refactor(server/api): migrate auth/me handlers to writeErr(err) (T3a)
This commit is contained in:
@@ -9,6 +9,7 @@ import (
|
|||||||
|
|
||||||
"github.com/jackc/pgx/v5"
|
"github.com/jackc/pgx/v5"
|
||||||
|
|
||||||
|
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
||||||
)
|
)
|
||||||
@@ -61,11 +62,11 @@ func sessionTokenFromHTTP(r *http.Request) string {
|
|||||||
func (h *handlers) handleLogin(w http.ResponseWriter, r *http.Request) {
|
func (h *handlers) handleLogin(w http.ResponseWriter, r *http.Request) {
|
||||||
var req LoginRequest
|
var req LoginRequest
|
||||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||||
writeErr(w, http.StatusBadRequest, "bad_request", "invalid JSON body")
|
writeErr(w, apierror.BadRequest("bad_request", "invalid JSON body"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if req.Username == "" || req.Password == "" {
|
if req.Username == "" || req.Password == "" {
|
||||||
writeErr(w, http.StatusBadRequest, "bad_request", "username and password required")
|
writeErr(w, apierror.BadRequest("bad_request", "username and password required"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -73,22 +74,22 @@ func (h *handlers) handleLogin(w http.ResponseWriter, r *http.Request) {
|
|||||||
user, err := q.GetUserByUsername(r.Context(), req.Username)
|
user, err := q.GetUserByUsername(r.Context(), req.Username)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if errors.Is(err, pgx.ErrNoRows) {
|
if errors.Is(err, pgx.ErrNoRows) {
|
||||||
writeErr(w, http.StatusUnauthorized, "invalid_credentials", "invalid username or password")
|
writeErr(w, apierror.Unauthorized("invalid_credentials", "invalid username or password"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
h.logger.Error("api: user lookup failed", "err", err)
|
h.logger.Error("api: user lookup failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "lookup failed")
|
writeErr(w, apierror.InternalMsg("lookup failed", err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if !auth.VerifyPassword(user.PasswordHash, req.Password) {
|
if !auth.VerifyPassword(user.PasswordHash, req.Password) {
|
||||||
writeErr(w, http.StatusUnauthorized, "invalid_credentials", "invalid username or password")
|
writeErr(w, apierror.Unauthorized("invalid_credentials", "invalid username or password"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
token, err := auth.MintSessionToken()
|
token, err := auth.MintSessionToken()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.logger.Error("api: mint session token failed", "err", err)
|
h.logger.Error("api: mint session token failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "mint failed")
|
writeErr(w, apierror.InternalMsg("mint failed", err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if _, err := q.InsertSession(r.Context(), dbq.InsertSessionParams{
|
if _, err := q.InsertSession(r.Context(), dbq.InsertSessionParams{
|
||||||
@@ -97,7 +98,7 @@ func (h *handlers) handleLogin(w http.ResponseWriter, r *http.Request) {
|
|||||||
UserAgent: r.UserAgent(),
|
UserAgent: r.UserAgent(),
|
||||||
}); err != nil {
|
}); err != nil {
|
||||||
h.logger.Error("api: insert session failed", "err", err)
|
h.logger.Error("api: insert session failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "insert failed")
|
writeErr(w, apierror.InternalMsg("insert failed", err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -12,6 +12,7 @@ import (
|
|||||||
"github.com/jackc/pgx/v5/pgconn"
|
"github.com/jackc/pgx/v5/pgconn"
|
||||||
"golang.org/x/crypto/bcrypt"
|
"golang.org/x/crypto/bcrypt"
|
||||||
|
|
||||||
|
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/audit"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/audit"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
||||||
@@ -56,15 +57,15 @@ type registerReq struct {
|
|||||||
func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
|
func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
|
||||||
var req registerReq
|
var req registerReq
|
||||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||||
writeErr(w, http.StatusBadRequest, "invalid_body", "invalid JSON body")
|
writeErr(w, apierror.BadRequest("invalid_body", "invalid JSON body"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if !usernameRe.MatchString(req.Username) {
|
if !usernameRe.MatchString(req.Username) {
|
||||||
writeErr(w, http.StatusBadRequest, "username_invalid", "username must be 3-32 chars, alphanumeric + underscore + hyphen")
|
writeErr(w, apierror.BadRequest("username_invalid", "username must be 3-32 chars, alphanumeric + underscore + hyphen"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if len(req.Password) < minPasswordLength {
