private/apigen: Change order of operations in api generation
Move the IsAuthenticated check until after initial parameter parsing/validation. IsAuthenticated will be more expensive than parsing/validation, so we should fail before auth if possible. Change-Id: I96a020892eabcb750e8ec9ecc1d8b7d9bf8bf573
This commit is contained in:
parent
2d863759b0
commit
3d1007ae18
@ -60,13 +60,6 @@ func (h *TestAPIHandler) handleGenTestAPI(w http.ResponseWriter, r *http.Request
|
|||||||
|
|
||||||
w.Header().Set("Content-Type", "application/json")
|
w.Header().Set("Content-Type", "application/json")
|
||||||
|
|
||||||
ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
|
|
||||||
if err != nil {
|
|
||||||
h.auth.RemoveAuthCookie(w)
|
|
||||||
api.ServeError(h.log, w, http.StatusUnauthorized, err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
idParam := r.URL.Query().Get("id")
|
idParam := r.URL.Query().Get("id")
|
||||||
if idParam == "" {
|
if idParam == "" {
|
||||||
api.ServeError(h.log, w, http.StatusBadRequest, errs.New("parameter 'id' can't be empty"))
|
api.ServeError(h.log, w, http.StatusBadRequest, errs.New("parameter 'id' can't be empty"))
|
||||||
@ -103,6 +96,13 @@ func (h *TestAPIHandler) handleGenTestAPI(w http.ResponseWriter, r *http.Request
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
|
||||||
|
if err != nil {
|
||||||
|
h.auth.RemoveAuthCookie(w)
|
||||||
|
api.ServeError(h.log, w, http.StatusUnauthorized, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
retVal, httpErr := h.service.GenTestAPI(ctx, path, id, date, payload)
|
retVal, httpErr := h.service.GenTestAPI(ctx, path, id, date, payload)
|
||||||
if httpErr.Err != nil {
|
if httpErr.Err != nil {
|
||||||
api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
|
api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
|
||||||
|
@ -186,6 +186,14 @@ func (a *API) generateGo() ([]byte, error) {
|
|||||||
pf("w.Header().Set(\"Content-Type\", \"application/json\")")
|
pf("w.Header().Set(\"Content-Type\", \"application/json\")")
|
||||||
pf("")
|
pf("")
|
||||||
|
|
||||||
|
if err := handleParams(pf, i, endpoint.PathParams, endpoint.QueryParams); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if endpoint.Request != nil {
|
||||||
|
handleBody(pf, endpoint.Request)
|
||||||
|
}
|
||||||
|
|
||||||
if !endpoint.NoCookieAuth || !endpoint.NoAPIAuth {
|
if !endpoint.NoCookieAuth || !endpoint.NoAPIAuth {
|
||||||
pf("ctx, err = h.auth.IsAuthenticated(ctx, r, %v, %v)", !endpoint.NoCookieAuth, !endpoint.NoAPIAuth)
|
pf("ctx, err = h.auth.IsAuthenticated(ctx, r, %v, %v)", !endpoint.NoCookieAuth, !endpoint.NoAPIAuth)
|
||||||
pf("if err != nil {")
|
pf("if err != nil {")
|
||||||
@ -198,14 +206,6 @@ func (a *API) generateGo() ([]byte, error) {
|
|||||||
pf("")
|
pf("")
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := handleParams(pf, i, endpoint.PathParams, endpoint.QueryParams); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
if endpoint.Request != nil {
|
|
||||||
handleBody(pf, endpoint.Request)
|
|
||||||
}
|
|
||||||
|
|
||||||
var methodFormat string
|
var methodFormat string
|
||||||
if endpoint.Response != nil {
|
if endpoint.Response != nil {
|
||||||
methodFormat = "retVal, httpErr := h.service.%s(ctx, "
|
methodFormat = "retVal, httpErr := h.service.%s(ctx, "
|
||||||
|
@ -126,6 +126,12 @@ func (h *ProjectManagementHandler) handleGenCreateProject(w http.ResponseWriter,
|
|||||||
|
|
||||||
w.Header().Set("Content-Type", "application/json")
|
w.Header().Set("Content-Type", "application/json")
|
||||||
|
|
||||||
|
payload := console.ProjectInfo{}
|
||||||
|
if err = json.NewDecoder(r.Body).Decode(&payload); err != nil {
|
||||||
|
