refactor(server/api): migrate auth/me handlers to writeErr(err) (T3a)

This commit is contained in:
2026-05-07 20:25:26 -04:00
parent 58766dbebe
commit e382b0d718
9 changed files with 66 additions and 56 deletions
+8 -7
View File
@@ -9,6 +9,7 @@ import (
"github.com/jackc/pgx/v5"
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
)
@@ -61,11 +62,11 @@ func sessionTokenFromHTTP(r *http.Request) string {
func (h *handlers) handleLogin(w http.ResponseWriter, r *http.Request) {
var req LoginRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
writeErr(w, http.StatusBadRequest, "bad_request", "invalid JSON body")
writeErr(w, apierror.BadRequest("bad_request", "invalid JSON body"))
return
}
if req.Username == "" || req.Password == "" {
writeErr(w, http.StatusBadRequest, "bad_request", "username and password required")
writeErr(w, apierror.BadRequest("bad_request", "username and password required"))
return
}
@@ -73,22 +74,22 @@ func (h *handlers) handleLogin(w http.ResponseWriter, r *http.Request) {
user, err := q.GetUserByUsername(r.Context(), req.Username)
if err != nil {
if errors.Is(err, pgx.ErrNoRows) {
writeErr(w, http.StatusUnauthorized, "invalid_credentials", "invalid username or password")
writeErr(w, apierror.Unauthorized("invalid_credentials", "invalid username or password"))
return
}
h.logger.Error("api: user lookup failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "lookup failed")
writeErr(w, apierror.InternalMsg("lookup failed", err))
return
}
if !auth.VerifyPassword(user.PasswordHash, req.Password) {
writeErr(w, http.StatusUnauthorized, "invalid_credentials", "invalid username or password")
writeErr(w, apierror.Unauthorized("invalid_credentials", "invalid username or password"))
return
}
token, err := auth.MintSessionToken()
if err != nil {
h.logger.Error("api: mint session token failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "mint failed")
writeErr(w, apierror.InternalMsg("mint failed", err))
return
}
if _, err := q.InsertSession(r.Context(), dbq.InsertSessionParams{
@@ -97,7 +98,7 @@ func (h *handlers) handleLogin(w http.ResponseWriter, r *http.Request) {
UserAgent: r.UserAgent(),
}); err != nil {
h.logger.Error("api: insert session failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "insert failed")
writeErr(w, apierror.InternalMsg("insert failed", err))
return
}
+16 -15
View File
@@ -12,6 +12,7 @@ import (
"github.com/jackc/pgx/v5/pgconn"
"golang.org/x/crypto/bcrypt"
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
"git.fabledsword.com/bvandeusen/minstrel/internal/audit"
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
@@ -56,15 +57,15 @@ type registerReq struct {
func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
var req registerReq
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
writeErr(w, http.StatusBadRequest, "invalid_body", "invalid JSON body")
writeErr(w, apierror.BadRequest("invalid_body", "invalid JSON body"))
return
}
if !usernameRe.MatchString(req.Username) {
writeErr(w, http.StatusBadRequest, "username_invalid", "username must be 3-32 chars, alphanumeric + underscore + hyphen")
writeErr(w, apierror.BadRequest("username_invalid", "username must be 3-32 chars, alphanumeric + underscore + hyphen"))
return
}
if len(req.Password) < minPasswordLength {
writeErr(w, http.StatusBadRequest, "password_too_short", "password must be at least 8 chars")
writeErr(w, apierror.BadRequest("password_too_short", "password must be at least 8 chars"))
return
}
@@ -74,7 +75,7 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
userCount, err := q.CountUsers(r.Context())
if err != nil {
h.logger.Error("register: count users failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}
@@ -84,12 +85,12 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
mode, err := q.GetRegistrationMode(r.Context())
if err != nil {
h.logger.Error("register: get mode failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}
if mode == "invite_only" {
if req.InviteToken == "" {
writeErr(w, http.StatusBadRequest, "invite_required", "an invite token is required to register")
writeErr(w, apierror.BadRequest("invite_required", "an invite token is required to register"))
return
}
// Pre-validate existence + non-redeemed + non-expired so we fail
@@ -97,15 +98,15 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
invite, ierr := q.GetInviteByToken(r.Context(), req.InviteToken)
if ierr != nil {
if errors.Is(ierr, pgx.ErrNoRows) {
writeErr(w, http.StatusBadRequest, "invite_invalid", "invite token not found")
writeErr(w, apierror.BadRequest("invite_invalid", "invite token not found"))
return
}
