private/apigen: Change order of operations in api generation

Move the IsAuthenticated check until after initial parameter parsing/validation. IsAuthenticated will be more expensive than parsing/validation, so we should fail before auth if possible. Change-Id: I96a020892eabcb750e8ec9ecc1d8b7d9bf8bf573
2023-01-10 13:03:32 -05:00 · 2023-01-10 13:03:32 -05:00 · 3d1007ae18
commit 3d1007ae18
parent 2d863759b0
3 changed files with 69 additions and 69 deletions
--- a/private/apigen/example/api.gen.go
+++ b/private/apigen/example/api.gen.go
@ -60,13 +60,6 @@ func (h *TestAPIHandler) handleGenTestAPI(w http.ResponseWriter, r *http.Request

 	w.Header().Set("Content-Type", "application/json")

-	ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
-	if err != nil {
-		h.auth.RemoveAuthCookie(w)
-		api.ServeError(h.log, w, http.StatusUnauthorized, err)
-		return
-	}
-
 	idParam := r.URL.Query().Get("id")
 	if idParam == "" {
 		api.ServeError(h.log, w, http.StatusBadRequest, errs.New("parameter 'id' can't be empty"))
@ -103,6 +96,13 @@ func (h *TestAPIHandler) handleGenTestAPI(w http.ResponseWriter, r *http.Request
 		return
 	}

+	ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
+	if err != nil {
+		h.auth.RemoveAuthCookie(w)
+		api.ServeError(h.log, w, http.StatusUnauthorized, err)
+		return
+	}
+
 	retVal, httpErr := h.service.GenTestAPI(ctx, path, id, date, payload)
 	if httpErr.Err != nil {
 		api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
--- a/private/apigen/gogen.go
+++ b/private/apigen/gogen.go
@ -186,6 +186,14 @@ func (a *API) generateGo() ([]byte, error) {
 			pf("w.Header().Set(\"Content-Type\", \"application/json\")")
 			pf("")

+			if err := handleParams(pf, i, endpoint.PathParams, endpoint.QueryParams); err != nil {
+				return nil, err
+			}
+
+			if endpoint.Request != nil {
+				handleBody(pf, endpoint.Request)
+			}
+
 			if !endpoint.NoCookieAuth || !endpoint.NoAPIAuth {
 				pf("ctx, err = h.auth.IsAuthenticated(ctx, r, %v, %v)", !endpoint.NoCookieAuth, !endpoint.NoAPIAuth)
 				pf("if err != nil {")
@ -198,14 +206,6 @@ func (a *API) generateGo() ([]byte, error) {
 				pf("")
 			}

-			if err := handleParams(pf, i, endpoint.PathParams, endpoint.QueryParams); err != nil {
-				return nil, err
-			}
-
-			if endpoint.Request != nil {
-				handleBody(pf, endpoint.Request)
-			}
-
 			var methodFormat string
 			if endpoint.Response != nil {
 				methodFormat = "retVal, httpErr := h.service.%s(ctx, "
--- a/satellite/console/consoleweb/consoleapi/api.gen.go
+++ b/satellite/console/consoleweb/consoleapi/api.gen.go
@ -126,6 +126,12 @@ func (h *ProjectManagementHandler) handleGenCreateProject(w http.ResponseWriter,

 	w.Header().Set("Content-Type", "application/json")

+	payload := console.ProjectInfo{}
+	if err = json.NewDecoder(r.Body).Decode(&payload); err != nil {
+		api.ServeError(h.log, w, http.StatusBadRequest, err)
+		return
+	}
+
 	ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
 	if err != nil {
 		h.auth.RemoveAuthCookie(w)
@ -133,12 +139,6 @@ func (h *ProjectManagementHandler) handleGenCreateProject(w http.ResponseWriter,
 		return
 	}

