mirror of
https://github.com/portainer/portainer.git
synced 2025-07-25 08:19:40 +02:00
chore(handlers): replace structs by functions for HTTP errors EE-4227 (#7664)
This commit is contained in:
andres-portainer
GitHub
parent
7accdf704c
commit
9ef5636718
157 changed files with 1123 additions and 1147 deletions
|
|
@ -42,12 +42,12 @@ func NewHandler(bouncer *security.RequestBouncer) *Handler {
|
|||
func (handler *Handler) checkResourceAccess(r *http.Request, resourceID string, resourceControlType portainer.ResourceControlType) *httperror.HandlerError {
|
||||
securityContext, err := security.RetrieveRestrictedRequestContext(r)
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to retrieve user info from request context", Err: err}
|
||||
return httperror.InternalServerError("Unable to retrieve user info from request context", err)
|
||||
}
|
||||
// non-admins
|
||||
rc, err := handler.DataStore.ResourceControl().ResourceControlByResourceIDAndType(resourceID, resourceControlType)
|
||||
if rc == nil || err != nil {
|
||||
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to retrieve a resource control associated to the resource", Err: err}
|
||||
return httperror.InternalServerError("Unable to retrieve a resource control associated to the resource", err)
|
||||
}
|
||||
userTeamIDs := make([]portainer.TeamID, 0)
|
||||
for _, membership := range securityContext.UserMemberships {
|
||||
|
|
@ -63,18 +63,18 @@ func (handler *Handler) checkResourceAccess(r *http.Request, resourceID string,
|
|||
func (handler *Handler) checkAuthorization(r *http.Request, endpoint *portainer.Endpoint, authorizations []portainer.Authorization) (bool, *httperror.HandlerError) {
|
||||
err := handler.requestBouncer.AuthorizedEndpointOperation(r, endpoint)
|
||||
if err != nil {
|
||||
return false, &httperror.HandlerError{StatusCode: http.StatusForbidden, Message: "Permission denied to access environment", Err: err}
|
||||
return false, httperror.Forbidden("Permission denied to access environment", err)
|
||||
}
|
||||
|
||||
securityContext, err := security.RetrieveRestrictedRequestContext(r)
|
||||
if err != nil {
|
||||
return false, &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to retrieve user info from request context", Err: err}
|
||||
return false, httperror.InternalServerError("Unable to retrieve user info from request context", err)
|
||||
}
|
||||
|
||||
authService := authorization.NewService(handler.DataStore)
|
||||
isAdminOrAuthorized, err := authService.UserIsAdminOrAuthorized(securityContext.UserID, endpoint.ID, authorizations)
|
||||
if err != nil {
|
||||
return false, &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to get user authorizations", Err: err}
|
||||
return false, httperror.InternalServerError("Unable to get user authorizations", err)
|
||||
}
|
||||
return isAdminOrAuthorized, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,9 +2,10 @@ package webhooks
|
|||
|
||||
import (
|
||||
"errors"
|
||||
"net/http"
|
||||
|
||||
"github.com/portainer/portainer/api/http/security"
|
||||
"github.com/portainer/portainer/api/internal/registryutils/access"
|
||||
"net/http"
|
||||
|
||||
"github.com/asaskevich/govalidator"
|
||||
"github.com/gofrs/uuid"
|
||||
|
|
@ -51,43 +52,43 @@ func (handler *Handler) webhookCreate(w http.ResponseWriter, r *http.Request) *h
|
|||
var payload webhookCreatePayload
|
||||
err := request.DecodeAndValidateJSONPayload(r, &payload)
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
|
||||
return httperror.BadRequest("Invalid request payload", err)
|
||||
}
|
||||
|
||||
webhook, err := handler.DataStore.Webhook().WebhookByResourceID(payload.ResourceID)
|
||||
if err != nil && !handler.DataStore.IsErrObjectNotFound(err) {
|
||||
return &httperror.HandlerError{http.StatusInternalServerError, "An error occurred retrieving webhooks from the database", err}
|
||||
return httperror.InternalServerError("An error occurred retrieving webhooks from the database", err)
|
||||
}
|
||||
if webhook != nil {
|
||||
return &httperror.HandlerError{http.StatusConflict, "A webhook for this resource already exists", errors.New("A webhook for this resource already exists")}
|
||||
return &httperror.HandlerError{StatusCode: http.StatusConflict, Message: "A webhook for this resource already exists", Err: errors.New("A webhook for this resource already exists")}
|
||||
}
|
||||
|
