From e382b0d718ecb5d15649dc89a185463f8d6fedcf Mon Sep 17 00:00:00 2001 From: Bryan Van Deusen Date: Thu, 7 May 2026 20:25:26 -0400 Subject: [PATCH] refactor(server/api): migrate auth/me handlers to writeErr(err) (T3a) --- internal/api/auth.go | 15 +++++++------- internal/api/auth_register.go | 31 +++++++++++++++-------------- internal/api/auth_reset.go | 19 +++++++++--------- internal/api/me.go | 4 +++- internal/api/me_history.go | 7 ++++--- internal/api/me_password.go | 15 +++++++------- internal/api/me_profile.go | 15 +++++++------- internal/api/me_system_playlists.go | 5 +++-- internal/api/me_token.go | 11 +++++----- 9 files changed, 66 insertions(+), 56 deletions(-) diff --git a/internal/api/auth.go b/internal/api/auth.go index 5a5bbf46..00fd5164 100644 --- a/internal/api/auth.go +++ b/internal/api/auth.go @@ -9,6 +9,7 @@ import ( "github.com/jackc/pgx/v5" + "git.fabledsword.com/bvandeusen/minstrel/internal/apierror" "git.fabledsword.com/bvandeusen/minstrel/internal/auth" "git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq" ) @@ -61,11 +62,11 @@ func sessionTokenFromHTTP(r *http.Request) string { func (h *handlers) handleLogin(w http.ResponseWriter, r *http.Request) { var req LoginRequest if err := json.NewDecoder(r.Body).Decode(&req); err != nil { - writeErr(w, http.StatusBadRequest, "bad_request", "invalid JSON body") + writeErr(w, apierror.BadRequest("bad_request", "invalid JSON body")) return } if req.Username == "" || req.Password == "" { - writeErr(w, http.StatusBadRequest, "bad_request", "username and password required") + writeErr(w, apierror.BadRequest("bad_request", "username and password required")) return } @@ -73,22 +74,22 @@ func (h *handlers) handleLogin(w http.ResponseWriter, r *http.Request) { user, err := q.GetUserByUsername(r.Context(), req.Username) if err != nil { if errors.Is(err, pgx.ErrNoRows) { - writeErr(w, http.StatusUnauthorized, "invalid_credentials", "invalid username or password") + writeErr(w, apierror.Unauthorized("invalid_credentials", "invalid username or password")) return } h.logger.Error("api: user lookup failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "lookup failed") + writeErr(w, apierror.InternalMsg("lookup failed", err)) return } if !auth.VerifyPassword(user.PasswordHash, req.Password) { - writeErr(w, http.StatusUnauthorized, "invalid_credentials", "invalid username or password") + writeErr(w, apierror.Unauthorized("invalid_credentials", "invalid username or password")) return } token, err := auth.MintSessionToken() if err != nil { h.logger.Error("api: mint session token failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "mint failed") + writeErr(w, apierror.InternalMsg("mint failed", err)) return } if _, err := q.InsertSession(r.Context(), dbq.InsertSessionParams{ @@ -97,7 +98,7 @@ func (h *handlers) handleLogin(w http.ResponseWriter, r *http.Request) { UserAgent: r.UserAgent(), }); err != nil { h.logger.Error("api: insert session failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "insert failed") + writeErr(w, apierror.InternalMsg("insert failed", err)) return } diff --git a/internal/api/auth_register.go b/internal/api/auth_register.go index ca881e7c..ce0cac94 100644 --- a/internal/api/auth_register.go +++ b/internal/api/auth_register.go @@ -12,6 +12,7 @@ import ( "github.com/jackc/pgx/v5/pgconn" "golang.org/x/crypto/bcrypt" + "git.fabledsword.com/bvandeusen/minstrel/internal/apierror" "git.fabledsword.com/bvandeusen/minstrel/internal/audit" "git.fabledsword.com/bvandeusen/minstrel/internal/auth" "git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq" @@ -56,15 +57,15 @@ type registerReq struct { func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) { var req registerReq if err := json.NewDecoder(r.Body).Decode(&req); err != nil { - writeErr(w, http.StatusBadRequest, "invalid_body", "invalid JSON body") + writeErr(w, apierror.BadRequest("invalid_body", "invalid JSON body")) return } if !usernameRe.MatchString(req.Username) { - writeErr(w, http.StatusBadRequest, "username_invalid", "username must be 3-32 chars, alphanumeric + underscore + hyphen") + writeErr(w, apierror.BadRequest("username_invalid", "username must be 3-32 chars, alphanumeric + underscore + hyphen")) return } if len(req.Password) < minPasswordLength { - writeErr(w, http.StatusBadRequest, "password_too_short", "password must be at least 8 chars") + writeErr(w, apierror.BadRequest("password_too_short", "password must be at least 8 chars")) return } @@ -74,7 +75,7 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) { userCount, err := q.CountUsers(r.Context()) if err != nil { h.logger.Error("register: count users failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return } @@ -84,12 +85,12 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) { mode, err := q.GetRegistrationMode(r.Context()) if err != nil { h.logger.Error("register: get mode failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return } if mode == "invite_only" { if req.InviteToken == "" { - writeErr(w, http.StatusBadRequest, "invite_required", "an invite token is required to register") + writeErr(w, apierror.BadRequest("invite_required", "an invite token is required to register")) return } // Pre-validate existence + non-redeemed + non-expired so we fail @@ -97,15 +98,15 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) { invite, ierr := q.GetInviteByToken(r.Context(), req.InviteToken) if ierr != nil { if errors.Is(ierr, pgx.ErrNoRows) { - writeErr(w, http.StatusBadRequest, "invite_invalid", "invite token not found") + writeErr(w, apierror.BadRequest("invite_invalid", "invite token not found")) return } h.logger.Error("register: get invite failed", "err", ierr) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(ierr)) return } if invite.RedeemedAt.Valid || invite.ExpiresAt.Time.Before(time.Now()) { - writeErr(w, http.StatusBadRequest, "invite_invalid", "invite token is expired or already redeemed") + writeErr(w, apierror.BadRequest("invite_invalid", "invite token is expired or already redeemed")) return } usedInviteToken = req.InviteToken @@ -116,7 +117,7 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) { hash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost) if err != nil { h.logger.Error("register: hash password failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return } @@ -124,7 +125,7 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) { apiToken, err := auth.MintSessionToken() if err != nil { h.logger.Error("register: mint api_token failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return } @@ -138,11 +139,11 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) { if err != nil { var pgErr *pgconn.PgError if errors.As(err, &pgErr) && pgErr.Code == pgerrcode.UniqueViolation { - writeErr(w, http.StatusConflict, "username_taken", "username is already taken") + writeErr(w, apierror.Conflict("username_taken", "username is already taken")) return } h.logger.Error("register: create user failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return } @@ -167,7 +168,7 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) { sessionToken, err := auth.MintSessionToken() if err != nil { h.logger.Error("register: mint session failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return } if _, err := q.InsertSession(r.Context(), dbq.InsertSessionParams{ @@ -176,7 +177,7 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) { UserAgent: r.UserAgent(), }); err != nil { h.logger.Error("register: insert session failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return } http.SetCookie(w, &http.Cookie{ diff --git a/internal/api/auth_reset.go b/internal/api/auth_reset.go index 02a27908..23e85f86 100644 --- a/internal/api/auth_reset.go +++ b/internal/api/auth_reset.go @@ -8,6 +8,7 @@ import ( "github.com/jackc/pgx/v5" "golang.org/x/crypto/bcrypt" + "git.fabledsword.com/bvandeusen/minstrel/internal/apierror" "git.fabledsword.com/bvandeusen/minstrel/internal/audit" "git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq" ) @@ -29,15 +30,15 @@ type resetPasswordReq struct { func (h *handlers) handleResetPassword(w http.ResponseWriter, r *http.Request) { var req resetPasswordReq if err := json.NewDecoder(r.Body).Decode(&req); err != nil { - writeErr(w, http.StatusBadRequest, "invalid_body", "") + writeErr(w, apierror.BadRequest("invalid_body", "")) return } if len(req.NewPassword) < minPasswordLength { - writeErr(w, http.StatusBadRequest, "password_too_short", "password must be at least 8 chars") + writeErr(w, apierror.BadRequest("password_too_short", "password must be at least 8 chars")) return } if req.Token == "" { - writeErr(w, http.StatusBadRequest, "invalid_token", "") + writeErr(w, apierror.BadRequest("invalid_token", "")) return } @@ -49,11 +50,11 @@ func (h *handlers) handleResetPassword(w http.ResponseWriter, r *http.Request) { reset, err := q.GetPasswordReset(r.Context(), req.Token) if err != nil { if errors.Is(err, pgx.ErrNoRows) { - writeErr(w, http.StatusBadRequest, "invalid_token", "") + writeErr(w, apierror.BadRequest("invalid_token", "")) return } h.logger.Error("reset password: lookup failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return } @@ -64,11 +65,11 @@ func (h *handlers) handleResetPassword(w http.ResponseWriter, r *http.Request) { rows, err := q.UsePasswordReset(r.Context(), req.Token) if err != nil { h.logger.Error("reset password: use token failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return } if rows == 0 { - writeErr(w, http.StatusBadRequest, "invalid_token", "") + writeErr(w, apierror.BadRequest("invalid_token", "")) return } @@ -79,7 +80,7 @@ func (h *handlers) handleResetPassword(w http.ResponseWriter, r *http.Request) { hash, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), bcrypt.DefaultCost) if err != nil { h.logger.Error("reset password: hash failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return } if err := q.ChangeUserPassword(r.Context(), dbq.ChangeUserPasswordParams{ @@ -87,7 +88,7 @@ func (h *handlers) handleResetPassword(w http.ResponseWriter, r *http.Request) { PasswordHash: string(hash), }); err != nil { h.logger.Error("reset password: update failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return } diff --git a/internal/api/me.go b/internal/api/me.go index 0e63c372..5372dfd1 100644 --- a/internal/api/me.go +++ b/internal/api/me.go @@ -2,8 +2,10 @@ package api import ( "encoding/json" + "errors" "net/http" + "git.fabledsword.com/bvandeusen/minstrel/internal/apierror" "git.fabledsword.com/bvandeusen/minstrel/internal/auth" ) @@ -13,7 +15,7 @@ func (h *handlers) handleGetMe(w http.ResponseWriter, r *http.Request) { // Hitting /me without RequireUser in front of it is a routing bug; // it can't happen in real traffic. h.logger.Error("api: /me reached without authenticated user") - writeErr(w, http.StatusInternalServerError, "server_error", "missing auth context") + writeErr(w, apierror.InternalMsg("missing auth context", errors.New("missing auth context"))) return } w.Header().Set("Content-Type", "application/json") diff --git a/internal/api/me_history.go b/internal/api/me_history.go index e57e9fde..845d9d40 100644 --- a/internal/api/me_history.go +++ b/internal/api/me_history.go @@ -4,6 +4,7 @@ import ( "encoding/json" "net/http" + "git.fabledsword.com/bvandeusen/minstrel/internal/apierror" "git.fabledsword.com/bvandeusen/minstrel/internal/auth" "git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq" ) @@ -16,13 +17,13 @@ import ( func (h *handlers) handleGetMyHistory(w http.ResponseWriter, r *http.Request) { user, ok := auth.UserFromContext(r.Context()) if !ok { - writeErr(w, http.StatusUnauthorized, "unauthorized", "authentication required") + writeErr(w, apierror.ErrUnauthorized) return } limit, offset, perr := parsePaging(r.URL.Query()) if perr != nil { - writeErr(w, http.StatusBadRequest, "bad_paging", "invalid limit or