53a02322fb
A2 — migration 0030: the albums/artists art `*_source` CHECK was a fixed provider-ID allowlist fighting the extensible coverart.Register registry (per-provider migration churn at 0016/0018/0020; rejected test stub providers → ~11 enricher tests failed). Relax to "NULL or non-empty"; the registry is the source of truth. Same brittleness class as the #433 discovery-mix CHECK. D — lidarr Approve resolves metadata/quality profiles (JSON arrays) before the add; the test stubs returned {"id":1} for every path, so ListMetadataProfiles failed to unmarshal → 500/Approve errors. Make the lidarrrequests + admin_requests stubs path-aware (arrays for /metadataprofile, /qualityprofile). E: - auth: requireUser (prelude.go) emitted code "auth_required"; the canonical code is "unauthenticated" (operator decision). Change the code; drop the now-dead "auth_required" web error-copy key ("unauthenticated" already has copy). - playlists_system_test wrapped the real auth.RequireUser middleware but only injected withUser() context → 401. Like every other api handler test, drop the middleware and rely on requireUser(). - admin_users dup-username test seeded "test-existing" (seedUser prefixes) but POSTed "existing" → no collision; POST the prefixed name. - me_timezone test decoded a top-level {"code"} but the envelope is {"error":{"code"}}; decode the nested shape. - audit test asserted compact JSON; Postgres jsonb::text is spaced. - put-lidarr-config tests predated the missing_defaults gate (correct handler behavior); supply the required defaults in the bodies. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
51 lines
1.7 KiB
Go
51 lines
1.7 KiB
Go
package api
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/jackc/pgx/v5/pgtype"
|
|
|
|
"git.fabledsword.com/bvandeusen/minstrel/internal/apierror"
|
|
"git.fabledsword.com/bvandeusen/minstrel/internal/auth"
|
|
"git.fabledsword.com/bvandeusen/minstrel/internal/db/dbq"
|
|
)
|
|
|
|
// requireUser returns the authenticated user from request context. On
|
|
// missing context, writes a 401 envelope and returns ok=false; the
|
|
// caller MUST return immediately on ok=false. Defensive belt against
|
|
// middleware bypass — handlers using this don't need a separate check.
|
|
func requireUser(w http.ResponseWriter, r *http.Request) (dbq.User, bool) {
|
|
user, ok := auth.UserFromContext(r.Context())
|
|
if !ok {
|
|
writeErr(w, apierror.Unauthorized("unauthenticated", ""))
|
|
return dbq.User{}, false
|
|
}
|
|
return user, true
|
|
}
|
|
|
|
// requireURLUUID parses the chi URL parameter named key as a UUID. On
|
|
// invalid input, writes a 400 envelope and returns ok=false; the caller
|
|
// MUST return immediately on ok=false.
|
|
func requireURLUUID(w http.ResponseWriter, r *http.Request, key string) (pgtype.UUID, bool) {
|
|
id, ok := parseUUID(chi.URLParam(r, key))
|
|
if !ok {
|
|
writeErr(w, apierror.BadRequest("invalid_id", ""))
|
|
return id, false
|
|
}
|
|
return id, true
|
|
}
|
|
|
|
// decodeBody decodes the request body as JSON into out. On decode
|
|
// failure, writes a 400 envelope and returns false; the caller MUST
|
|
// return immediately on false. Out parameter pattern (rather than
|
|
// returning T) keeps the type explicit at the call site.
|
|
func decodeBody[T any](w http.ResponseWriter, r *http.Request, out *T) bool {
|
|
if err := json.NewDecoder(r.Body).Decode(out); err != nil {
|
|
writeErr(w, apierror.BadRequest("invalid_body", ""))
|
|
return false
|
|
}
|
|
return true
|
|
}
|