refactor(coderd/httpapi): remove database, dbauthz and rbac imports (#9481)

Ref: #9380

coderd/database/dbauthz/dbauthz.go

@@ -17,6 +17,7 @@ import (
 	"cdr.dev/slog"
 	"github.com/coder/coder/v2/coderd/database"
 	"github.com/coder/coder/v2/coderd/database/dbtime"
+	"github.com/coder/coder/v2/coderd/httpapi/httpapiconstraints"
 	"github.com/coder/coder/v2/coderd/rbac"
 	"github.com/coder/coder/v2/coderd/util/slice"
 )
@@ -36,10 +37,18 @@ type NotAuthorizedError struct {
 	Err error
 }
 
+// Ensure we implement the IsUnauthorized interface.
+var _ httpapiconstraints.IsUnauthorizedError = (*NotAuthorizedError)(nil)
+
 func (e NotAuthorizedError) Error() string {
 	return fmt.Sprintf("unauthorized: %s", e.Err.Error())
 }
 
+// IsUnauthorized implements the IsUnauthorized interface.
+func (NotAuthorizedError) IsUnauthorized() bool {
+	return true
+}
+
 // Unwrap will always unwrap to a sql.ErrNoRows so the API returns a 404.
 // So 'errors.Is(err, sql.ErrNoRows)' will always be true.
 func (e NotAuthorizedError) Unwrap() error {

coderd/httpapi/httpapi.go

@@ -16,8 +16,7 @@ import (
 	"github.com/go-playground/validator/v10"
 	"golang.org/x/xerrors"
 
-	"github.com/coder/coder/v2/coderd/database/dbauthz"
+	"github.com/coder/coder/v2/coderd/httpapi/httpapiconstraints"
-	"github.com/coder/coder/v2/coderd/rbac"
 	"github.com/coder/coder/v2/coderd/tracing"
 	"github.com/coder/coder/v2/codersdk"
 )
@@ -90,7 +89,13 @@ func Is404Error(err error) bool {
 	if err == nil {
 		return false
 	}
-	return xerrors.Is(err, sql.ErrNoRows) || dbauthz.IsNotAuthorizedError(err) || rbac.IsUnauthorizedError(err)
+
+	// This tests for dbauthz.IsNotAuthorizedError and rbac.IsUnauthorizedError.
+	var unauthorized httpapiconstraints.IsUnauthorizedError
+	if errors.As(err, &unauthorized) && unauthorized.IsUnauthorized() {
+		return true
+	}
+	return xerrors.Is(err, sql.ErrNoRows)
 }
 
 // Convenience error functions don't take contexts since their responses are

coderd/httpapi/httpapiconstraints/httpapiconstraints.go

@@ -0,0 +1,10 @@
+// Package httpapiconstraints contain types that can be used and implemented
+// across the application to return specific HTTP status codes without pulling
+// in large dependency trees.
+package httpapiconstraints
+
+// IsUnauthorizedError is an interface that can be implemented in other packages
+// in order to return 404.
+type IsUnauthorizedError interface {
+	IsUnauthorized() bool
+}

coderd/httpapi/queryparams.go

@@ -10,7 +10,6 @@ import (
 	"github.com/google/uuid"
 	"golang.org/x/xerrors"
 
-	"github.com/coder/coder/v2/coderd/database"
 	"github.com/coder/coder/v2/codersdk"
 )
 
@@ -158,10 +157,10 @@ func (p *QueryParamParser) Strings(vals url.Values, def []string, queryParam str
 	})
 }
 
-// ValidEnum parses enum query params. Add more to the list as needed.
+// ValidEnum represents an enum that can be parsed and validated.
 type ValidEnum interface {
-	database.ResourceType | database.AuditAction | database.BuildReason | database.UserStatus |
+	// Add more types as needed (avoid importing large dependency trees).
-		database.WorkspaceStatus
+	~string
 
 	// Valid is required on the enum type to be used with ParseEnum.
 	Valid() bool

coderd/rbac/error.go

@@ -9,6 +9,8 @@ import (
 	"github.com/open-policy-agent/opa/rego"
 	"github.com/open-policy-agent/opa/topdown"
 	"golang.org/x/xerrors"
+
+	"github.com/coder/coder/v2/coderd/httpapi/httpapiconstraints"
 )
 
 const (
@@ -33,6 +35,14 @@ type UnauthorizedError struct {
 	output rego.ResultSet
 }
 
+// Ensure we implement the IsUnauthorized interface.
+var _ httpapiconstraints.IsUnauthorizedError = (*UnauthorizedError)(nil)
+
+// IsUnauthorized implements the IsUnauthorized interface.
+func (UnauthorizedError) IsUnauthorized() bool {
+	return true
+}
+
 // IsUnauthorizedError is a convenience function to check if err is UnauthorizedError.
 // It is equivalent to errors.As(err, &UnauthorizedError{}).
 func IsUnauthorizedError(err error) bool {