veryroundbird.house / core
forked from tangled.org/core
this repo has no description
fork atom

xrpc/{errors,serviceauth}: split shared xrpc code to top-level package

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.sh>

anirudh.fi 9cea15d1 fb4bff75

options
unified split
Changed files
+168
xrpc
errors
errors.go
serviceauth
service_auth.go
+103
xrpc/errors/errors.go 
···

       

       
1

       
+

       
package errors


     

       

       
2

       
+

       



     

       

       
3

       
+

       
import (


     

       

       
4

       
+

       
	"encoding/json"


     

       

       
5

       
+

       
	"fmt"


     

       

       
6

       
+

       
)


     

       

       
7

       
+

       



     

       

       
8

       
+

       
type XrpcError struct {


     

       

       
9

       
+

       
	Tag     string `json:"error"`


     

       

       
10

       
+

       
	Message string `json:"message"`


     

       

       
11

       
+

       
}


     

       

       
12

       
+

       



     

       

       
13

       
+

       
func (x XrpcError) Error() string {


     

       

       
14

       
+

       
	if x.Message != "" {


     

       

       
15

       
+

       
		return fmt.Sprintf("%s: %s", x.Tag, x.Message)


     

       

       
16

       
+

       
	}


     

       

       
17

       
+

       
	return x.Tag


     

       

       
18

       
+

       
}


     

       

       
19

       
+

       



     

       

       
20

       
+

       
func NewXrpcError(opts ...ErrOpt) XrpcError {


     

       

       
21

       
+

       
	x := XrpcError{}


     

       

       
22

       
+

       
	for _, o := range opts {


     

       

       
23

       
+

       
		o(&x)


     

       

       
24

       
+

       
	}


     

       

       
25

       
+

       



     

       

       
26

       
+

       
	return x


     

       

       
27

       
+

       
}


     

       

       
28

       
+

       



     

       

       
29

       
+

       
type ErrOpt = func(xerr *XrpcError)


     

       

       
30

       
+

       



     

       

       
31

       
+

       
func WithTag(tag string) ErrOpt {


     

       

       
32

       
+

       
	return func(xerr *XrpcError) {


     

       

       
33

       
+

       
		xerr.Tag = tag


     

       

       
34

       
+

       
	}


     

       

       
35

       
+

       
}


     

       

       
36

       
+

       



     

       

       
37

       
+

       
func WithMessage[S ~string](s S) ErrOpt {


     

       

       
38

       
+

       
	return func(xerr *XrpcError) {


     

       

       
39

       
+

       
		xerr.Message = string(s)


     

       

       
40

       
+

       
	}


     

       

       
41

       
+

       
}


     

       

       
42

       
+

       



     

       

       
43

       
+

       
func WithError(e error) ErrOpt {


     

       

       
44

       
+

       
	return func(xerr *XrpcError) {


     

       

       
45

       
+

       
		xerr.Message = e.Error()


     

       

       
46

       
+

       
	}


     

       

       
47

       
+

       
}


     

       

       
48

       
+

       



     

       

       
49

       
+

       
var MissingActorDidError = NewXrpcError(


     

       

       
50

       
+

       
	WithTag("MissingActorDid"),


     

       

       
51

       
+

       
	WithMessage("actor DID not supplied"),


     

       

       
52

       
+

       
)


     

       

       
53

       
+

       



     

       

       
54

       
+

       
var AuthError = func(err error) XrpcError {


     

       

       
55

       
+

       
	return NewXrpcError(


     

       

       
56

       
+

       
		WithTag("Auth"),


     

       

       
57

       
+

       
		WithError(fmt.Errorf("signature verification failed: %w", err)),


     

       

       
58

       
+

       
	)


     

       

       
59

       
+

       
}


     

       

       
60

       
+

       



     

       

       
61

       
+

       
var InvalidRepoError = func(r string) XrpcError {


     

       

       
62

       
+

       
	return NewXrpcError(


     

       

       
63

       
+

       
		WithTag("InvalidRepo"),


     

       

       
64

       
+

       
		WithError(fmt.Errorf("supplied at-uri is not a repo: %s", r)),


     

       

       
65

       
+

       
	)


     

       

       
66

       
+

       
}


     

       

       
67

       
+

       



     

       

       
68

       
+

       
var GitError = func(e error) XrpcError {


     

       

       
69

       
+

       
	return NewXrpcError(


     

       

       
70

       
+

       
		WithTag("Git"),


     

       

       
71

       
+

       
		WithError(fmt.Errorf("git error: %w", e)),


     

       

       
72

       
+

       
	)


     

       

       
73

       
+

       
}


     

       

       
74

       
+

       



     

       

       
75

       
+

       
var AccessControlError = func(d string) XrpcError {


     

       

       
76

       
+

       
	return NewXrpcError(


     

       

       
77

       
+

       
		WithTag("AccessControl"),


     

       

       
78

       
+

       
		WithError(fmt.Errorf("DID does not have sufficent access permissions for this operation: %s", d)),


     

       

       
79

       
+

       
	)


     

       

       
80

       
+

       
}


     

       

       
81

       
+

       



     

       

       
82

       
+

       
var RepoExistsError = func(r string) XrpcError {


     

       

       
83

       
+

       
	return NewXrpcError(


     

       

       
84

       
+

       
		WithTag("RepoExists"),


     

       

