feat(api): RequireAuth+RequireProjectAccess middleware, IDOR-scope check/apply по projectID
This commit is contained in:
@@ -24,11 +24,9 @@ func decodeBody(w http.ResponseWriter, r *http.Request, v any) bool {
|
||||
// --- accounts ---
|
||||
|
||||
func (a *API) handleCreateAccount(w http.ResponseWriter, r *http.Request) {
|
||||
pid, err := uuid.Parse(chi.URLParam(r, "pid"))
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusBadRequest, "invalid project id")
|
||||
return
|
||||
}
|
||||
// pid is guaranteed present and owned by the caller — RequireProjectAccess
|
||||
// validated it before this handler ever runs.
|
||||
pid, _ := projectIDFrom(r.Context())
|
||||
var req accountRequest
|
||||
if !decodeBody(w, r, &req) {
|
||||
return
|
||||
@@ -53,11 +51,9 @@ func (a *API) handleCreateAccount(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
func (a *API) handleListAccounts(w http.ResponseWriter, r *http.Request) {
|
||||
pid, err := uuid.Parse(chi.URLParam(r, "pid"))
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusBadRequest, "invalid project id")
|
||||
return
|
||||
}
|
||||
// pid is guaranteed present and owned by the caller — RequireProjectAccess
|
||||
// validated it before this handler ever runs.
|
||||
pid, _ := projectIDFrom(r.Context())
|
||||
accs, err := a.Store.ListAccounts(r.Context(), pid)
|
||||
if err != nil {
|
||||
log.Printf("api: list accounts failed: %v", err)
|
||||
@@ -72,11 +68,9 @@ func (a *API) handleListAccounts(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
func (a *API) handleDeleteAccount(w http.ResponseWriter, r *http.Request) {
|
||||
pid, err := uuid.Parse(chi.URLParam(r, "pid"))
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusBadRequest, "invalid project id")
|
||||
return
|
||||
}
|
||||
// pid is guaranteed present and owned by the caller — RequireProjectAccess
|
||||
// validated it before this handler ever runs.
|
||||
pid, _ := projectIDFrom(r.Context())
|
||||
aid, err := uuid.Parse(chi.URLParam(r, "aid"))
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusBadRequest, "invalid account id")
|
||||
@@ -93,11 +87,9 @@ func (a *API) handleDeleteAccount(w http.ResponseWriter, r *http.Request) {
|
||||
// handleImportZones lists zones from the provider for the given account and
|
||||
// creates one domain per zone (template_id left unset).
|
||||
func (a *API) handleImportZones(w http.ResponseWriter, r *http.Request) {
|
||||
pid, err := uuid.Parse(chi.URLParam(r, "pid"))
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusBadRequest, "invalid project id")
|
||||
return
|
||||
}
|
||||
// pid is guaranteed present and owned by the caller — RequireProjectAccess
|
||||
// validated it before this handler ever runs.
|
||||
pid, _ := projectIDFrom(r.Context())
|
||||
aid, err := uuid.Parse(chi.URLParam(r, "aid"))
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusBadRequest, "invalid account id")
|
||||
@@ -145,11 +137,9 @@ func (a *API) handleImportZones(w http.ResponseWriter, r *http.Request) {
|
||||
// --- templates ---
|
||||
|
||||
func (a *API) handleCreateTemplate(w http.ResponseWriter, r *http.Request) {
|
||||
pid, err := uuid.Parse(chi.URLParam(r, "pid"))
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusBadRequest, "invalid project id")
|
||||
return
|
||||
}
|
||||
// pid is guaranteed present and owned by the caller — RequireProjectAccess
|
||||
// validated it before this handler ever runs.
|
||||
pid, _ := projectIDFrom(r.Context())
|
||||
var req templateRequest
|
||||
if !decodeBody(w, r, &req) {
|
||||
return
|
||||
@@ -169,11 +159,9 @@ func (a *API) handleCreateTemplate(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
func (a *API) handleListTemplates(w http.ResponseWriter, r *http.Request) {
|
||||
pid, err := uuid.Parse(chi.URLParam(r, "pid"))
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusBadRequest, "invalid project id")
|
||||
return
|
||||
}
|
||||
// pid is guaranteed present and owned by the caller — RequireProjectAccess
|
||||
// validated it before this handler ever runs.