|
if len(req.Password) < minPasswordLength {
|
||||||
writeErr(w, http.StatusBadRequest, "password_too_short", "password must be at least 8 chars")
|
writeErr(w, apierror.BadRequest("password_too_short", "password must be at least 8 chars"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -74,7 +75,7 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
|
|||||||
userCount, err := q.CountUsers(r.Context())
|
userCount, err := q.CountUsers(r.Context())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.logger.Error("register: count users failed", "err", err)
|
h.logger.Error("register: count users failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -84,12 +85,12 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
|
|||||||
mode, err := q.GetRegistrationMode(r.Context())
|
mode, err := q.GetRegistrationMode(r.Context())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.logger.Error("register: get mode failed", "err", err)
|
h.logger.Error("register: get mode failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if mode == "invite_only" {
|
if mode == "invite_only" {
|
||||||
if req.InviteToken == "" {
|
if req.InviteToken == "" {
|
||||||
writeErr(w, http.StatusBadRequest, "invite_required", "an invite token is required to register")
|
writeErr(w, apierror.BadRequest("invite_required", "an invite token is required to register"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
// Pre-validate existence + non-redeemed + non-expired so we fail
|
// Pre-validate existence + non-redeemed + non-expired so we fail
|
||||||
@@ -97,15 +98,15 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
|
|||||||
invite, ierr := q.GetInviteByToken(r.Context(), req.InviteToken)
|
invite, ierr := q.GetInviteByToken(r.Context(), req.InviteToken)
|
||||||
if ierr != nil {
|
if ierr != nil {
|
||||||
if errors.Is(ierr, pgx.ErrNoRows) {
|
if errors.Is(ierr, pgx.ErrNoRows) {
|
||||||
writeErr(w, http.StatusBadRequest, "invite_invalid", "invite token not found")
|
writeErr(w, apierror.BadRequest("invite_invalid", "invite token not found"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
h.logger.Error("register: get invite failed", "err", ierr)
|
h.logger.Error("register: get invite failed", "err", ierr)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(ierr))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if invite.RedeemedAt.Valid || invite.ExpiresAt.Time.Before(time.Now()) {
|
if invite.RedeemedAt.Valid || invite.ExpiresAt.Time.Before(time.Now()) {
|
||||||
writeErr(w, http.StatusBadRequest, "invite_invalid", "invite token is expired or already redeemed")
|
writeErr(w, apierror.BadRequest("invite_invalid", "invite token is expired or already redeemed"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
usedInviteToken = req.InviteToken
|
usedInviteToken = req.InviteToken
|
||||||
@@ -116,7 +117,7 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
|
|||||||
hash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
|
hash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.logger.Error("register: hash password failed", "err", err)
|
h.logger.Error("register: hash password failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -124,7 +125,7 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
|
|||||||
apiToken, err := auth.MintSessionToken()
|
apiToken, err := auth.MintSessionToken()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.logger.Error("register: mint api_token failed", "err", err)
|
h.logger.Error("register: mint api_token failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -138,11 +139,11 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
var pgErr *pgconn.PgError
|
var pgErr *pgconn.PgError
|
||||||
if errors.As(err, &pgErr) && pgErr.Code == pgerrcode.UniqueViolation {
|
if errors.As(err, &pgErr) && pgErr.Code == pgerrcode.UniqueViolation {
|
||||||
writeErr(w, http.StatusConflict, "username_taken", "username is already taken")
|
writeErr(w, apierror.Conflict("username_taken", "username is already taken"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
h.logger.Error("register: create user failed", "err", err)
|
h.logger.Error("register: create user failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -167,7 +168,7 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
|
|||||||
sessionToken, err := auth.MintSessionToken()
|
sessionToken, err := auth.MintSessionToken()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.logger.Error("register: mint session failed", "err", err)
|
h.logger.Error("register: mint session failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if _, err := q.InsertSession(r.Context(), dbq.InsertSessionParams{
|
if _, err := q.InsertSession(r.Context(), dbq.InsertSessionParams{