h.logger.Error("register: get invite failed", "err", ierr)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(ierr))
return
}
if invite.RedeemedAt.Valid || invite.ExpiresAt.Time.Before(time.Now()) {
writeErr(w, http.StatusBadRequest, "invite_invalid", "invite token is expired or already redeemed")
writeErr(w, apierror.BadRequest("invite_invalid", "invite token is expired or already redeemed"))
return
}
usedInviteToken = req.InviteToken
@@ -116,7 +117,7 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
hash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
if err != nil {
h.logger.Error("register: hash password failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}
@@ -124,7 +125,7 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
apiToken, err := auth.MintSessionToken()
if err != nil {
h.logger.Error("register: mint api_token failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}
@@ -138,11 +139,11 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
if err != nil {
var pgErr *pgconn.PgError
if errors.As(err, &pgErr) && pgErr.Code == pgerrcode.UniqueViolation {
writeErr(w, http.StatusConflict, "username_taken", "username is already taken")
writeErr(w, apierror.Conflict("username_taken", "username is already taken"))
return
}
h.logger.Error("register: create user failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}
@@ -167,7 +168,7 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
sessionToken, err := auth.MintSessionToken()
if err != nil {
h.logger.Error("register: mint session failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}
if _, err := q.InsertSession(r.Context(), dbq.InsertSessionParams{
@@ -176,7 +177,7 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
UserAgent: r.UserAgent(),
}); err != nil {
h.logger.Error("register: insert session failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}
http.SetCookie(w, &http.Cookie{
+10 -9
View File
@@ -8,6 +8,7 @@ import (
"github.com/jackc/pgx/v5"
"golang.org/x/crypto/bcrypt"
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
"git.fabledsword.com/bvandeusen/minstrel/internal/audit"
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
)
@@ -29,15 +30,15 @@ type resetPasswordReq struct {
func (h *handlers) handleResetPassword(w http.ResponseWriter, r *http.Request) {
var req resetPasswordReq
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
writeErr(w, http.StatusBadRequest, "invalid_body", "")
writeErr(w, apierror.BadRequest("invalid_body", ""))
return
}
if len(req.NewPassword) < minPasswordLength {
writeErr(w, http.StatusBadRequest, "password_too_short", "password must be at least 8 chars")
writeErr(w, apierror.BadRequest("password_too_short", "password must be at least 8 chars"))
return
}
if req.Token == "" {
writeErr(w, http.StatusBadRequest, "invalid_token", "")
writeErr(w, apierror.BadRequest("invalid_token", ""))
return
}
@@ -49,11 +50,11 @@ func (h *handlers) handleResetPassword(w http.ResponseWriter, r *http.Request) {
reset, err := q.GetPasswordReset(r.Context(), req.Token)
if err != nil {
if errors.Is(err, pgx.ErrNoRows) {
writeErr(w, http.StatusBadRequest, "invalid_token", "")
writeErr(w, apierror.BadRequest("invalid_token", ""))
return
}
h.logger.Error("reset password: lookup failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}
@@ -64,11 +65,11 @@ func (h *handlers) handleResetPassword(w http.ResponseWriter, r *http.Request) {
rows, err := q.UsePasswordReset(r.Context(), req.Token)
if err != nil {
h.logger.Error("reset password: use token failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}
if rows == 0 {
writeErr(w, http.StatusBadRequest, "invalid_token", "")
writeErr(w, apierror.BadRequest("invalid_token", ""))
return
}
@@ -79,7 +80,7 @@ func (h *handlers) handleResetPassword(w http.ResponseWriter, r *http.Request) {
hash, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), bcrypt.DefaultCost)
if err != nil {
h.logger.Error("reset password: hash failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}
if err := q.ChangeUserPassword(r.Context(), dbq.ChangeUserPasswordParams{
@@ -87,7 +88,7 @@ func (h *handlers) handleResetPassword(w http.ResponseWriter, r *http.Request) {
PasswordHash: string(hash),
}); err != nil {
h.logger.Error("reset password: update failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}
+3 -1
View File
@@ -2,8 +2,10 @@ package api
import (
"encoding/json"
"errors"
"net/http"
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
)
@@ -13,7 +15,7 @@ func (h *handlers) handleGetMe(w http.ResponseWriter, r *http.Request) {
// Hitting /me without RequireUser in front of it is a routing bug;
// it can't happen in real traffic.