||||
endpointID := portainer.EndpointID(payload.EndpointID)
|
||||
|
||||
securityContext, err := security.RetrieveRestrictedRequestContext(r)
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to retrieve user info from request context", Err: err}
|
||||
return httperror.InternalServerError("Unable to retrieve user info from request context", err)
|
||||
}
|
||||
|
||||
if !securityContext.IsAdmin {
|
||||
return &httperror.HandlerError{StatusCode: http.StatusForbidden, Message: "Not authorized to create a webhook", Err: errors.New("not authorized to create a webhook")}
|
||||
return httperror.Forbidden("Not authorized to create a webhook", errors.New("not authorized to create a webhook"))
|
||||
}
|
||||
|
||||
if payload.RegistryID != 0 {
|
||||
tokenData, err := security.RetrieveTokenData(r)
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve user authentication token", err}
|
||||
return httperror.InternalServerError("Unable to retrieve user authentication token", err)
|
||||
}
|
||||
|
||||
_, err = access.GetAccessibleRegistry(handler.DataStore, tokenData.ID, endpointID, payload.RegistryID)
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusForbidden, "Permission deny to access registry", err}
|
||||
return httperror.Forbidden("Permission deny to access registry", err)
|
||||
}
|
||||
}
|
||||
|
||||
token, err := uuid.NewV4()
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusInternalServerError, "Error creating unique token", err}
|
||||
return httperror.InternalServerError("Error creating unique token", err)
|
||||
}
|
||||
|
||||
webhook = &portainer.Webhook{
|
||||
|
|
@ -100,7 +101,7 @@ func (handler *Handler) webhookCreate(w http.ResponseWriter, r *http.Request) *h
|
|||
|
||||
err = handler.DataStore.Webhook().Create(webhook)
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist the webhook inside the database", err}
|
||||
return httperror.InternalServerError("Unable to persist the webhook inside the database", err)
|
||||
}
|
||||
|
||||
return response.JSON(w, webhook)
|
||||
|
|
|
|||
|
|
@ -24,21 +24,21 @@ import (
|
|||
func (handler *Handler) webhookDelete(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
|
||||
id, err := request.RetrieveNumericRouteVariableValue(r, "id")
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusBadRequest, "Invalid webhook id", err}
|
||||
return httperror.BadRequest("Invalid webhook id", err)
|
||||
}
|
||||
|
||||
securityContext, err := security.RetrieveRestrictedRequestContext(r)
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to retrieve user info from request context", Err: err}
|
||||
return httperror.InternalServerError("Unable to retrieve user info from request context", err)
|
||||
}
|
||||
|
||||
if !securityContext.IsAdmin {
|
||||
return &httperror.HandlerError{StatusCode: http.StatusForbidden, Message: "Not authorized to delete a webhook", Err: errors.New("not authorized to delete a webhook")}
|
||||
return httperror.Forbidden("Not authorized to delete a webhook", errors.New("not authorized to delete a webhook"))
|
||||
}
|
||||
|
||||
err = handler.DataStore.Webhook().DeleteWebhook(portainer.WebhookID(id))
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to remove the webhook from the database", err}
|
||||
return httperror.InternalServerError("Unable to remove the webhook from the database", err)
|
||||
}
|
||||
|
||||
return response.Empty(w)
|
||||
|
|
|
|||
|
|
@ -29,15 +29,15 @@ func (handler *Handler) webhookExecute(w http.ResponseWriter, r *http.Request) *
|
|||
webhookToken, err := request.RetrieveRouteVariableValue(r, "token")
|
||||
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusInternalServerError, "Invalid service id parameter", err}
|
||||
return httperror.InternalServerError("Invalid service id parameter", err)
|
||||
}
|
||||
|
||||
webhook, err := handler.DataStore.Webhook().WebhookByToken(webhookToken)
|
||||
|
||||
if handler.DataStore.IsErrObjectNotFound(err) {
|
||||
return &httperror.HandlerError{http.StatusNotFound, "Unable to find a webhook with this token", err}
|
||||
return httperror.NotFound("Unable to find a webhook with this token", err)
|
||||
} else if err != nil {
|
||||
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve webhook from the database", err}
|
||||
return httperror.InternalServerError("Unable to retrieve webhook from the database", err)
|
||||
}
|
||||
|