|
||||||
@@ -176,7 +177,7 @@ func (h *handlers) handleRegister(w http.ResponseWriter, r *http.Request) {
|
|||||||
UserAgent: r.UserAgent(),
|
UserAgent: r.UserAgent(),
|
||||||
}); err != nil {
|
}); err != nil {
|
||||||
h.logger.Error("register: insert session failed", "err", err)
|
h.logger.Error("register: insert session failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
http.SetCookie(w, &http.Cookie{
|
http.SetCookie(w, &http.Cookie{
|
||||||
|
|||||||
@@ -8,6 +8,7 @@ import (
|
|||||||
"github.com/jackc/pgx/v5"
|
"github.com/jackc/pgx/v5"
|
||||||
"golang.org/x/crypto/bcrypt"
|
"golang.org/x/crypto/bcrypt"
|
||||||
|
|
||||||
|
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/audit"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/audit"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
||||||
)
|
)
|
||||||
@@ -29,15 +30,15 @@ type resetPasswordReq struct {
|
|||||||
func (h *handlers) handleResetPassword(w http.ResponseWriter, r *http.Request) {
|
func (h *handlers) handleResetPassword(w http.ResponseWriter, r *http.Request) {
|
||||||
var req resetPasswordReq
|
var req resetPasswordReq
|
||||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||||
writeErr(w, http.StatusBadRequest, "invalid_body", "")
|
writeErr(w, apierror.BadRequest("invalid_body", ""))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if len(req.NewPassword) < minPasswordLength {
|
if len(req.NewPassword) < minPasswordLength {
|
||||||
writeErr(w, http.StatusBadRequest, "password_too_short", "password must be at least 8 chars")
|
writeErr(w, apierror.BadRequest("password_too_short", "password must be at least 8 chars"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if req.Token == "" {
|
if req.Token == "" {
|
||||||
writeErr(w, http.StatusBadRequest, "invalid_token", "")
|
writeErr(w, apierror.BadRequest("invalid_token", ""))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -49,11 +50,11 @@ func (h *handlers) handleResetPassword(w http.ResponseWriter, r *http.Request) {
|
|||||||
reset, err := q.GetPasswordReset(r.Context(), req.Token)
|
reset, err := q.GetPasswordReset(r.Context(), req.Token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if errors.Is(err, pgx.ErrNoRows) {
|
if errors.Is(err, pgx.ErrNoRows) {
|
||||||
writeErr(w, http.StatusBadRequest, "invalid_token", "")
|
writeErr(w, apierror.BadRequest("invalid_token", ""))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
h.logger.Error("reset password: lookup failed", "err", err)
|
h.logger.Error("reset password: lookup failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -64,11 +65,11 @@ func (h *handlers) handleResetPassword(w http.ResponseWriter, r *http.Request) {
|
|||||||
rows, err := q.UsePasswordReset(r.Context(), req.Token)
|
rows, err := q.UsePasswordReset(r.Context(), req.Token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.logger.Error("reset password: use token failed", "err", err)
|
h.logger.Error("reset password: use token failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if rows == 0 {
|
if rows == 0 {
|
||||||
writeErr(w, http.StatusBadRequest, "invalid_token", "")
|
writeErr(w, apierror.BadRequest("invalid_token", ""))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -79,7 +80,7 @@ func (h *handlers) handleResetPassword(w http.ResponseWriter, r *http.Request) {
|
|||||||
hash, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), bcrypt.DefaultCost)
|
hash, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), bcrypt.DefaultCost)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.logger.Error("reset password: hash failed", "err", err)
|
h.logger.Error("reset password: hash failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if err := q.ChangeUserPassword(r.Context(), dbq.ChangeUserPasswordParams{
|
if err := q.ChangeUserPassword(r.Context(), dbq.ChangeUserPasswordParams{
|
||||||
@@ -87,7 +88,7 @@ func (h *handlers) handleResetPassword(w http.ResponseWriter, r *http.Request) {
|
|||||||
PasswordHash: string(hash),
|
PasswordHash: string(hash),
|
||||||
}); err != nil {
|
}); err != nil {
|
||||||
h.logger.Error("reset password: update failed", "err", err)
|
h.logger.Error("reset password: update failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
+3
-1
@@ -2,8 +2,10 @@ package api
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
|
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -13,7 +15,7 @@ func (h *handlers) handleGetMe(w http.ResponseWriter, r *http.Request) {
|
|||||||
// Hitting /me without RequireUser in front of it is a routing bug;
|
// Hitting /me without RequireUser in front of it is a routing bug;
|
||||||
// it can't happen in real traffic.