h.logger.Error("api: /me reached without authenticated user")
writeErr(w, http.StatusInternalServerError, "server_error", "missing auth context")
writeErr(w, apierror.InternalMsg("missing auth context", errors.New("missing auth context")))
return
}
w.Header().Set("Content-Type", "application/json")
+4 -3
View File
@@ -4,6 +4,7 @@ import (
"encoding/json"
"net/http"
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
)
@@ -16,13 +17,13 @@ import (
func (h *handlers) handleGetMyHistory(w http.ResponseWriter, r *http.Request) {
user, ok := auth.UserFromContext(r.Context())
if !ok {
writeErr(w, http.StatusUnauthorized, "unauthorized", "authentication required")
writeErr(w, apierror.ErrUnauthorized)
return
}
limit, offset, perr := parsePaging(r.URL.Query())
if perr != nil {
writeErr(w, http.StatusBadRequest, "bad_paging", "invalid limit or offset")
writeErr(w, apierror.BadRequest("bad_paging", "invalid limit or offset"))
return
}
@@ -33,7 +34,7 @@ func (h *handlers) handleGetMyHistory(w http.ResponseWriter, r *http.Request) {
})
if err != nil {
h.logger.Error("api: list user history", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "failed to load history")
writeErr(w, apierror.InternalMsg("failed to load history", err))
return
}
+8 -7
View File
@@ -6,6 +6,7 @@ import (
"golang.org/x/crypto/bcrypt"
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
"git.fabledsword.com/bvandeusen/minstrel/internal/audit"
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
@@ -22,16 +23,16 @@ type changePasswordReq struct {
func (h *handlers) handleChangePassword(w http.ResponseWriter, r *http.Request) {
user, ok := auth.UserFromContext(r.Context())
if !ok {
writeErr(w, http.StatusUnauthorized, "auth_required", "")
writeErr(w, apierror.Unauthorized("auth_required", ""))
return
}
var req changePasswordReq
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
writeErr(w, http.StatusBadRequest, "invalid_body", "")
writeErr(w, apierror.BadRequest("invalid_body", ""))
return
}
if len(req.NewPassword) < minPasswordLength {
writeErr(w, http.StatusBadRequest, "password_too_short", "password must be at least 8 chars")
writeErr(w, apierror.BadRequest("password_too_short", "password must be at least 8 chars"))
return
}
@@ -39,18 +40,18 @@ func (h *handlers) handleChangePassword(w http.ResponseWriter, r *http.Request)
current, err := q.GetUserByID(r.Context(), user.ID)
if err != nil {
h.logger.Error("change password: lookup failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}
if err := bcrypt.CompareHashAndPassword([]byte(current.PasswordHash), []byte(req.CurrentPassword)); err != nil {
writeErr(w, http.StatusUnauthorized, "wrong_password", "")
writeErr(w, apierror.Unauthorized("wrong_password", ""))
return
}
hash, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), bcrypt.DefaultCost)
if err != nil {
h.logger.Error("change password: hash failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}
if err := q.ChangeUserPassword(r.Context(), dbq.ChangeUserPasswordParams{
@@ -58,7 +59,7 @@ func (h *handlers) handleChangePassword(w http.ResponseWriter, r *http.Request)
PasswordHash: string(hash),
}); err != nil {
h.logger.Error("change password: update failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}
+8 -7
View File
@@ -10,6 +10,7 @@ import (
"github.com/jackc/pgerrcode"
"github.com/jackc/pgx/v5/pgconn"
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
)
@@ -40,12 +41,12 @@ type meProfileResp struct {
func (h *handlers) handleUpdateMyProfile(w http.ResponseWriter, r *http.Request) {
user, ok := auth.UserFromContext(r.Context())
if !ok {
writeErr(w, http.StatusUnauthorized, "auth_required", "")
writeErr(w, apierror.Unauthorized("auth_required", ""))
return
}
var req updateProfileReq
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