api.ServeError(h.log, w, http.StatusBadRequest, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
|
ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.auth.RemoveAuthCookie(w)
|
h.auth.RemoveAuthCookie(w)
|
||||||
@ -133,12 +139,6 @@ func (h *ProjectManagementHandler) handleGenCreateProject(w http.ResponseWriter,
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
payload := console.ProjectInfo{}
|
|
||||||
if err = json.NewDecoder(r.Body).Decode(&payload); err != nil {
|
|
||||||
api.ServeError(h.log, w, http.StatusBadRequest, err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
retVal, httpErr := h.service.GenCreateProject(ctx, payload)
|
retVal, httpErr := h.service.GenCreateProject(ctx, payload)
|
||||||
if httpErr.Err != nil {
|
if httpErr.Err != nil {
|
||||||
api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
|
api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
|
||||||
@ -158,13 +158,6 @@ func (h *ProjectManagementHandler) handleGenUpdateProject(w http.ResponseWriter,
|
|||||||
|
|
||||||
w.Header().Set("Content-Type", "application/json")
|
w.Header().Set("Content-Type", "application/json")
|
||||||
|
|
||||||
ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
|
|
||||||
if err != nil {
|
|
||||||
h.auth.RemoveAuthCookie(w)
|
|
||||||
api.ServeError(h.log, w, http.StatusUnauthorized, err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
idParam, ok := mux.Vars(r)["id"]
|
idParam, ok := mux.Vars(r)["id"]
|
||||||
if !ok {
|
if !ok {
|
||||||
api.ServeError(h.log, w, http.StatusBadRequest, errs.New("missing id route param"))
|
api.ServeError(h.log, w, http.StatusBadRequest, errs.New("missing id route param"))
|
||||||
@ -183,6 +176,13 @@ func (h *ProjectManagementHandler) handleGenUpdateProject(w http.ResponseWriter,
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
|
||||||
|
if err != nil {
|
||||||
|
h.auth.RemoveAuthCookie(w)
|
||||||
|
api.ServeError(h.log, w, http.StatusUnauthorized, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
retVal, httpErr := h.service.GenUpdateProject(ctx, id, payload)
|
retVal, httpErr := h.service.GenUpdateProject(ctx, id, payload)
|
||||||
if httpErr.Err != nil {
|
if httpErr.Err != nil {
|
||||||
api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
|
api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
|
||||||
@ -202,13 +202,6 @@ func (h *ProjectManagementHandler) handleGenDeleteProject(w http.ResponseWriter,
|
|||||||
|
|
||||||
w.Header().Set("Content-Type", "application/json")
|
w.Header().Set("Content-Type", "application/json")
|
||||||
|
|
||||||
ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
|
|
||||||
if err != nil {
|
|
||||||
h.auth.RemoveAuthCookie(w)
|
|
||||||
api.ServeError(h.log, w, http.StatusUnauthorized, err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
idParam, ok := mux.Vars(r)["id"]
|
idParam, ok := mux.Vars(r)["id"]
|
||||||
if !ok {
|
if !ok {
|
||||||
api.ServeError(h.log, w, http.StatusBadRequest, errs.New("missing id route param"))
|
api.ServeError(h.log, w, http.StatusBadRequest, errs.New("missing id route param"))
|
||||||
@ -221,6 +214,13 @@ func (h *ProjectManagementHandler) handleGenDeleteProject(w http.ResponseWriter,
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
|
||||||
|
if err != nil {
|
||||||
|
h.auth.RemoveAuthCookie(w)
|
||||||
|
api.ServeError(h.log, w, http.StatusUnauthorized, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
httpErr := h.service.GenDeleteProject(ctx, id)
|
httpErr := h.service.GenDeleteProject(ctx, id)
|
||||||
if httpErr.Err != nil {
|
if httpErr.Err != nil {
|
||||||
api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
|
api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
|
||||||