offset") + writeErr(w, apierror.BadRequest("bad_paging", "invalid limit or offset")) return } @@ -33,7 +34,7 @@ func (h *handlers) handleGetMyHistory(w http.ResponseWriter, r *http.Request) { }) if err != nil { h.logger.Error("api: list user history", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "failed to load history") + writeErr(w, apierror.InternalMsg("failed to load history", err)) return } diff --git a/internal/api/me_password.go b/internal/api/me_password.go index 22942c43..9031600f 100644 --- a/internal/api/me_password.go +++ b/internal/api/me_password.go @@ -6,6 +6,7 @@ import ( "golang.org/x/crypto/bcrypt" + "git.fabledsword.com/bvandeusen/minstrel/internal/apierror" "git.fabledsword.com/bvandeusen/minstrel/internal/audit" "git.fabledsword.com/bvandeusen/minstrel/internal/auth" "git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq" @@ -22,16 +23,16 @@ type changePasswordReq struct { func (h *handlers) handleChangePassword(w http.ResponseWriter, r *http.Request) { user, ok := auth.UserFromContext(r.Context()) if !ok { - writeErr(w, http.StatusUnauthorized, "auth_required", "") + writeErr(w, apierror.Unauthorized("auth_required", "")) return } var req changePasswordReq if err := json.NewDecoder(r.Body).Decode(&req); err != nil { - writeErr(w, http.StatusBadRequest, "invalid_body", "") + writeErr(w, apierror.BadRequest("invalid_body", "")) return } if len(req.NewPassword) < minPasswordLength { - writeErr(w, http.StatusBadRequest, "password_too_short", "password must be at least 8 chars") + writeErr(w, apierror.BadRequest("password_too_short", "password must be at least 8 chars")) return } @@ -39,18 +40,18 @@ func (h *handlers) handleChangePassword(w http.ResponseWriter, r *http.Request) current, err := q.GetUserByID(r.Context(), user.ID) if err != nil { h.logger.Error("change password: lookup failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return } if err := bcrypt.CompareHashAndPassword([]byte(current.PasswordHash), []byte(req.CurrentPassword)); err != nil { - writeErr(w, http.StatusUnauthorized, "wrong_password", "") + writeErr(w, apierror.Unauthorized("wrong_password", "")) return } hash, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), bcrypt.DefaultCost) if err != nil { h.logger.Error("change password: hash failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return } if err := q.ChangeUserPassword(r.Context(), dbq.ChangeUserPasswordParams{ @@ -58,7 +59,7 @@ func (h *handlers) handleChangePassword(w http.ResponseWriter, r *http.Request) PasswordHash: string(hash), }); err != nil { h.logger.Error("change password: update failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return } diff --git a/internal/api/me_profile.go b/internal/api/me_profile.go index cfc7a9c2..6776183a 100644 --- a/internal/api/me_profile.go +++ b/internal/api/me_profile.go @@ -10,6 +10,7 @@ import ( "github.com/jackc/pgerrcode" "github.com/jackc/pgx/v5/pgconn" + "git.fabledsword.com/bvandeusen/minstrel/internal/apierror" "git.fabledsword.com/bvandeusen/minstrel/internal/auth" "git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq" ) @@ -40,12 +41,12 @@ type meProfileResp struct { func (h *handlers) handleUpdateMyProfile(w http.ResponseWriter, r *http.Request) { user, ok := auth.UserFromContext(r.Context()) if !ok { - writeErr(w, http.StatusUnauthorized, "auth_required", "") + writeErr(w, apierror.Unauthorized("auth_required", "")) return } var req updateProfileReq if err := json.NewDecoder(r.Body).Decode(&req); err != nil { - writeErr(w, http.StatusBadRequest, "invalid_body", "") + writeErr(w, apierror.BadRequest("invalid_body", "")) return } @@ -65,7 +66,7 @@ func (h *handlers) handleUpdateMyProfile(w http.ResponseWriter, r *http.Request) email = nil } else { if !emailRe.MatchString(s) { - writeErr(w, http.StatusBadRequest, "email_invalid", "") + writeErr(w, apierror.BadRequest("email_invalid", "")) return } email = &s @@ -78,7 +79,7 @@ func (h *handlers) handleUpdateMyProfile(w