writeErr(w, http.StatusBadRequest, "invalid_body", "")
writeErr(w, apierror.BadRequest("invalid_body", ""))
return
}
@@ -65,7 +66,7 @@ func (h *handlers) handleUpdateMyProfile(w http.ResponseWriter, r *http.Request)
email = nil
} else {
if !emailRe.MatchString(s) {
writeErr(w, http.StatusBadRequest, "email_invalid", "")
writeErr(w, apierror.BadRequest("email_invalid", ""))
return
}
email = &s
@@ -78,7 +79,7 @@ func (h *handlers) handleUpdateMyProfile(w http.ResponseWriter, r *http.Request)
current, err := q.GetUserByID(r.Context(), user.ID)
if err != nil {
h.logger.Error("update profile: lookup failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}
writeJSON(w, http.StatusOK, profileViewFromUser(current))
@@ -90,7 +91,7 @@ func (h *handlers) handleUpdateMyProfile(w http.ResponseWriter, r *http.Request)
current, err := q.GetUserByID(r.Context(), user.ID)
if err != nil {
h.logger.Error("update profile: lookup failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}
if req.DisplayName == nil {
@@ -108,11 +109,11 @@ func (h *handlers) handleUpdateMyProfile(w http.ResponseWriter, r *http.Request)
if err != nil {
var pgErr *pgconn.PgError
if errors.As(err, &pgErr) && pgErr.Code == pgerrcode.UniqueViolation {
writeErr(w, http.StatusConflict, "email_taken", "")
writeErr(w, apierror.Conflict("email_taken", ""))
return
}
h.logger.Error("update profile: update failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}
+3 -2
View File
@@ -6,6 +6,7 @@ import (
"github.com/jackc/pgx/v5"
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
)
@@ -25,7 +26,7 @@ type systemPlaylistsStatusResp struct {
func (h *handlers) handleGetSystemPlaylistsStatus(w http.ResponseWriter, r *http.Request) {
caller, ok := auth.UserFromContext(r.Context())
if !ok {
writeErr(w, http.StatusUnauthorized, "unauthenticated", "no session")
writeErr(w, apierror.Unauthorized("unauthenticated", "no session"))
return
}
@@ -36,7 +37,7 @@ func (h *handlers) handleGetSystemPlaylistsStatus(w http.ResponseWriter, r *http
return
}
h.logger.Error("api: get system playlists status", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "lookup failed")
writeErr(w, apierror.InternalMsg("lookup failed", err))
return
}
+6 -5
View File
@@ -3,6 +3,7 @@ package api
import (
"net/http"
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
"git.fabledsword.com/bvandeusen/minstrel/internal/audit"
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
@@ -16,14 +17,14 @@ type apiTokenResp struct {
func (h *handlers) handleGetMyAPIToken(w http.ResponseWriter, r *http.Request) {
user, ok := auth.UserFromContext(r.Context())
if !ok {
writeErr(w, http.StatusUnauthorized, "auth_required", "")
writeErr(w, apierror.Unauthorized("auth_required", ""))
return
}
q := dbq.New(h.pool)
current, err := q.GetUserByID(r.Context(), user.ID)
if err != nil {
h.logger.Error("get api token: lookup failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}
writeJSON(w, http.StatusOK, apiTokenResp{APIToken: current.ApiToken})
@@ -33,13 +34,13 @@ func (h *handlers) handleGetMyAPIToken(w http.ResponseWriter, r *http.Request) {
func (h *handlers) handleRegenerateMyAPIToken(w http.ResponseWriter, r *http.Request) {
user, ok := auth.UserFromContext(r.Context())
if !ok {
writeErr(w, http.StatusUnauthorized, "auth_required", "")
writeErr(w, apierror.Unauthorized("auth_required", ""))
return
}
newToken, err := auth.MintSessionToken()
if err != nil {
h.logger.Error("regenerate api token: mint failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}
q := dbq.New(h.pool)
@@ -49,7 +50,7 @@ func (h *handlers) handleRegenerateMyAPIToken(w http.ResponseWriter, r *http.Req
})
if err != nil {
h.logger.Error("regenerate api token: update failed", "err", err)
writeErr(w, http.StatusInternalServerError, "server_error", "")
writeErr(w, apierror.Internal(err))
return
}