|
// it can't happen in real traffic.
|
||||||
h.logger.Error("api: /me reached without authenticated user")
|
h.logger.Error("api: /me reached without authenticated user")
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "missing auth context")
|
writeErr(w, apierror.InternalMsg("missing auth context", errors.New("missing auth context")))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
w.Header().Set("Content-Type", "application/json")
|
w.Header().Set("Content-Type", "application/json")
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ import (
|
|||||||
"encoding/json"
|
"encoding/json"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
|
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
||||||
)
|
)
|
||||||
@@ -16,13 +17,13 @@ import (
|
|||||||
func (h *handlers) handleGetMyHistory(w http.ResponseWriter, r *http.Request) {
|
func (h *handlers) handleGetMyHistory(w http.ResponseWriter, r *http.Request) {
|
||||||
user, ok := auth.UserFromContext(r.Context())
|
user, ok := auth.UserFromContext(r.Context())
|
||||||
if !ok {
|
if !ok {
|
||||||
writeErr(w, http.StatusUnauthorized, "unauthorized", "authentication required")
|
writeErr(w, apierror.ErrUnauthorized)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
limit, offset, perr := parsePaging(r.URL.Query())
|
limit, offset, perr := parsePaging(r.URL.Query())
|
||||||
if perr != nil {
|
if perr != nil {
|
||||||
writeErr(w, http.StatusBadRequest, "bad_paging", "invalid limit or offset")
|
writeErr(w, apierror.BadRequest("bad_paging", "invalid limit or offset"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -33,7 +34,7 @@ func (h *handlers) handleGetMyHistory(w http.ResponseWriter, r *http.Request) {
|
|||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.logger.Error("api: list user history", "err", err)
|
h.logger.Error("api: list user history", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "failed to load history")
|
writeErr(w, apierror.InternalMsg("failed to load history", err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ import (
|
|||||||
|
|
||||||
"golang.org/x/crypto/bcrypt"
|
"golang.org/x/crypto/bcrypt"
|
||||||
|
|
||||||
|
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/audit"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/audit"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
||||||
@@ -22,16 +23,16 @@ type changePasswordReq struct {
|
|||||||
func (h *handlers) handleChangePassword(w http.ResponseWriter, r *http.Request) {
|
func (h *handlers) handleChangePassword(w http.ResponseWriter, r *http.Request) {
|
||||||
user, ok := auth.UserFromContext(r.Context())
|
user, ok := auth.UserFromContext(r.Context())
|
||||||
if !ok {
|
if !ok {
|
||||||
writeErr(w, http.StatusUnauthorized, "auth_required", "")
|
writeErr(w, apierror.Unauthorized("auth_required", ""))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
var req changePasswordReq
|
var req changePasswordReq
|
||||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||||
writeErr(w, http.StatusBadRequest, "invalid_body", "")
|
writeErr(w, apierror.BadRequest("invalid_body", ""))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if len(req.NewPassword) < minPasswordLength {
|
if len(req.NewPassword) < minPasswordLength {
|
||||||
writeErr(w, http.StatusBadRequest, "password_too_short", "password must be at least 8 chars")
|
writeErr(w, apierror.BadRequest("password_too_short", "password must be at least 8 chars"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -39,18 +40,18 @@ func (h *handlers) handleChangePassword(w http.ResponseWriter, r *http.Request)
|
|||||||
current, err := q.GetUserByID(r.Context(), user.ID)
|
current, err := q.GetUserByID(r.Context(), user.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.logger.Error("change password: lookup failed", "err", err)
|
h.logger.Error("change password: lookup failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if err := bcrypt.CompareHashAndPassword([]byte(current.PasswordHash), []byte(req.CurrentPassword)); err != nil {
|
if err := bcrypt.CompareHashAndPassword([]byte(current.PasswordHash), []byte(req.CurrentPassword)); err != nil {
|
||||||