@ -260,13 +260,6 @@ func (h *ProjectManagementHandler) handleGenGetSingleBucketUsageRollup(w http.Re
|
|||||||
|
|
||||||
w.Header().Set("Content-Type", "application/json")
|
w.Header().Set("Content-Type", "application/json")
|
||||||
|
|
||||||
ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
|
|
||||||
if err != nil {
|
|
||||||
h.auth.RemoveAuthCookie(w)
|
|
||||||
api.ServeError(h.log, w, http.StatusUnauthorized, err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
projectIDParam := r.URL.Query().Get("projectID")
|
projectIDParam := r.URL.Query().Get("projectID")
|
||||||
if projectIDParam == "" {
|
if projectIDParam == "" {
|
||||||
api.ServeError(h.log, w, http.StatusBadRequest, errs.New("parameter 'projectID' can't be empty"))
|
api.ServeError(h.log, w, http.StatusBadRequest, errs.New("parameter 'projectID' can't be empty"))
|
||||||
@ -309,6 +302,13 @@ func (h *ProjectManagementHandler) handleGenGetSingleBucketUsageRollup(w http.Re
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
|
||||||
|
if err != nil {
|
||||||
|
h.auth.RemoveAuthCookie(w)
|
||||||
|
api.ServeError(h.log, w, http.StatusUnauthorized, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
retVal, httpErr := h.service.GenGetSingleBucketUsageRollup(ctx, projectID, bucket, since, before)
|
retVal, httpErr := h.service.GenGetSingleBucketUsageRollup(ctx, projectID, bucket, since, before)
|
||||||
if httpErr.Err != nil {
|
if httpErr.Err != nil {
|
||||||
api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
|
api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
|
||||||
@ -328,13 +328,6 @@ func (h *ProjectManagementHandler) handleGenGetBucketUsageRollups(w http.Respons
|
|||||||
|
|
||||||
w.Header().Set("Content-Type", "application/json")
|
w.Header().Set("Content-Type", "application/json")
|
||||||
|
|
||||||
ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
|
|
||||||
if err != nil {
|
|
||||||
h.auth.RemoveAuthCookie(w)
|
|
||||||
api.ServeError(h.log, w, http.StatusUnauthorized, err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
projectIDParam := r.URL.Query().Get("projectID")
|
projectIDParam := r.URL.Query().Get("projectID")
|
||||||
if projectIDParam == "" {
|
if projectIDParam == "" {
|
||||||
api.ServeError(h.log, w, http.StatusBadRequest, errs.New("parameter 'projectID' can't be empty"))
|
api.ServeError(h.log, w, http.StatusBadRequest, errs.New("parameter 'projectID' can't be empty"))
|
||||||
@ -371,6 +364,13 @@ func (h *ProjectManagementHandler) handleGenGetBucketUsageRollups(w http.Respons
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
|
||||||
|
if err != nil {
|
||||||
|
h.auth.RemoveAuthCookie(w)
|
||||||
|
api.ServeError(h.log, w, http.StatusUnauthorized, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
retVal, httpErr := h.service.GenGetBucketUsageRollups(ctx, projectID, since, before)
|
retVal, httpErr := h.service.GenGetBucketUsageRollups(ctx, projectID, since, before)
|
||||||
if httpErr.Err != nil {
|
if httpErr.Err != nil {
|
||||||
api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
|
api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
|
||||||
@ -390,13 +390,6 @@ func (h *ProjectManagementHandler) handleGenGetAPIKeys(w http.ResponseWriter, r
|
|||||||
|
|
||||||
w.Header().Set("Content-Type", "application/json")
|
w.Header().Set("Content-Type", "application/json")
|
||||||
|
|
||||||
ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
|
|
||||||
if err != nil {
|
|
||||||
h.auth.RemoveAuthCookie(w)
|
|
||||||
api.ServeError(h.log, w, http.StatusUnauthorized, err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
search := r.URL.Query().Get("search")
|
search := r.URL.Query().Get("search")
|
||||||
if search == "" {
|
if search == "" {