http.ResponseWriter, r *http.Request) current, err := q.GetUserByID(r.Context(), user.ID) if err != nil { h.logger.Error("update profile: lookup failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return } writeJSON(w, http.StatusOK, profileViewFromUser(current)) @@ -90,7 +91,7 @@ func (h *handlers) handleUpdateMyProfile(w http.ResponseWriter, r *http.Request) current, err := q.GetUserByID(r.Context(), user.ID) if err != nil { h.logger.Error("update profile: lookup failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return } if req.DisplayName == nil { @@ -108,11 +109,11 @@ func (h *handlers) handleUpdateMyProfile(w http.ResponseWriter, r *http.Request) if err != nil { var pgErr *pgconn.PgError if errors.As(err, &pgErr) && pgErr.Code == pgerrcode.UniqueViolation { - writeErr(w, http.StatusConflict, "email_taken", "") + writeErr(w, apierror.Conflict("email_taken", "")) return } h.logger.Error("update profile: update failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return } diff --git a/internal/api/me_system_playlists.go b/internal/api/me_system_playlists.go index 67f46ec8..cae4e131 100644 --- a/internal/api/me_system_playlists.go +++ b/internal/api/me_system_playlists.go @@ -6,6 +6,7 @@ import ( "github.com/jackc/pgx/v5" + "git.fabledsword.com/bvandeusen/minstrel/internal/apierror" "git.fabledsword.com/bvandeusen/minstrel/internal/auth" "git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq" ) @@ -25,7 +26,7 @@ type systemPlaylistsStatusResp struct { func (h *handlers) handleGetSystemPlaylistsStatus(w http.ResponseWriter, r *http.Request) { caller, ok := auth.UserFromContext(r.Context()) if !ok { - writeErr(w, http.StatusUnauthorized, "unauthenticated", "no session") + writeErr(w, apierror.Unauthorized("unauthenticated", "no session")) return } @@ -36,7 +37,7 @@ func (h *handlers) handleGetSystemPlaylistsStatus(w http.ResponseWriter, r *http return } h.logger.Error("api: get system playlists status", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "lookup failed") + writeErr(w, apierror.InternalMsg("lookup failed", err)) return } diff --git a/internal/api/me_token.go b/internal/api/me_token.go index e4ca4d2c..3a24533b 100644 --- a/internal/api/me_token.go +++ b/internal/api/me_token.go @@ -3,6 +3,7 @@ package api import ( "net/http" + "git.fabledsword.com/bvandeusen/minstrel/internal/apierror" "git.fabledsword.com/bvandeusen/minstrel/internal/audit" "git.fabledsword.com/bvandeusen/minstrel/internal/auth" "git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq" @@ -16,14 +17,14 @@ type apiTokenResp struct { func (h *handlers) handleGetMyAPIToken(w http.ResponseWriter, r *http.Request) { user, ok := auth.UserFromContext(r.Context()) if !ok { - writeErr(w, http.StatusUnauthorized, "auth_required", "") + writeErr(w, apierror.Unauthorized("auth_required", "")) return } q := dbq.New(h.pool) current, err := q.GetUserByID(r.Context(), user.ID) if err != nil { h.logger.Error("get api token: lookup failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return } writeJSON(w, http.StatusOK, apiTokenResp{APIToken: current.ApiToken}) @@ -33,13 +34,13 @@ func (h *handlers) handleGetMyAPIToken(w http.ResponseWriter, r *http.Request) { func (h *handlers) handleRegenerateMyAPIToken(w http.ResponseWriter, r *http.Request) { user, ok := auth.UserFromContext(r.Context()) if !ok { - writeErr(w, http.StatusUnauthorized, "auth_required", "") + writeErr(w, apierror.Unauthorized("auth_required", "")) return } newToken, err := auth.MintSessionToken() if err != nil { h.logger.Error("regenerate api token: mint failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return } q := dbq.New(h.pool) @@ -49,7 +50,7 @@ func (h *handlers) handleRegenerateMyAPIToken(w http.ResponseWriter, r *http.Req }) if err != nil { h.logger.Error("regenerate api token: update failed", "err", err) - writeErr(w, http.StatusInternalServerError, "server_error", "") + writeErr(w, apierror.Internal(err)) return }