writeErr(w, http.StatusUnauthorized, "wrong_password", "")
|
writeErr(w, apierror.Unauthorized("wrong_password", ""))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
hash, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), bcrypt.DefaultCost)
|
hash, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), bcrypt.DefaultCost)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.logger.Error("change password: hash failed", "err", err)
|
h.logger.Error("change password: hash failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if err := q.ChangeUserPassword(r.Context(), dbq.ChangeUserPasswordParams{
|
if err := q.ChangeUserPassword(r.Context(), dbq.ChangeUserPasswordParams{
|
||||||
@@ -58,7 +59,7 @@ func (h *handlers) handleChangePassword(w http.ResponseWriter, r *http.Request)
|
|||||||
PasswordHash: string(hash),
|
PasswordHash: string(hash),
|
||||||
}); err != nil {
|
}); err != nil {
|
||||||
h.logger.Error("change password: update failed", "err", err)
|
h.logger.Error("change password: update failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -10,6 +10,7 @@ import (
|
|||||||
"github.com/jackc/pgerrcode"
|
"github.com/jackc/pgerrcode"
|
||||||
"github.com/jackc/pgx/v5/pgconn"
|
"github.com/jackc/pgx/v5/pgconn"
|
||||||
|
|
||||||
|
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
||||||
)
|
)
|
||||||
@@ -40,12 +41,12 @@ type meProfileResp struct {
|
|||||||
func (h *handlers) handleUpdateMyProfile(w http.ResponseWriter, r *http.Request) {
|
func (h *handlers) handleUpdateMyProfile(w http.ResponseWriter, r *http.Request) {
|
||||||
user, ok := auth.UserFromContext(r.Context())
|
user, ok := auth.UserFromContext(r.Context())
|
||||||
if !ok {
|
if !ok {
|
||||||
writeErr(w, http.StatusUnauthorized, "auth_required", "")
|
writeErr(w, apierror.Unauthorized("auth_required", ""))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
var req updateProfileReq
|
var req updateProfileReq
|
||||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||||
writeErr(w, http.StatusBadRequest, "invalid_body", "")
|
writeErr(w, apierror.BadRequest("invalid_body", ""))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -65,7 +66,7 @@ func (h *handlers) handleUpdateMyProfile(w http.ResponseWriter, r *http.Request)
|
|||||||
email = nil
|
email = nil
|
||||||
} else {
|
} else {
|
||||||
if !emailRe.MatchString(s) {
|
if !emailRe.MatchString(s) {
|
||||||
writeErr(w, http.StatusBadRequest, "email_invalid", "")
|
writeErr(w, apierror.BadRequest("email_invalid", ""))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
email = &s
|
email = &s
|
||||||
@@ -78,7 +79,7 @@ func (h *handlers) handleUpdateMyProfile(w http.ResponseWriter, r *http.Request)
|
|||||||
current, err := q.GetUserByID(r.Context(), user.ID)
|
current, err := q.GetUserByID(r.Context(), user.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.logger.Error("update profile: lookup failed", "err", err)
|
h.logger.Error("update profile: lookup failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
writeJSON(w, http.StatusOK, profileViewFromUser(current))
|
writeJSON(w, http.StatusOK, profileViewFromUser(current))
|
||||||
@@ -90,7 +91,7 @@ func (h *handlers) handleUpdateMyProfile(w http.ResponseWriter, r *http.Request)
|
|||||||
current, err := q.GetUserByID(r.Context(), user.ID)
|
current, err := q.GetUserByID(r.Context(), user.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.logger.Error("update profile: lookup failed", "err", err)
|
h.logger.Error("update profile: lookup failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if req.DisplayName == nil {
|
if req.DisplayName == nil {
|
||||||
@@ -108,11 +109,11 @@ func (h *handlers) handleUpdateMyProfile(w http.ResponseWriter, r *http.Request)
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
var pgErr *pgconn.PgError
|
var pgErr *pgconn.PgError
|
||||||
if errors.As(err, &pgErr) && pgErr.Code == pgerrcode.UniqueViolation {
|
if errors.As(err, &pgErr) && pgErr.Code == pgerrcode.UniqueViolation {
|
||||||
writeErr(w, http.StatusConflict, "email_taken", "")
|
writeErr(w, apierror.Conflict("email_taken", ""))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
