- commit
- 3f43a91
- parent
- fc3aae5
- author
- Eric Bower
- date
- 2024-03-17 16:23:37 +0000 UTC
fix(ui): always fetch user from ctx When a user registers for an account, we set the user ctx, but all the api endpoint are using an closured version of the user.
2 files changed,
+43,
-32
+8,
-2
1@@ -101,8 +101,14 @@ func createHttpHandler(apiConfig *shared.ApiConfig) CtxHttpBridge {
2 // special API endpoint for tunnel users accessing site
3 shared.NewCorsRoute("GET", "/api/current_user", func(w http.ResponseWriter, r *http.Request) {
4 w.Header().Set("Content-Type", "application/json")
5- pico := shared.NewUserApi(requester, pubkey)
6- err := json.NewEncoder(w).Encode(pico)
7+ user, err := shared.GetUserCtx(ctx)
8+ if err != nil {
9+ logger.Error("could not find user", "err", err.Error())
10+ shared.JSONError(w, err.Error(), http.StatusNotFound)
11+ return
12+ }
13+ pico := shared.NewUserApi(user, pubkey)
14+ err = json.NewEncoder(w).Encode(pico)
15 if err != nil {
16 log.Error(err.Error())
17 }
+35,
-30
1@@ -54,10 +54,11 @@ type featuresPayload struct {
2 Features []*db.FeatureFlag `json:"features"`
3 }
4
5-func getFeatures(apiConfig *shared.ApiConfig, ctx ssh.Context, user *db.User) http.HandlerFunc {
6+func getFeatures(apiConfig *shared.ApiConfig, ctx ssh.Context) http.HandlerFunc {
7 logger := apiConfig.Cfg.Logger
8 return func(w http.ResponseWriter, r *http.Request) {
9 w.Header().Set("Content-Type", "application/json")
10+ user, _ := shared.GetUserCtx(ctx)
11 if !ensureUser(w, user) {
12 return
13 }
14@@ -83,10 +84,11 @@ type tokenSecretPayload struct {
15 Secret string `json:"secret"`
16 }
17
18-func findOrCreateRssToken(apiConfig *shared.ApiConfig, ctx ssh.Context, user *db.User) http.HandlerFunc {
19+func findOrCreateRssToken(apiConfig *shared.ApiConfig, ctx ssh.Context) http.HandlerFunc {
20 logger := apiConfig.Cfg.Logger
21 return func(w http.ResponseWriter, r *http.Request) {
22 w.Header().Set("Content-Type", "application/json")
23+ user, _ := shared.GetUserCtx(ctx)
24 if !ensureUser(w, user) {
25 return
26 }
27@@ -113,10 +115,11 @@ type pubkeysPayload struct {
28 Pubkeys []*db.PublicKey `json:"pubkeys"`
29 }
30
31-func getPublicKeys(httpCtx *shared.ApiConfig, ctx ssh.Context, user *db.User) http.HandlerFunc {
32+func getPublicKeys(httpCtx *shared.ApiConfig, ctx ssh.Context) http.HandlerFunc {
33 logger := httpCtx.Cfg.Logger
34 return func(w http.ResponseWriter, r *http.Request) {
35 w.Header().Set("Content-Type", "application/json")
36+ user, _ := shared.GetUserCtx(ctx)
37 if !ensureUser(w, user) {
38 return
39 }
40@@ -149,10 +152,11 @@ type createPubkeyPayload struct {
41 Name string `json:"name"`
42 }
43
44-func createPubkey(httpCtx *shared.ApiConfig, ctx ssh.Context, user *db.User) http.HandlerFunc {
45+func createPubkey(httpCtx *shared.ApiConfig, ctx ssh.Context) http.HandlerFunc {
46 logger := httpCtx.Cfg.Logger
47 return func(w http.ResponseWriter, r *http.Request) {
48 w.Header().Set("Content-Type", "application/json")
49+ user, _ := shared.GetUserCtx(ctx)
50 if !ensureUser(w, user) {
51 return
52 }
53@@ -174,10 +178,11 @@ func createPubkey(httpCtx *shared.ApiConfig, ctx ssh.Context, user *db.User) htt
