Ejemplo n.º 1
0
// Update does PATCH comment
func (c *CommentsController) Update(ctx *app.UpdateCommentsContext) error {
	identity, err := login.ContextIdentity(ctx)
	if err != nil {
		return jsonapi.JSONErrorResponse(ctx, goa.ErrUnauthorized(err.Error()))
	}

	return application.Transactional(c.db, func(appl application.Application) error {
		cm, err := appl.Comments().Load(ctx.Context, ctx.CommentID)
		if err != nil {
			return jsonapi.JSONErrorResponse(ctx, err)
		}

		if identity != cm.CreatedBy.String() {
			// need to use the goa.NewErrorClass() func as there is no native support for 403 in goa
			// and it is not planned to be supported yet: https://github.com/goadesign/goa/pull/1030
			return jsonapi.JSONErrorResponse(ctx, goa.NewErrorClass("forbidden", 403)("User is not the comment author"))
		}

		cm.Body = *ctx.Payload.Data.Attributes.Body
		cm.Markup = rendering.NilSafeGetMarkup(ctx.Payload.Data.Attributes.Markup)
		cm, err = appl.Comments().Save(ctx.Context, cm)
		if err != nil {
			return jsonapi.JSONErrorResponse(ctx, err)
		}

		res := &app.CommentSingle{
			Data: ConvertComment(ctx.RequestData, cm, CommentIncludeParentWorkItem()),
		}
		return ctx.OK(res)
	})
}
Ejemplo n.º 2
0
// Delete does DELETE comment
func (c *CommentsController) Delete(ctx *app.DeleteCommentsContext) error {
	identity, err := login.ContextIdentity(ctx)
	if err != nil {
		return jsonapi.JSONErrorResponse(ctx, goa.ErrUnauthorized(err.Error()))
	}

	return application.Transactional(c.db, func(appl application.Application) error {
		cm, err := appl.Comments().Load(ctx.Context, ctx.CommentID)
		if err != nil {
			return jsonapi.JSONErrorResponse(ctx, err)
		}
		if identity != cm.CreatedBy.String() {
			// need to use the goa.NewErrorClass() func as there is no native support for 403 in goa
			// and it is not planned to be supported yet: https://github.com/goadesign/goa/pull/1030
			return jsonapi.JSONErrorResponse(ctx, goa.NewErrorClass("forbidden", 403)("User is not the comment author"))
		}

		err = appl.Comments().Delete(ctx.Context, cm.ID)
		if err != nil {
			return jsonapi.JSONErrorResponse(ctx, err)
		}
		return ctx.OK([]byte{})
	})
}
Ejemplo n.º 3
0
Archivo: jwt.go Proyecto: ajoulie/goa
				if val, ok := scope.(string); ok {
					scopesInClaim[val] = true
					scopesInClaimList = append(scopesInClaimList, val)
				}
			}
		default:
			return nil, nil, fmt.Errorf("unsupported 'scopes' format in incoming JWT claim, was type %T", scopes)
		}
	}
	sort.Strings(scopesInClaimList)
	return scopesInClaim, scopesInClaimList, nil
}

// ErrJWTError is the error returned by this middleware when any sort
// of validation or assertion fails during processing.
var ErrJWTError = goa.NewErrorClass("jwt_security_error", 401)

type contextKey int

const (
	jwtKey contextKey = iota + 1
)

// ContextJWT retrieves the JWT token from a `context` that went through our security
// middleware.
func ContextJWT(ctx context.Context) *jwt.Token {
	token, ok := ctx.Value(jwtKey).(*jwt.Token)
	if !ok {
		return nil
	}
	return token
Ejemplo n.º 4
0
package basicauth

import (
	"net/http"

	"github.com/goadesign/goa"
	"golang.org/x/net/context"
)

// ErrBasicAuthFailed means it wasn't able to authenticate you with your login/password.
var ErrBasicAuthFailed = goa.NewErrorClass("basic_auth_failed", 401)

// New creates a static username/password handler for your `goa.BasicAuthSecurity` method.
//
// Example:
//    app.MyBasicAuthSecurity.Use(basicauth.New("admin", "password"))
//
// It doesn't get simpler than that.
//
// If you want to handle the username and password checks dynamically,
// copy the source of `New`, it's 8 lines and you can tweak at will.
func New(username, password string) goa.BasicAuthSecurityConfigFunc {
	return func(scheme *goa.BasicAuthSecurity) goa.Middleware {

		middleware, _ := goa.NewMiddleware(func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
			u, p, ok := r.BasicAuth()
			if !ok || u != username || p != password {
				return ErrBasicAuthFailed("Authentication failed")
			}
			return nil
		})
Ejemplo n.º 5
0
					Ω(rw.Status).Should(Equal(500))
					Ω(rw.ParentHeader["Content-Type"]).Should(Equal([]string{goa.ErrorMediaIdentifier}))
					err := service.Decoder.Decode(&decoded, bytes.NewBuffer(rw.Body), "application/json")
					Ω(err).ShouldNot(HaveOccurred())
					Ω(decoded.ID).Should(Equal(origID))
				})
			})
		})
	})

	Context("with a handler returning a goa error", func() {
		var gerr error

		BeforeEach(func() {
			service = newService(nil)
			gerr = goa.NewErrorClass("code", 418)("teapot", "foobar", 42)
			h = func(ctx context.Context, rw http.ResponseWriter, req *http.Request) error {
				return gerr
			}
		})

		It("maps goa errors to HTTP responses", func() {
			var decoded errorResponse
			Ω(rw.Status).Should(Equal(gerr.(goa.ServiceError).ResponseStatus()))
			Ω(rw.ParentHeader["Content-Type"]).Should(Equal([]string{goa.ErrorMediaIdentifier}))
			err := service.Decoder.Decode(&decoded, bytes.NewBuffer(rw.Body), "application/json")
			Ω(err).ShouldNot(HaveOccurred())
			Ω(decoded.Error()).Should(Equal(gerr.Error()))
		})
	})
})