers) handleGetRequest(w http.ResponseWriter, r *http.Request) { // handleCancelRequest implements DELETE /api/requests/:id. // Cancels the caller's own pending request. func (h *handlers) handleCancelRequest(w http.ResponseWriter, r *http.Request) { - user, ok := auth.UserFromContext(r.Context()) + user, ok := requireUser(w, r) if !ok { - writeErr(w, apierror.ErrUnauthorized) return } - id, ok := parseUUID(chi.URLParam(r, "id")) + id, ok := requireURLUUID(w, r, "id") if !ok { - writeErr(w, apierror.BadRequest("bad_request", "invalid request id")) return }