|
||||
pid, _ := projectIDFrom(r.Context())
|
||||
tpls, err := a.Store.ListTemplates(r.Context(), pid)
|
||||
if err != nil {
|
||||
log.Printf("api: list templates failed: %v", err)
|
||||
@@ -188,11 +176,9 @@ func (a *API) handleListTemplates(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
func (a *API) handleUpdateTemplate(w http.ResponseWriter, r *http.Request) {
|
||||
pid, err := uuid.Parse(chi.URLParam(r, "pid"))
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusBadRequest, "invalid project id")
|
||||
return
|
||||
}
|
||||
// pid is guaranteed present and owned by the caller — RequireProjectAccess
|
||||
// validated it before this handler ever runs.
|
||||
pid, _ := projectIDFrom(r.Context())
|
||||
tid, err := uuid.Parse(chi.URLParam(r, "tid"))
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusBadRequest, "invalid template id")
|
||||
@@ -217,11 +203,9 @@ func (a *API) handleUpdateTemplate(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
func (a *API) handleDeleteTemplate(w http.ResponseWriter, r *http.Request) {
|
||||
pid, err := uuid.Parse(chi.URLParam(r, "pid"))
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusBadRequest, "invalid project id")
|
||||
return
|
||||
}
|
||||
// pid is guaranteed present and owned by the caller — RequireProjectAccess
|
||||
// validated it before this handler ever runs.
|
||||
pid, _ := projectIDFrom(r.Context())
|
||||
tid, err := uuid.Parse(chi.URLParam(r, "tid"))
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusBadRequest, "invalid template id")
|
||||
@@ -238,11 +222,9 @@ func (a *API) handleDeleteTemplate(w http.ResponseWriter, r *http.Request) {
|
||||
// --- domains ---
|
||||
|
||||
func (a *API) handleCreateDomain(w http.ResponseWriter, r *http.Request) {
|
||||
pid, err := uuid.Parse(chi.URLParam(r, "pid"))
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusBadRequest, "invalid project id")
|
||||
return
|
||||
}
|
||||
// pid is guaranteed present and owned by the caller — RequireProjectAccess
|
||||
// validated it before this handler ever runs.
|
||||
pid, _ := projectIDFrom(r.Context())
|
||||
var req domainRequest
|
||||
if !decodeBody(w, r, &req) {
|
||||
return
|
||||
@@ -286,11 +268,9 @@ func (a *API) handleCreateDomain(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
func (a *API) handleListDomains(w http.ResponseWriter, r *http.Request) {
|
||||
pid, err := uuid.Parse(chi.URLParam(r, "pid"))
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusBadRequest, "invalid project id")
|
||||
return
|
||||
}
|
||||
// pid is guaranteed present and owned by the caller — RequireProjectAccess
|
||||
// validated it before this handler ever runs.
|
||||
pid, _ := projectIDFrom(r.Context())
|
||||
doms, err := a.Store.ListDomains(r.Context(), pid)
|
||||
if err != nil {
|
||||
log.Printf("api: list domains failed: %v", err)
|
||||
@@ -308,11 +288,9 @@ func (a *API) handleListDomains(w http.ResponseWriter, r *http.Request) {
|
||||
// check/apply a domain — this is what makes an imported domain (which
|
||||
// starts with template_id=NULL) checkable, closing the import→check loop.
|
||||
func (a *API) handleSetDomainTemplate(w http.ResponseWriter, r *http.Request) {
|
||||
pid, err := uuid.Parse(chi.URLParam(r, "pid"))
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusBadRequest, "invalid project id")
|
||||
return
|
||||
}
|
||||
// pid is guaranteed present and owned by the caller — RequireProjectAccess
|
||||
// validated it before this handler ever runs.
|
||||
pid, _ := projectIDFrom(r.Context())
|
||||
did, err := uuid.Parse(chi.URLParam(r, "did"))
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusBadRequest, "invalid domain id")
|
||||
@@ -339,11 +317,9 @@ func (a *API) handleSetDomainTemplate(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
func (a *API) handleDeleteDomain(w http.ResponseWriter, r *http.Request) {
|
||||
pid, err := uuid.Parse(chi.URLParam(r, "pid"))
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusBadRequest, "invalid project id")
|
||||
return
|
||||
}
|
||||
// pid is guaranteed present and owned by the caller — RequireProjectAccess
|
||||
// validated it before this handler ever runs.
|
||||
pid, _ := projectIDFrom(r.Context())
|
||||
did, err := uuid.Parse(chi.URLParam(r, "did"))
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusBadRequest, "invalid domain id")
|
||||
|
||||
Reference in New Issue
Block a user