       
85

       
+

       
		WithError(fmt.Errorf("repo already exists: %s", r)),


     

       

       
86

       
+

       
	)


     

       

       
87

       
+

       
}


     

       

       
88

       
+

       



     

       

       
89

       
+

       
func GenericError(err error) XrpcError {


     

       

       
90

       
+

       
	return NewXrpcError(


     

       

       
91

       
+

       
		WithTag("Generic"),


     

       

       
92

       
+

       
		WithError(err),


     

       

       
93

       
+

       
	)


     

       

       
94

       
+

       
}


     

       

       
95

       
+

       



     

       

       
96

       
+

       
func Unmarshal(errStr string) (XrpcError, error) {


     

       

       
97

       
+

       
	var xerr XrpcError


     

       

       
98

       
+

       
	err := json.Unmarshal([]byte(errStr), &xerr)


     

       

       
99

       
+

       
	if err != nil {


     

       

       
100

       
+

       
		return XrpcError{}, fmt.Errorf("failed to unmarshal XrpcError: %w", err)


     

       

       
101

       
+

       
	}


     

       

       
102

       
+

       
	return xerr, nil


     

       

       
103

       
+

       
}
+65
xrpc/serviceauth/service_auth.go 
···

       

       
1

       
+

       
package serviceauth


     

       

       
2

       
+

       



     

       

       
3

       
+

       
import (


     

       

       
4

       
+

       
	"context"


     

       

       
5

       
+

       
	"encoding/json"


     

       

       
6

       
+

       
	"log/slog"


     

       

       
7

       
+

       
	"net/http"


     

       

       
8

       
+

       
	"strings"


     

       

       
9

       
+

       



     

       

       
10

       
+

       
	"github.com/bluesky-social/indigo/atproto/auth"


     

       

       
11

       
+

       
	"tangled.sh/tangled.sh/core/idresolver"


     

       

       
12

       
+

       
	xrpcerr "tangled.sh/tangled.sh/core/xrpc/errors"


     

       

       
13

       
+

       
)


     

       

       
14

       
+

       



     

       

       
15

       
+

       
const ActorDid string = "ActorDid"


     

       

       
16

       
+

       



     

       

       
17

       
+

       
type ServiceAuth struct {


     

       

       
18

       
+

       
	logger      *slog.Logger


     

       

       
19

       
+

       
	resolver    *idresolver.Resolver


     

       

       
20

       
+

       
	audienceDid string


     

       

       
21

       
+

       
}


     

       

       
22

       
+

       



     

       

       
23

       
+

       
func NewServiceAuth(logger *slog.Logger, resolver *idresolver.Resolver, audienceDid string) *ServiceAuth {


     

       

       
24

       
+

       
	return &ServiceAuth{


     

       

       
25

       
+

       
		logger:      logger,


     

       

       
26

       
+

       
		resolver:    resolver,


     

       

       
27

       
+

       
		audienceDid: audienceDid,


     

       

       
28

       
+

       
	}


     

       

       
29

       
+

       
}


     

       

       
30

       
+

       



     

       

       
31

       
+

       
func (sa *ServiceAuth) VerifyServiceAuth(next http.Handler) http.Handler {


     

       

       
32

       
+

       
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {


     

       

       
33

       
+

       
		l := sa.logger.With("url", r.URL)


     

       

       
34

       
+

       



     

       

       
35

       
+

       
		token := r.Header.Get("Authorization")


     

       

       
36

       
+

       
		token = strings.TrimPrefix(token, "Bearer ")


     

       

       
37

       
+

       



     

       

       
38

       
+

       
		s := auth.ServiceAuthValidator{


     

       

       
39

       
+

       
			Audience: sa.audienceDid,


     

       

       
40

       
+

       
			Dir:      sa.resolver.Directory(),


     

       

       
41

       
+

       
		}


     

       

       
42

       
+

       



     

       

       
43

       
+

       
		did, err := s.Validate(r.Context(), token, nil)


     

       

       
44

       
+

       
		if err != nil {


     

       

       
45

       
+

       
			l.Error("signature verification failed", "err", err)


     

       

       
46

       
+

       
			writeError(w, xrpcerr.AuthError(err), http.StatusForbidden)


     

       

       
47

       
+

       
			return


     

       

       
48

       
+

       
		}


     

       

       
49

       
+

       



     

       

       
50

       
+

       
		r = r.WithContext(


     

       

       
51

       
+

       
			context.WithValue(r.Context(), ActorDid, did),


     

       

       
52

       
+

       
		)


     

       

       
53

       
+

       



     

       

       
54

       
+

       
		next.ServeHTTP(w, r)


     

       

       
55

       
+

       
	})


     

       

       
56

       
+

       
}


     

       

       
57

       
+

       



     

       

       
58

       
+

       
// this is slightly different from http_util::write_error to follow the spec:


     

       

       
59

       
+

       
//


     

       

       
60

       
+

       
// the json object returned must include an "error" and a "message"


     

       

       
61

       
+

       
func writeError(w http.ResponseWriter, e xrpcerr.XrpcError, status int) {


     

       

       
62

       
+

       
	w.Header().Set("Content-Type", "application/json")


     

       

       
63

       
+

       
	w.WriteHeader(status)


     

       

       
64

       
+

       
	json.NewEncoder(w).Encode(e)


     

       

       
65

       
+

       
}