||||
resourceID := webhook.ResourceID
|
||||
|
|
@ -47,9 +47,9 @@ func (handler *Handler) webhookExecute(w http.ResponseWriter, r *http.Request) *
|
|||
|
||||
endpoint, err := handler.DataStore.Endpoint().Endpoint(portainer.EndpointID(endpointID))
|
||||
if handler.DataStore.IsErrObjectNotFound(err) {
|
||||
return &httperror.HandlerError{http.StatusNotFound, "Unable to find an environment with the specified identifier inside the database", err}
|
||||
return httperror.NotFound("Unable to find an environment with the specified identifier inside the database", err)
|
||||
} else if err != nil {
|
||||
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find an environment with the specified identifier inside the database", err}
|
||||
return httperror.InternalServerError("Unable to find an environment with the specified identifier inside the database", err)
|
||||
}
|
||||
|
||||
imageTag, _ := request.RetrieveQueryParameter(r, "tag", true)
|
||||
|
|
@ -58,7 +58,7 @@ func (handler *Handler) webhookExecute(w http.ResponseWriter, r *http.Request) *
|
|||
case portainer.ServiceWebhook:
|
||||
return handler.executeServiceWebhook(w, endpoint, resourceID, registryID, imageTag)
|
||||
default:
|
||||
return &httperror.HandlerError{http.StatusInternalServerError, "Unsupported webhook type", errors.New("Webhooks for this resource are not currently supported")}
|
||||
return httperror.InternalServerError("Unsupported webhook type", errors.New("Webhooks for this resource are not currently supported"))
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -71,13 +71,13 @@ func (handler *Handler) executeServiceWebhook(
|
|||
) *httperror.HandlerError {
|
||||
dockerClient, err := handler.DockerClientFactory.CreateClient(endpoint, "", nil)
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusInternalServerError, "Error creating docker client", err}
|
||||
return httperror.InternalServerError("Error creating docker client", err)
|
||||
}
|
||||
defer dockerClient.Close()
|
||||
|
||||
service, _, err := dockerClient.ServiceInspectWithRaw(context.Background(), resourceID, dockertypes.ServiceInspectOptions{InsertDefaults: true})
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusInternalServerError, "Error looking up service", err}
|
||||
return httperror.InternalServerError("Error looking up service", err)
|
||||
}
|
||||
|
||||
service.Spec.TaskTemplate.ForceUpdate++
|
||||
|
|
@ -101,21 +101,21 @@ func (handler *Handler) executeServiceWebhook(
|
|||
if registryID != 0 {
|
||||
registry, err := handler.DataStore.Registry().Registry(registryID)
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusInternalServerError, "Error getting registry", err}
|
||||
return httperror.InternalServerError("Error getting registry", err)
|
||||
}
|
||||
|
||||
if registry.Authentication {
|
||||
registryutils.EnsureRegTokenValid(handler.DataStore, registry)
|
||||
serviceUpdateOptions.EncodedRegistryAuth, err = registryutils.GetRegistryAuthHeader(registry)
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusInternalServerError, "Error getting registry auth header", err}
|
||||
return httperror.InternalServerError("Error getting registry auth header", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
if imageTag != "" {
|
||||
rc, err := dockerClient.ImagePull(context.Background(), service.Spec.TaskTemplate.ContainerSpec.Image, dockertypes.ImagePullOptions{RegistryAuth: serviceUpdateOptions.EncodedRegistryAuth})
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{StatusCode: http.StatusNotFound, Message: "Error pulling image with the specified tag", Err: err}
|
||||
return httperror.NotFound("Error pulling image with the specified tag", err)
|
||||
}
|
||||
defer func(rc io.ReadCloser) {
|
||||
_ = rc.Close()
|
||||
|
|
@ -124,7 +124,7 @@ func (handler *Handler) executeServiceWebhook(
|
|||
_, err = dockerClient.ServiceUpdate(context.Background(), resourceID, service.Version, service.Spec, serviceUpdateOptions)
|
||||
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusInternalServerError, "Error updating service", err}
|
||||
return httperror.InternalServerError("Error updating service", err)
|
||||
}
|
||||
return response.Empty(w)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -31,12 +31,12 @@ func (handler *Handler) webhookList(w http.ResponseWriter, r *http.Request) *htt
|
|||
var filters webhookListOperationFilters