54 }
55 }
56
57-func deletePubkey(httpCtx *shared.ApiConfig, ctx ssh.Context, user *db.User) http.HandlerFunc {
58+func deletePubkey(httpCtx *shared.ApiConfig, ctx ssh.Context) http.HandlerFunc {
59 logger := httpCtx.Cfg.Logger
60 return func(w http.ResponseWriter, r *http.Request) {
61 w.Header().Set("Content-Type", "application/json")
62+ user, _ := shared.GetUserCtx(ctx)
63 if !ensureUser(w, user) {
64 return
65 }
66@@ -198,10 +203,11 @@ type tokensPayload struct {
67 Tokens []*db.Token `json:"tokens"`
68 }
69
70-func getTokens(httpCtx *shared.ApiConfig, ctx ssh.Context, user *db.User) http.HandlerFunc {
71+func getTokens(httpCtx *shared.ApiConfig, ctx ssh.Context) http.HandlerFunc {
72 logger := httpCtx.Cfg.Logger
73 return func(w http.ResponseWriter, r *http.Request) {
74 w.Header().Set("Content-Type", "application/json")
75+ user, _ := shared.GetUserCtx(ctx)
76 if !ensureUser(w, user) {
77 return
78 }
79@@ -233,10 +239,11 @@ type createTokenResponsePayload struct {
80 Token *db.Token `json:"token"`
81 }
82
83-func createToken(httpCtx *shared.ApiConfig, ctx ssh.Context, user *db.User) http.HandlerFunc {
84+func createToken(httpCtx *shared.ApiConfig, ctx ssh.Context) http.HandlerFunc {
85 logger := httpCtx.Cfg.Logger
86 return func(w http.ResponseWriter, r *http.Request) {
87 w.Header().Set("Content-Type", "application/json")
88+ user, _ := shared.GetUserCtx(ctx)
89 if !ensureUser(w, user) {
90 return
91 }
92@@ -272,10 +279,11 @@ func createToken(httpCtx *shared.ApiConfig, ctx ssh.Context, user *db.User) http
93 }
94 }
95
96-func deleteToken(httpCtx *shared.ApiConfig, ctx ssh.Context, user *db.User) http.HandlerFunc {
97+func deleteToken(httpCtx *shared.ApiConfig, ctx ssh.Context) http.HandlerFunc {
98 logger := httpCtx.Cfg.Logger
99 return func(w http.ResponseWriter, r *http.Request) {
100 w.Header().Set("Content-Type", "application/json")
101+ user, _ := shared.GetUserCtx(ctx)
102 if !ensureUser(w, user) {
103 return
104 }
105@@ -296,10 +304,11 @@ type projectsPayload struct {
106 Projects []*db.Project `json:"projects"`
107 }
108
109-func getProjects(httpCtx *shared.ApiConfig, ctx ssh.Context, user *db.User) http.HandlerFunc {
110+func getProjects(httpCtx *shared.ApiConfig, ctx ssh.Context) http.HandlerFunc {
111 logger := httpCtx.Cfg.Logger
112 return func(w http.ResponseWriter, r *http.Request) {
113 w.Header().Set("Content-Type", "application/json")
114+ user, _ := shared.GetUserCtx(ctx)
115 if !ensureUser(w, user) {
116 return
117 }
118@@ -326,10 +335,11 @@ type postsPayload struct {
119 Posts []*db.Post `json:"posts"`
120 }
121
122-func getPosts(httpCtx *shared.ApiConfig, ctx ssh.Context, user *db.User, space string) http.HandlerFunc {
123+func getPosts(httpCtx *shared.ApiConfig, ctx ssh.Context, space string) http.HandlerFunc {
124 logger := httpCtx.Cfg.Logger
125 return func(w http.ResponseWriter, r *http.Request) {
126 w.Header().Set("Content-Type", "application/json")
127+ user, _ := shared.GetUserCtx(ctx)
128 if !ensureUser(w, user) {
129 return
130 }
131@@ -363,11 +373,12 @@ type ProjectObject struct {
132 ModTime time.Time `json:"mod_time"`
133 }
134
