more refactors :)

2026-02-08 20:52:58 +11:00
parent d038f7a42d
commit fa3b8e3982
10 changed files with 28 additions and 50 deletions
--- a/internal/rbac/protection_middleware.go
+++ b/internal/rbac/protection_middleware.go
@@ -8,10 +8,12 @@ import (
 	"git.haelnorr.com/h/oslstats/internal/db"
 	"git.haelnorr.com/h/oslstats/internal/permissions"
 	"git.haelnorr.com/h/oslstats/internal/roles"
+	"git.haelnorr.com/h/oslstats/internal/throw"
+	"github.com/pkg/errors"
 )

 // RequirePermission creates middleware that requires a specific permission
-func (c *Checker) RequirePermission(server *hws.Server, permission permissions.Permission) func(http.Handler) http.Handler {
+func (c *Checker) RequirePermission(s *hws.Server, permission permissions.Permission) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			user := db.CurrentUser(r.Context())
@@ -24,26 +26,12 @@ func (c *Checker) RequirePermission(server *hws.Server, permission permissions.P

 			has, err := c.UserHasPermission(r.Context(), user, permission)
 			if err != nil {
-				// Log error and return 500
-				server.ThrowError(w, r, hws.HWSError{
-					StatusCode:      http.StatusInternalServerError,
-					Message:         "Permission check failed",
-					Error:           err,
-					Level:           hws.ErrorERROR,
-					RenderErrorPage: true,
-				})
+				throw.InternalServiceError(s, w, r, "Permission check failed", errors.Wrap(err, "c.UserHasPermission"))
 				return
 			}

 			if !has {
-				// User lacks permission - return 403
-				server.ThrowError(w, r, hws.HWSError{
-					StatusCode:      http.StatusForbidden,
-					Message:         "You don't have permission to access this resource",
-					Error:           nil,
-					Level:           hws.ErrorDEBUG,
-					RenderErrorPage: true,
-				})
+				throw.Forbidden(s, w, r, "You don't have permission to access this resource", errors.New("invalid permissions"))
 				return
 			}

@@ -53,7 +41,7 @@ func (c *Checker) RequirePermission(server *hws.Server, permission permissions.P
 }

 // RequireRole creates middleware that requires a specific role
-func (c *Checker) RequireRole(server *hws.Server, role roles.Role) func(http.Handler) http.Handler {
+func (c *Checker) RequireRole(s *hws.Server, role roles.Role) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			user := db.CurrentUser(r.Context())
@@ -66,27 +54,12 @@ func (c *Checker) RequireRole(server *hws.Server, role roles.Role) func(http.Han

 			has, err := c.UserHasRole(r.Context(), user, role)
 			if err != nil {
-				// Log error and return 500
-				hwserr := hws.HWSError{
-					StatusCode:      http.StatusInternalServerError,
-					Message:         "Role check failed",
-					Error:           err,
-					Level:           hws.ErrorERROR,
-					RenderErrorPage: true,
-				}
-				server.ThrowError(w, r, hwserr)
+				throw.InternalServiceError(s, w, r, "Role check failed", errors.Wrap(err, "c.UserHasRole"))
 				return
 			}

 			if !has {
-				// User lacks role - return 403
-				server.ThrowError(w, r, hws.HWSError{
-					StatusCode:      http.StatusForbidden,
-					Message:         "You don't have the required role to access this resource",
-					Error:           nil,
-					Level:           hws.ErrorDEBUG,
-					RenderErrorPage: true,
-				})
+				throw.Forbidden(s, w, r, "You don't have the required role to access this resource", errors.New("missing role"))
 				return
 			}