// Update does PATCH comment
func (c *CommentsController) Update(ctx *app.UpdateCommentsContext) error {
identity, err := login.ContextIdentity(ctx)
if err != nil {
return jsonapi.JSONErrorResponse(ctx, goa.ErrUnauthorized(err.Error()))
}
return application.Transactional(c.db, func(appl application.Application) error {
cm, err := appl.Comments().Load(ctx.Context, ctx.CommentID)
if err != nil {
return jsonapi.JSONErrorResponse(ctx, err)
}
if identity != cm.CreatedBy.String() {
// need to use the goa.NewErrorClass() func as there is no native support for 403 in goa
// and it is not planned to be supported yet: https://github.com/goadesign/goa/pull/1030
return jsonapi.JSONErrorResponse(ctx, goa.NewErrorClass("forbidden", 403)("User is not the comment author"))
}
cm.Body = *ctx.Payload.Data.Attributes.Body
cm.Markup = rendering.NilSafeGetMarkup(ctx.Payload.Data.Attributes.Markup)
cm, err = appl.Comments().Save(ctx.Context, cm)
if err != nil {
return jsonapi.JSONErrorResponse(ctx, err)
}
res := &app.CommentSingle{
Data: ConvertComment(ctx.RequestData, cm, CommentIncludeParentWorkItem()),
}
return ctx.OK(res)
})
}
// Delete does DELETE comment
func (c *CommentsController) Delete(ctx *app.DeleteCommentsContext) error {
identity, err := login.ContextIdentity(ctx)
if err != nil {
return jsonapi.JSONErrorResponse(ctx, goa.ErrUnauthorized(err.Error()))
}
return application.Transactional(c.db, func(appl application.Application) error {
cm, err := appl.Comments().Load(ctx.Context, ctx.CommentID)
if err != nil {
return jsonapi.JSONErrorResponse(ctx, err)
}
if identity != cm.CreatedBy.String() {
// need to use the goa.NewErrorClass() func as there is no native support for 403 in goa
// and it is not planned to be supported yet: https://github.com/goadesign/goa/pull/1030
return jsonapi.JSONErrorResponse(ctx, goa.NewErrorClass("forbidden", 403)("User is not the comment author"))
}
err = appl.Comments().Delete(ctx.Context, cm.ID)
if err != nil {
return jsonapi.JSONErrorResponse(ctx, err)
}
return ctx.OK([]byte{})
})
}
if val, ok := scope.(string); ok {
scopesInClaim[val] = true
scopesInClaimList = append(scopesInClaimList, val)
}
}
default:
return nil, nil, fmt.Errorf("unsupported 'scopes' format in incoming JWT claim, was type %T", scopes)
}
}
sort.Strings(scopesInClaimList)
return scopesInClaim, scopesInClaimList, nil
}
// ErrJWTError is the error returned by this middleware when any sort
// of validation or assertion fails during processing.
var ErrJWTError = goa.NewErrorClass("jwt_security_error", 401)
type contextKey int
const (
jwtKey contextKey = iota + 1
)
// ContextJWT retrieves the JWT token from a `context` that went through our security
// middleware.
func ContextJWT(ctx context.Context) *jwt.Token {
token, ok := ctx.Value(jwtKey).(*jwt.Token)
if !ok {
return nil
}
return token
package basicauth
import (
"net/http"
"github.com/goadesign/goa"
"golang.org/x/net/context"
)
// ErrBasicAuthFailed means it wasn't able to authenticate you with your login/password.
var ErrBasicAuthFailed = goa.NewErrorClass("basic_auth_failed", 401)
// New creates a static username/password handler for your `goa.BasicAuthSecurity` method.
//
// Example:
// app.MyBasicAuthSecurity.Use(basicauth.New("admin", "password"))
//
// It doesn't get simpler than that.
//
// If you want to handle the username and password checks dynamically,
// copy the source of `New`, it's 8 lines and you can tweak at will.
func New(username, password string) goa.BasicAuthSecurityConfigFunc {
return func(scheme *goa.BasicAuthSecurity) goa.Middleware {
middleware, _ := goa.NewMiddleware(func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
u, p, ok := r.BasicAuth()
if !ok || u != username || p != password {
return ErrBasicAuthFailed("Authentication failed")
}
return nil
})
Ω(rw.Status).Should(Equal(500))
Ω(rw.ParentHeader["Content-Type"]).Should(Equal([]string{goa.ErrorMediaIdentifier}))
err := service.Decoder.Decode(&decoded, bytes.NewBuffer(rw.Body), "application/json")
Ω(err).ShouldNot(HaveOccurred())
Ω(decoded.ID).Should(Equal(origID))
})
})
})
})
Context("with a handler returning a goa error", func() {
var gerr error
BeforeEach(func() {
service = newService(nil)
gerr = goa.NewErrorClass("code", 418)("teapot", "foobar", 42)
h = func(ctx context.Context, rw http.ResponseWriter, req *http.Request) error {
return gerr
}
})
It("maps goa errors to HTTP responses", func() {
var decoded errorResponse
Ω(rw.Status).Should(Equal(gerr.(goa.ServiceError).ResponseStatus()))
Ω(rw.ParentHeader["Content-Type"]).Should(Equal([]string{goa.ErrorMediaIdentifier}))
err := service.Decoder.Decode(&decoded, bytes.NewBuffer(rw.Body), "application/json")
Ω(err).ShouldNot(HaveOccurred())
Ω(decoded.Error()).Should(Equal(gerr.Error()))
})
})
})
