mirror of https://github.com/coder/coder.git
refactor(coderd/httpapi): remove database, dbauthz and rbac imports (#9481)
Ref: #9380
This commit is contained in:
parent
d2115941b7
commit
6fc1f5276d
|
@ -17,6 +17,7 @@ import (
|
||||||
"cdr.dev/slog"
|
"cdr.dev/slog"
|
||||||
"github.com/coder/coder/v2/coderd/database"
|
"github.com/coder/coder/v2/coderd/database"
|
||||||
"github.com/coder/coder/v2/coderd/database/dbtime"
|
"github.com/coder/coder/v2/coderd/database/dbtime"
|
||||||
|
"github.com/coder/coder/v2/coderd/httpapi/httpapiconstraints"
|
||||||
"github.com/coder/coder/v2/coderd/rbac"
|
"github.com/coder/coder/v2/coderd/rbac"
|
||||||
"github.com/coder/coder/v2/coderd/util/slice"
|
"github.com/coder/coder/v2/coderd/util/slice"
|
||||||
)
|
)
|
||||||
|
@ -36,10 +37,18 @@ type NotAuthorizedError struct {
|
||||||
Err error
|
Err error
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Ensure we implement the IsUnauthorized interface.
|
||||||
|
var _ httpapiconstraints.IsUnauthorizedError = (*NotAuthorizedError)(nil)
|
||||||
|
|
||||||
func (e NotAuthorizedError) Error() string {
|
func (e NotAuthorizedError) Error() string {
|
||||||
return fmt.Sprintf("unauthorized: %s", e.Err.Error())
|
return fmt.Sprintf("unauthorized: %s", e.Err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// IsUnauthorized implements the IsUnauthorized interface.
|
||||||
|
func (NotAuthorizedError) IsUnauthorized() bool {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
// Unwrap will always unwrap to a sql.ErrNoRows so the API returns a 404.
|
// Unwrap will always unwrap to a sql.ErrNoRows so the API returns a 404.
|
||||||
// So 'errors.Is(err, sql.ErrNoRows)' will always be true.
|
// So 'errors.Is(err, sql.ErrNoRows)' will always be true.
|
||||||
func (e NotAuthorizedError) Unwrap() error {
|
func (e NotAuthorizedError) Unwrap() error {
|
||||||
|
|
|
@ -16,8 +16,7 @@ import (
|
||||||
"github.com/go-playground/validator/v10"
|
"github.com/go-playground/validator/v10"
|
||||||
"golang.org/x/xerrors"
|
"golang.org/x/xerrors"
|
||||||
|
|
||||||
"github.com/coder/coder/v2/coderd/database/dbauthz"
|
"github.com/coder/coder/v2/coderd/httpapi/httpapiconstraints"
|
||||||
"github.com/coder/coder/v2/coderd/rbac"
|
|
||||||
"github.com/coder/coder/v2/coderd/tracing"
|
"github.com/coder/coder/v2/coderd/tracing"
|
||||||
"github.com/coder/coder/v2/codersdk"
|
"github.com/coder/coder/v2/codersdk"
|
||||||
)
|
)
|
||||||
|
@ -90,7 +89,13 @@ func Is404Error(err error) bool {
|
||||||
if err == nil {
|
if err == nil {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
return xerrors.Is(err, sql.ErrNoRows) || dbauthz.IsNotAuthorizedError(err) || rbac.IsUnauthorizedError(err)
|
|
||||||
|
// This tests for dbauthz.IsNotAuthorizedError and rbac.IsUnauthorizedError.
|
||||||
|
var unauthorized httpapiconstraints.IsUnauthorizedError
|
||||||
|
if errors.As(err, &unauthorized) && unauthorized.IsUnauthorized() {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
return xerrors.Is(err, sql.ErrNoRows)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Convenience error functions don't take contexts since their responses are
|
// Convenience error functions don't take contexts since their responses are
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
// Package httpapiconstraints contain types that can be used and implemented
|
||||||
|
// across the application to return specific HTTP status codes without pulling
|
||||||
|
// in large dependency trees.
|
||||||
|
package httpapiconstraints
|
||||||
|
|
||||||
|
// IsUnauthorizedError is an interface that can be implemented in other packages
|
||||||
|
// in order to return 404.
|
||||||
|
type IsUnauthorizedError interface {
|
||||||
|
IsUnauthorized() bool
|
||||||
|
}
|
|
@ -10,7 +10,6 @@ import (
|
||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
"golang.org/x/xerrors"
|
"golang.org/x/xerrors"
|
||||||
|
|
||||||
"github.com/coder/coder/v2/coderd/database"
|
|
||||||
"github.com/coder/coder/v2/codersdk"
|
"github.com/coder/coder/v2/codersdk"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -158,10 +157,10 @@ func (p *QueryParamParser) Strings(vals url.Values, def []string, queryParam str
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
// ValidEnum parses enum query params. Add more to the list as needed.
|
// ValidEnum represents an enum that can be parsed and validated.
|
||||||
type ValidEnum interface {
|
type ValidEnum interface {
|
||||||
database.ResourceType | database.AuditAction | database.BuildReason | database.UserStatus |
|
// Add more types as needed (avoid importing large dependency trees).
|
||||||
database.WorkspaceStatus
|
~string
|
||||||
|
|
||||||
// Valid is required on the enum type to be used with ParseEnum.
|
// Valid is required on the enum type to be used with ParseEnum.
|
||||||
Valid() bool
|
Valid() bool
|
||||||
|
|
|
@ -9,6 +9,8 @@ import (
|
||||||
"github.com/open-policy-agent/opa/rego"
|
"github.com/open-policy-agent/opa/rego"
|
||||||
"github.com/open-policy-agent/opa/topdown"
|
"github.com/open-policy-agent/opa/topdown"
|
||||||
"golang.org/x/xerrors"
|
"golang.org/x/xerrors"
|
||||||
|
|
||||||
|
"github.com/coder/coder/v2/coderd/httpapi/httpapiconstraints"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -33,6 +35,14 @@ type UnauthorizedError struct {
|
||||||
output rego.ResultSet
|
output rego.ResultSet
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Ensure we implement the IsUnauthorized interface.
|
||||||
|
var _ httpapiconstraints.IsUnauthorizedError = (*UnauthorizedError)(nil)
|
||||||
|
|
||||||
|
// IsUnauthorized implements the IsUnauthorized interface.
|
||||||
|
func (UnauthorizedError) IsUnauthorized() bool {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
// IsUnauthorizedError is a convenience function to check if err is UnauthorizedError.
|
// IsUnauthorizedError is a convenience function to check if err is UnauthorizedError.
|
||||||
// It is equivalent to errors.As(err, &UnauthorizedError{}).
|
// It is equivalent to errors.As(err, &UnauthorizedError{}).
|
||||||
func IsUnauthorizedError(err error) bool {
|
func IsUnauthorizedError(err error) bool {
|
||||||
|
|
Loading…
Reference in New Issue