Nikolay Tatarinov
8f769543f4
- Updated frontend-nuxt.mdc to specify usage of composables for API calls. - Added new AuthCard and ConfirmModal components for improved UI consistency. - Introduced UserAvatar component for user profile display, replacing previous Gravatar implementation. - Implemented useFormSubmit composable for handling form submissions with loading and error states. - Enhanced vitest.config.ts to include coverage reporting for composables and components. - Removed deprecated useAdminApi and useAuth composables to streamline API interactions. - Updated login and setup pages to utilize new components and composables for better user experience.
95 lines
3.3 KiB
Go
95 lines
3.3 KiB
Go
package handlers
|
|
|
|
import (
|
|
"errors"
|
|
"net/http"
|
|
|
|
"github.com/andyleap/hnh-map/internal/app"
|
|
"github.com/andyleap/hnh-map/internal/app/apperr"
|
|
"github.com/andyleap/hnh-map/internal/app/services"
|
|
)
|
|
|
|
// Handlers holds HTTP handlers and their dependencies.
|
|
type Handlers struct {
|
|
Auth *services.AuthService
|
|
Map *services.MapService
|
|
Admin *services.AdminService
|
|
Client *services.ClientService
|
|
Export *services.ExportService
|
|
}
|
|
|
|
// New creates Handlers with the given dependencies.
|
|
func New(
|
|
auth *services.AuthService,
|
|
mapSvc *services.MapService,
|
|
admin *services.AdminService,
|
|
client *services.ClientService,
|
|
export *services.ExportService,
|
|
) *Handlers {
|
|
return &Handlers{
|
|
Auth: auth,
|
|
Map: mapSvc,
|
|
Admin: admin,
|
|
Client: client,
|
|
Export: export,
|
|
}
|
|
}
|
|
|
|
// requireMethod writes 405 and returns false if req.Method != method; otherwise returns true.
|
|
func (h *Handlers) requireMethod(rw http.ResponseWriter, req *http.Request, method string) bool {
|
|
if req.Method != method {
|
|
JSONError(rw, http.StatusMethodNotAllowed, "method not allowed", "METHOD_NOT_ALLOWED")
|
|
return false
|
|
}
|
|
return true
|
|
}
|
|
|
|
// requireSession returns session or writes 401 and returns nil.
|
|
func (h *Handlers) requireSession(rw http.ResponseWriter, req *http.Request) *app.Session {
|
|
s := h.Auth.GetSession(req.Context(), req)
|
|
if s == nil {
|
|
JSONError(rw, http.StatusUnauthorized, "Unauthorized", "UNAUTHORIZED")
|
|
return nil
|
|
}
|
|
return s
|
|
}
|
|
|
|
// requireAdmin returns session if admin, or writes 401 and returns nil.
|
|
func (h *Handlers) requireAdmin(rw http.ResponseWriter, req *http.Request) *app.Session {
|
|
s := h.Auth.GetSession(req.Context(), req)
|
|
if s == nil || !s.Auths.Has(app.AUTH_ADMIN) {
|
|
JSONError(rw, http.StatusUnauthorized, "Unauthorized", "UNAUTHORIZED")
|
|
return nil
|
|
}
|
|
return s
|
|
}
|
|
|
|
// canAccessMap returns true if session has map or admin auth.
|
|
func (h *Handlers) canAccessMap(s *app.Session) bool {
|
|
return s != nil && (s.Auths.Has(app.AUTH_MAP) || s.Auths.Has(app.AUTH_ADMIN))
|
|
}
|
|
|
|
// HandleServiceError maps service-level errors to HTTP responses.
|
|
func HandleServiceError(rw http.ResponseWriter, err error) {
|
|
switch {
|
|
case errors.Is(err, apperr.ErrNotFound):
|
|
JSONError(rw, http.StatusNotFound, err.Error(), "NOT_FOUND")
|
|
case errors.Is(err, apperr.ErrUnauthorized):
|
|
JSONError(rw, http.StatusUnauthorized, err.Error(), "UNAUTHORIZED")
|
|
case errors.Is(err, apperr.ErrForbidden):
|
|
JSONError(rw, http.StatusForbidden, err.Error(), "FORBIDDEN")
|
|
case errors.Is(err, apperr.ErrBadRequest):
|
|
JSONError(rw, http.StatusBadRequest, err.Error(), "BAD_REQUEST")
|
|
case errors.Is(err, apperr.ErrOAuthOnly):
|
|
JSONError(rw, http.StatusUnauthorized, err.Error(), "OAUTH_ONLY")
|
|
case errors.Is(err, apperr.ErrProviderUnconfigured):
|
|
JSONError(rw, http.StatusServiceUnavailable, err.Error(), "PROVIDER_UNCONFIGURED")
|
|
case errors.Is(err, apperr.ErrStateExpired), errors.Is(err, apperr.ErrStateMismatch):
|
|
JSONError(rw, http.StatusBadRequest, err.Error(), "BAD_REQUEST")
|
|
case errors.Is(err, apperr.ErrExchangeFailed), errors.Is(err, apperr.ErrUserInfoFailed):
|
|
JSONError(rw, http.StatusBadGateway, err.Error(), "OAUTH_ERROR")
|
|
default:
|
|
JSONError(rw, http.StatusInternalServerError, "internal error", "INTERNAL_ERROR")
|
|
}
|
|
}
|