-	payload := console.ProjectInfo{}
-	if err = json.NewDecoder(r.Body).Decode(&payload); err != nil {
-		api.ServeError(h.log, w, http.StatusBadRequest, err)
-		return
-	}
-
 	retVal, httpErr := h.service.GenCreateProject(ctx, payload)
 	if httpErr.Err != nil {
 		api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
@ -158,13 +158,6 @@ func (h *ProjectManagementHandler) handleGenUpdateProject(w http.ResponseWriter,

 	w.Header().Set("Content-Type", "application/json")

-	ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
-	if err != nil {
-		h.auth.RemoveAuthCookie(w)
-		api.ServeError(h.log, w, http.StatusUnauthorized, err)
-		return
-	}
-
 	idParam, ok := mux.Vars(r)["id"]
 	if !ok {
 		api.ServeError(h.log, w, http.StatusBadRequest, errs.New("missing id route param"))
@ -183,6 +176,13 @@ func (h *ProjectManagementHandler) handleGenUpdateProject(w http.ResponseWriter,
 		return
 	}

+	ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
+	if err != nil {
+		h.auth.RemoveAuthCookie(w)
+		api.ServeError(h.log, w, http.StatusUnauthorized, err)
+		return
+	}
+
 	retVal, httpErr := h.service.GenUpdateProject(ctx, id, payload)
 	if httpErr.Err != nil {
 		api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
@ -202,13 +202,6 @@ func (h *ProjectManagementHandler) handleGenDeleteProject(w http.ResponseWriter,

 	w.Header().Set("Content-Type", "application/json")

-	ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
-	if err != nil {
-		h.auth.RemoveAuthCookie(w)
-		api.ServeError(h.log, w, http.StatusUnauthorized, err)
-		return
-	}
-
 	idParam, ok := mux.Vars(r)["id"]
 	if !ok {
 		api.ServeError(h.log, w, http.StatusBadRequest, errs.New("missing id route param"))
@ -221,6 +214,13 @@ func (h *ProjectManagementHandler) handleGenDeleteProject(w http.ResponseWriter,
 		return
 	}

+	ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
+	if err != nil {
+		h.auth.RemoveAuthCookie(w)
+		api.ServeError(h.log, w, http.StatusUnauthorized, err)
+		return
+	}
+
 	httpErr := h.service.GenDeleteProject(ctx, id)
 	if httpErr.Err != nil {
 		api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
@ -260,13 +260,6 @@ func (h *ProjectManagementHandler) handleGenGetSingleBucketUsageRollup(w http.Re

 	w.Header().Set("Content-Type", "application/json")

-	ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
-	if err != nil {
-		h.auth.RemoveAuthCookie(w)
-		api.ServeError(h.log, w, http.StatusUnauthorized, err)
-		return
-	}
-
 	projectIDParam := r.URL.Query().Get("projectID")
 	if projectIDParam == "" {
 		api.ServeError(h.log, w, http.StatusBadRequest, errs.New("parameter 'projectID' can't be empty"))
@ -309,6 +302,13 @@ func (h *ProjectManagementHandler) handleGenGetSingleBucketUsageRollup(w http.Re
 		return
 	}

+	ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
+	if err != nil {
+		h.auth.RemoveAuthCookie(w)
+		api.ServeError(h.log, w, http.StatusUnauthorized, err)
+		return
+	}
+
 	retVal, httpErr := h.service.GenGetSingleBucketUsageRollup(ctx, projectID, bucket, since, before)
 	if httpErr.Err != nil {
 		api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
@ -328,13 +328,6 @@ func (h *ProjectManagementHandler) handleGenGetBucketUsageRollups(w http.Respons

 	w.Header().Set("Content-Type", "application/json")

-	ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
-	if err != nil {
-		h.auth.RemoveAuthCookie(w)
-		api.ServeError(h.log, w, http.StatusUnauthorized, err)
-		return
-	}
-
 	projectIDParam := r.URL.Query().Get("projectID")
 	if projectIDParam == "" {
 		api.ServeError(h.log, w, http.StatusBadRequest, errs.New("parameter 'projectID' can't be empty"))
@ -371,6 +364,13 @@ func (h *ProjectManagementHandler) handleGenGetBucketUsageRollups(w http.Respons
 		return
 	}

+	ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
+	if err != nil {
+		h.auth.RemoveAuthCookie(w)
+		api.ServeError(h.log, w, http.StatusUnauthorized, err)
+		return
+	}
+
 	retVal, httpErr := h.service.GenGetBucketUsageRollups(ctx, projectID, since, before)
 	if httpErr.Err != nil {
 		api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
@ -390,13 +390,6 @@ func (h *ProjectManagementHandler) handleGenGetAPIKeys(w http.ResponseWriter, r

 	w.Header().Set("Content-Type", "application/json")

-	ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
-	if err != nil {
-		h.auth.RemoveAuthCookie(w)
-		api.ServeError(h.log, w, http.StatusUnauthorized, err)
-		return
-	}
-
 	search := r.URL.Query().Get("search")
 	if search == "" {
 		api.ServeError(h.log, w, http.StatusBadRequest, errs.New("parameter 'search' can't be empty"))
@ -467,6 +460,13 @@ func (h *ProjectManagementHandler) handleGenGetAPIKeys(w http.ResponseWriter, r
 		return
 	}

+	ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
+	if err != nil {
+		h.auth.RemoveAuthCookie(w)
+		api.ServeError(h.log, w, http.StatusUnauthorized, err)
+		return
+	}
+
 	retVal, httpErr := h.service.GenGetAPIKeys(ctx, projectID, search, limit, page, order, orderDirection)
 	if httpErr.Err != nil {
 		api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
@ -486,6 +486,12 @@ func (h *APIKeyManagementHandler) handleGenCreateAPIKey(w http.ResponseWriter, r

 	w.Header().Set("Content-Type", "application/json")

+	payload := console.CreateAPIKeyRequest{}
+	if err = json.NewDecoder(r.Body).Decode(&payload); err != nil {
+		api.ServeError(h.log, w, http.StatusBadRequest, err)
+		return
+	}
+
 	ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
 	if err != nil {
 		h.auth.RemoveAuthCookie(w)
@ -493,12 +499,6 @@ func (h *APIKeyManagementHandler) handleGenCreateAPIKey(w http.ResponseWriter, r
 		return
 	}

-	payload := console.CreateAPIKeyRequest{}
-	if err = json.NewDecoder(r.Body).Decode(&payload); err != nil {
-		api.ServeError(h.log, w, http.StatusBadRequest, err)
-		return
-	}
-
 	retVal, httpErr := h.service.GenCreateAPIKey(ctx, payload)
 	if httpErr.Err != nil {
 		api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
@ -518,13 +518,6 @@ func (h *APIKeyManagementHandler) handleGenDeleteAPIKey(w http.ResponseWriter, r

 	w.Header().Set("Content-Type", "application/json")

-	ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
-	if err != nil {
-		h.auth.RemoveAuthCookie(w)
-		api.ServeError(h.log, w, http.StatusUnauthorized, err)
-		return
-	}
-
 	idParam, ok := mux.Vars(r)["id"]
 	if !ok {
 		api.ServeError(h.log, w, http.StatusBadRequest, errs.New("missing id route param"))
@ -537,6 +530,13 @@ func (h *APIKeyManagementHandler) handleGenDeleteAPIKey(w http.ResponseWriter, r
 		return
 	}

+	ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
+	if err != nil {
+		h.auth.RemoveAuthCookie(w)
+		api.ServeError(h.log, w, http.StatusUnauthorized, err)
+		return
+	}
+
 	httpErr := h.service.GenDeleteAPIKey(ctx, id)
 	if httpErr.Err != nil {
 		api.ServeError(h.log, w, httpErr.Status, httpErr.Err)