h.logger.Error("update profile: update failed", "err", err)
|
h.logger.Error("update profile: update failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ import (
|
|||||||
|
|
||||||
"github.com/jackc/pgx/v5"
|
"github.com/jackc/pgx/v5"
|
||||||
|
|
||||||
|
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
||||||
)
|
)
|
||||||
@@ -25,7 +26,7 @@ type systemPlaylistsStatusResp struct {
|
|||||||
func (h *handlers) handleGetSystemPlaylistsStatus(w http.ResponseWriter, r *http.Request) {
|
func (h *handlers) handleGetSystemPlaylistsStatus(w http.ResponseWriter, r *http.Request) {
|
||||||
caller, ok := auth.UserFromContext(r.Context())
|
caller, ok := auth.UserFromContext(r.Context())
|
||||||
if !ok {
|
if !ok {
|
||||||
writeErr(w, http.StatusUnauthorized, "unauthenticated", "no session")
|
writeErr(w, apierror.Unauthorized("unauthenticated", "no session"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -36,7 +37,7 @@ func (h *handlers) handleGetSystemPlaylistsStatus(w http.ResponseWriter, r *http
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
h.logger.Error("api: get system playlists status", "err", err)
|
h.logger.Error("api: get system playlists status", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "lookup failed")
|
writeErr(w, apierror.InternalMsg("lookup failed", err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -3,6 +3,7 @@ package api
|
|||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
|
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/audit"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/audit"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
|
||||||
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
||||||
@@ -16,14 +17,14 @@ type apiTokenResp struct {
|
|||||||
func (h *handlers) handleGetMyAPIToken(w http.ResponseWriter, r *http.Request) {
|
func (h *handlers) handleGetMyAPIToken(w http.ResponseWriter, r *http.Request) {
|
||||||
user, ok := auth.UserFromContext(r.Context())
|
user, ok := auth.UserFromContext(r.Context())
|
||||||
if !ok {
|
if !ok {
|
||||||
writeErr(w, http.StatusUnauthorized, "auth_required", "")
|
writeErr(w, apierror.Unauthorized("auth_required", ""))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
q := dbq.New(h.pool)
|
q := dbq.New(h.pool)
|
||||||
current, err := q.GetUserByID(r.Context(), user.ID)
|
current, err := q.GetUserByID(r.Context(), user.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.logger.Error("get api token: lookup failed", "err", err)
|
h.logger.Error("get api token: lookup failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
writeJSON(w, http.StatusOK, apiTokenResp{APIToken: current.ApiToken})
|
writeJSON(w, http.StatusOK, apiTokenResp{APIToken: current.ApiToken})
|
||||||
@@ -33,13 +34,13 @@ func (h *handlers) handleGetMyAPIToken(w http.ResponseWriter, r *http.Request) {
|
|||||||
func (h *handlers) handleRegenerateMyAPIToken(w http.ResponseWriter, r *http.Request) {
|
func (h *handlers) handleRegenerateMyAPIToken(w http.ResponseWriter, r *http.Request) {
|
||||||
user, ok := auth.UserFromContext(r.Context())
|
user, ok := auth.UserFromContext(r.Context())
|
||||||
if !ok {
|
if !ok {
|
||||||
writeErr(w, http.StatusUnauthorized, "auth_required", "")
|
writeErr(w, apierror.Unauthorized("auth_required", ""))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
newToken, err := auth.MintSessionToken()
|
newToken, err := auth.MintSessionToken()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.logger.Error("regenerate api token: mint failed", "err", err)
|
h.logger.Error("regenerate api token: mint failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
q := dbq.New(h.pool)
|
q := dbq.New(h.pool)
|
||||||
@@ -49,7 +50,7 @@ func (h *handlers) handleRegenerateMyAPIToken(w http.ResponseWriter, r *http.Req
|
|||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.logger.Error("regenerate api token: update failed", "err", err)
|
h.logger.Error("regenerate api token: update failed", "err", err)
|
||||||
writeErr(w, http.StatusInternalServerError, "server_error", "")
|
writeErr(w, apierror.Internal(err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user