135-func getProjectObjects(apiConfig *shared.ApiConfig, ctx ssh.Context, user *db.User) http.HandlerFunc {
136+func getProjectObjects(apiConfig *shared.ApiConfig, ctx ssh.Context) http.HandlerFunc {
137 logger := apiConfig.Cfg.Logger
138 storage := apiConfig.Storage
139 return func(w http.ResponseWriter, r *http.Request) {
140 w.Header().Set("Content-Type", "application/json")
141+ user, _ := shared.GetUserCtx(ctx)
142 if !ensureUser(w, user) {
143 return
144 }
145@@ -418,26 +429,20 @@ func CreateRoutes(apiConfig *shared.ApiConfig, ctx ssh.Context) []shared.Route {
146 return []shared.Route{}
147 }
148
149- user, err := shared.GetUserCtx(ctx)
150- if err != nil {
151- logger.Error("could not convert key to text", "err", err.Error())
152- return []shared.Route{}
153- }
154-
155 return []shared.Route{
156 shared.NewCorsRoute("POST", "/api/users", registerUser(apiConfig, ctx, pubkey, pubkeyStr)),
157- shared.NewCorsRoute("GET", "/api/features", getFeatures(apiConfig, ctx, user)),
158- shared.NewCorsRoute("PUT", "/api/rss-token", findOrCreateRssToken(apiConfig, ctx, user)),
159- shared.NewCorsRoute("GET", "/api/pubkeys", getPublicKeys(apiConfig, ctx, user)),
160- shared.NewCorsRoute("POST", "/api/pubkeys", createPubkey(apiConfig, ctx, user)),
161- shared.NewCorsRoute("DELETE", "/api/pubkeys/(.+)", deletePubkey(apiConfig, ctx, user)),
162- shared.NewCorsRoute("GET", "/api/tokens", getTokens(apiConfig, ctx, user)),
163- shared.NewCorsRoute("POST", "/api/tokens", createToken(apiConfig, ctx, user)),
164- shared.NewCorsRoute("DELETE", "/api/tokens/(.+)", deleteToken(apiConfig, ctx, user)),
165- shared.NewCorsRoute("GET", "/api/projects", getProjects(apiConfig, ctx, user)),
166- shared.NewCorsRoute("GET", "/api/projects/(.+)", getProjectObjects(apiConfig, ctx, user)),
167- shared.NewCorsRoute("GET", "/api/posts/prose", getPosts(apiConfig, ctx, user, "prose")),
168- shared.NewCorsRoute("GET", "/api/posts/pastes", getPosts(apiConfig, ctx, user, "pastes")),
169- shared.NewCorsRoute("GET", "/api/posts/feeds", getPosts(apiConfig, ctx, user, "feeds")),
170+ shared.NewCorsRoute("GET", "/api/features", getFeatures(apiConfig, ctx)),
171+ shared.NewCorsRoute("PUT", "/api/rss-token", findOrCreateRssToken(apiConfig, ctx)),
172+ shared.NewCorsRoute("GET", "/api/pubkeys", getPublicKeys(apiConfig, ctx)),
173+ shared.NewCorsRoute("POST", "/api/pubkeys", createPubkey(apiConfig, ctx)),
174+ shared.NewCorsRoute("DELETE", "/api/pubkeys/(.+)", deletePubkey(apiConfig, ctx)),
175+ shared.NewCorsRoute("GET", "/api/tokens", getTokens(apiConfig, ctx)),
176+ shared.NewCorsRoute("POST", "/api/tokens", createToken(apiConfig, ctx)),
177+ shared.NewCorsRoute("DELETE", "/api/tokens/(.+)", deleteToken(apiConfig, ctx)),
178+ shared.NewCorsRoute("GET", "/api/projects", getProjects(apiConfig, ctx)),
179+ shared.NewCorsRoute("GET", "/api/projects/(.+)", getProjectObjects(apiConfig, ctx)),
180+ shared.NewCorsRoute("GET", "/api/posts/prose", getPosts(apiConfig, ctx, "prose")),
181+ shared.NewCorsRoute("GET", "/api/posts/pastes", getPosts(apiConfig, ctx, "pastes")),
182+ shared.NewCorsRoute("GET", "/api/posts/feeds", getPosts(apiConfig, ctx, "feeds")),
183 }
184 }