|
||||||
api.ServeError(h.log, w, http.StatusBadRequest, errs.New("parameter 'search' can't be empty"))
|
api.ServeError(h.log, w, http.StatusBadRequest, errs.New("parameter 'search' can't be empty"))
|
||||||
@ -467,6 +460,13 @@ func (h *ProjectManagementHandler) handleGenGetAPIKeys(w http.ResponseWriter, r
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
|
||||||
|
if err != nil {
|
||||||
|
h.auth.RemoveAuthCookie(w)
|
||||||
|
api.ServeError(h.log, w, http.StatusUnauthorized, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
retVal, httpErr := h.service.GenGetAPIKeys(ctx, projectID, search, limit, page, order, orderDirection)
|
retVal, httpErr := h.service.GenGetAPIKeys(ctx, projectID, search, limit, page, order, orderDirection)
|
||||||
if httpErr.Err != nil {
|
if httpErr.Err != nil {
|
||||||
api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
|
api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
|
||||||
@ -486,6 +486,12 @@ func (h *APIKeyManagementHandler) handleGenCreateAPIKey(w http.ResponseWriter, r
|
|||||||
|
|
||||||
w.Header().Set("Content-Type", "application/json")
|
w.Header().Set("Content-Type", "application/json")
|
||||||
|
|
||||||
|
payload := console.CreateAPIKeyRequest{}
|
||||||
|
if err = json.NewDecoder(r.Body).Decode(&payload); err != nil {
|
||||||
|
api.ServeError(h.log, w, http.StatusBadRequest, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
|
ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
h.auth.RemoveAuthCookie(w)
|
h.auth.RemoveAuthCookie(w)
|
||||||
@ -493,12 +499,6 @@ func (h *APIKeyManagementHandler) handleGenCreateAPIKey(w http.ResponseWriter, r
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
payload := console.CreateAPIKeyRequest{}
|
|
||||||
if err = json.NewDecoder(r.Body).Decode(&payload); err != nil {
|
|
||||||
api.ServeError(h.log, w, http.StatusBadRequest, err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
retVal, httpErr := h.service.GenCreateAPIKey(ctx, payload)
|
retVal, httpErr := h.service.GenCreateAPIKey(ctx, payload)
|
||||||
if httpErr.Err != nil {
|
if httpErr.Err != nil {
|
||||||
api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
|
api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
|
||||||
@ -518,13 +518,6 @@ func (h *APIKeyManagementHandler) handleGenDeleteAPIKey(w http.ResponseWriter, r
|
|||||||
|
|
||||||
w.Header().Set("Content-Type", "application/json")
|
w.Header().Set("Content-Type", "application/json")
|
||||||
|
|
||||||
ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
|
|
||||||
if err != nil {
|
|
||||||
h.auth.RemoveAuthCookie(w)
|
|
||||||
api.ServeError(h.log, w, http.StatusUnauthorized, err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
idParam, ok := mux.Vars(r)["id"]
|
idParam, ok := mux.Vars(r)["id"]
|
||||||
if !ok {
|
if !ok {
|
||||||
api.ServeError(h.log, w, http.StatusBadRequest, errs.New("missing id route param"))
|
api.ServeError(h.log, w, http.StatusBadRequest, errs.New("missing id route param"))
|
||||||
@ -537,6 +530,13 @@ func (h *APIKeyManagementHandler) handleGenDeleteAPIKey(w http.ResponseWriter, r
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ctx, err = h.auth.IsAuthenticated(ctx, r, true, true)
|
||||||
|
if err != nil {
|
||||||
|
h.auth.RemoveAuthCookie(w)
|
||||||
|
api.ServeError(h.log, w, http.StatusUnauthorized, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
httpErr := h.service.GenDeleteAPIKey(ctx, id)
|
httpErr := h.service.GenDeleteAPIKey(ctx, id)
|
||||||
if httpErr.Err != nil {
|
if httpErr.Err != nil {
|
||||||
api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
|
api.ServeError(h.log, w, httpErr.Status, httpErr.Err)
|
||||||
|
Loading…
Reference in New Issue
Block a user