|
||||
err := request.RetrieveJSONQueryParameter(r, "filters", &filters, true)
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusBadRequest, "Invalid query parameter: filters", err}
|
||||
return httperror.BadRequest("Invalid query parameter: filters", err)
|
||||
}
|
||||
|
||||
securityContext, err := security.RetrieveRestrictedRequestContext(r)
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to retrieve user info from request context", Err: err}
|
||||
return httperror.InternalServerError("Unable to retrieve user info from request context", err)
|
||||
}
|
||||
if !securityContext.IsAdmin {
|
||||
return response.JSON(w, []portainer.Webhook{})
|
||||
|
|
@ -45,7 +45,7 @@ func (handler *Handler) webhookList(w http.ResponseWriter, r *http.Request) *htt
|
|||
webhooks, err := handler.DataStore.Webhook().Webhooks()
|
||||
webhooks = filterWebhooks(webhooks, &filters)
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve webhooks from the database", err}
|
||||
return httperror.InternalServerError("Unable to retrieve webhooks from the database", err)
|
||||
}
|
||||
|
||||
return response.JSON(w, webhooks)
|
||||
|
|
|
|||
|
|
@ -37,41 +37,41 @@ func (payload *webhookUpdatePayload) Validate(r *http.Request) error {
|
|||
func (handler *Handler) webhookUpdate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
|
||||
id, err := request.RetrieveNumericRouteVariableValue(r, "id")
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusBadRequest, "Invalid webhook id", err}
|
||||
return httperror.BadRequest("Invalid webhook id", err)
|
||||
}
|
||||
webhookID := portainer.WebhookID(id)
|
||||
|
||||
var payload webhookUpdatePayload
|
||||
err = request.DecodeAndValidateJSONPayload(r, &payload)
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
|
||||
return httperror.BadRequest("Invalid request payload", err)
|
||||
}
|
||||
|
||||
webhook, err := handler.DataStore.Webhook().Webhook(webhookID)
|
||||
if handler.DataStore.IsErrObjectNotFound(err) {
|
||||
return &httperror.HandlerError{http.StatusNotFound, "Unable to find a webhooks with the specified identifier inside the database", err}
|
||||
return httperror.NotFound("Unable to find a webhooks with the specified identifier inside the database", err)
|
||||
} else if err != nil {
|
||||
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a webhooks with the specified identifier inside the database", err}
|
||||
return httperror.InternalServerError("Unable to find a webhooks with the specified identifier inside the database", err)
|
||||
}
|
||||
|
||||
securityContext, err := security.RetrieveRestrictedRequestContext(r)
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to retrieve user info from request context", Err: err}
|
||||
return httperror.InternalServerError("Unable to retrieve user info from request context", err)
|
||||
}
|
||||
|
||||
if !securityContext.IsAdmin {
|
||||
return &httperror.HandlerError{StatusCode: http.StatusForbidden, Message: "Not authorized to update a webhook", Err: errors.New("not authorized to update a webhook")}
|
||||
return httperror.Forbidden("Not authorized to update a webhook", errors.New("not authorized to update a webhook"))
|
||||
}
|
||||
|
||||
if payload.RegistryID != 0 {
|
||||
tokenData, err := security.RetrieveTokenData(r)
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve user authentication token", err}
|
||||
return httperror.InternalServerError("Unable to retrieve user authentication token", err)
|
||||
}
|
||||
|
||||
_, err = access.GetAccessibleRegistry(handler.DataStore, tokenData.ID, webhook.EndpointID, payload.RegistryID)
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusForbidden, "Permission deny to access registry", err}
|
||||
return httperror.Forbidden("Permission deny to access registry", err)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -79,7 +79,7 @@ func (handler *Handler) webhookUpdate(w http.ResponseWriter, r *http.Request) *h
|
|||
|
||||
err = handler.DataStore.Webhook().UpdateWebhook(portainer.WebhookID(id), webhook)
|
||||
if err != nil {
|
||||
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist the webhook inside the database", err}
|
||||
return httperror.InternalServerError("Unable to persist the webhook inside the database", err)
|
||||
}
|
||||
|
||||
return response.JSON(w, webhook)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue