ducky/devices
ducky/devices/apiv1/handlers.go
Fix JSON pointers in errors when creating devices. Our JSON pointers used to point at the root of the document, but the properties were actually in objects in an array keyed off of "devices", so we had to update the field property of our errors to match. While we were in there, we fixed the "insufficient" error for a Device's name to be "missing" when the name is an empty string. So far, the only way for a Device's name for it to be insufficient is _for it to be the empty string_, but if in the future we raise the minimum length of the Device name, there will be a distinction and I'd like the code to recognise it.
| paddy@15 | 1 package apiv1 |
| paddy@15 | 2 |
| paddy@15 | 3 import ( |
| paddy@17 | 4 "fmt" |
| paddy@15 | 5 "log" |
| paddy@15 | 6 "net/http" |
| paddy@15 | 7 |
| paddy@15 | 8 "code.secondbit.org/api.hg" |
| paddy@15 | 9 "code.secondbit.org/ducky/devices.hg" |
| paddy@15 | 10 |
| paddy@15 | 11 "golang.org/x/net/context" |
| paddy@15 | 12 ) |
| paddy@15 | 13 |
| paddy@15 | 14 type createRequest struct { |
| paddy@15 | 15 Devices []DeviceChange `json:"devices"` |
| paddy@15 | 16 } |
| paddy@15 | 17 |
| paddy@15 | 18 func handleCreateDevices(ctx context.Context, w http.ResponseWriter, r *http.Request) { |
| paddy@15 | 19 var req createRequest |
| paddy@15 | 20 var resp Response |
| paddy@16 | 21 |
| paddy@16 | 22 userID, err := api.AuthUser(r) |
| paddy@16 | 23 if err != nil { |
| paddy@16 | 24 if err == api.ErrUserIDNotSet { |
| paddy@16 | 25 api.Encode(w, r, http.StatusUnauthorized, Response{Errors: api.AccessDeniedError}) |
| paddy@16 | 26 return |
| paddy@16 | 27 } |
| paddy@16 | 28 api.Encode(w, r, http.StatusForbidden, Response{Errors: api.AccessDeniedError}) |
| paddy@16 | 29 return |
| paddy@16 | 30 } |
| paddy@16 | 31 |
| paddy@16 | 32 err = api.Decode(r, &req) |
| paddy@15 | 33 if err != nil { |
| paddy@15 | 34 api.Encode(w, r, http.StatusBadRequest, Response{Errors: api.InvalidFormatError}) |
| paddy@15 | 35 return |
| paddy@15 | 36 } |
| paddy@15 | 37 |
| paddy@15 | 38 devicesToCreate := createDevicesFromChanges(req.Devices) |
| paddy@16 | 39 passedScopes := api.GetScopes(r) |
| paddy@17 | 40 for pos, device := range devicesToCreate { |
| paddy@16 | 41 err := validateDeviceCreation(device, passedScopes, userID) |
| paddy@16 | 42 if err == nil { |
| paddy@16 | 43 continue |
| paddy@16 | 44 } |
| paddy@16 | 45 var requestErr api.RequestError |
| paddy@16 | 46 switch err { |
| paddy@16 | 47 case errUnauthorizedLastSeen: |
| paddy@16 | 48 requestErr.Slug = api.RequestErrAccessDenied |
| paddy@17 | 49 requestErr.Field = fmt.Sprintf("devices/%d/lastSeen", pos) |
| paddy@16 | 50 case errUnauthorizedCreated: |
| paddy@16 | 51 requestErr.Slug = api.RequestErrAccessDenied |
| paddy@17 | 52 requestErr.Field = fmt.Sprintf("devices/%d/created", pos) |
| paddy@16 | 53 case errUnauthorizedOwner: |
| paddy@16 | 54 requestErr.Slug = api.RequestErrAccessDenied |
| paddy@17 | 55 requestErr.Field = fmt.Sprintf("devices/%d/owner", pos) |
| paddy@16 | 56 case errInvalidDeviceType: |
| paddy@16 | 57 requestErr.Slug = api.RequestErrInvalidValue |
| paddy@17 | 58 requestErr.Field = fmt.Sprintf("devices/%d/type", pos) |
| paddy@16 | 59 case errDeviceNameTooShort: |
| paddy@17 | 60 if len(device.Name) == 0 { |
| paddy@17 | 61 requestErr.Slug = api.RequestErrMissing |
| paddy@17 | 62 } else { |
| paddy@17 | 63 requestErr.Slug = api.RequestErrInsufficient |
| paddy@17 | 64 } |
| paddy@17 | 65 requestErr.Field = fmt.Sprintf("devices/%d/name", pos) |
| paddy@16 | 66 case errDeviceNameTooLong: |
| paddy@16 | 67 requestErr.Slug = api.RequestErrOverflow |
| paddy@17 | 68 requestErr.Field = fmt.Sprintf("devices/%d/name", pos) |
| paddy@16 | 69 } |
| paddy@16 | 70 if requestErr.Slug != "" { |
| paddy@16 | 71 api.Encode(w, r, http.StatusBadRequest, Response{Errors: []api.RequestError{requestErr}}) |
| paddy@15 | 72 return |
| paddy@15 | 73 } |
| paddy@16 | 74 api.Encode(w, r, http.StatusInternalServerError, Response{Errors: api.ActOfGodError}) |
| paddy@15 | 75 } |
| paddy@15 | 76 createdDevices, err := devices.CreateMany(devicesToCreate, ctx) |
| paddy@15 | 77 if err != nil { |
| paddy@15 | 78 // BUG(paddy): we should filter out non-internal errors here and expose better error responses |
| paddy@15 | 79 log.Printf("Error creating devices: %+v\n", err) |
| paddy@15 | 80 api.Encode(w, r, http.StatusInternalServerError, Response{Errors: api.ActOfGodError}) |
| paddy@15 | 81 return |
| paddy@15 | 82 } |
| paddy@15 | 83 for _, device := range createdDevices { |
| paddy@16 | 84 resp.Devices = append(resp.Devices, apiDeviceFromCore(device, api.CheckScopes(passedScopes, ScopeViewPushToken.ID))) |
| paddy@15 | 85 } |
| paddy@15 | 86 api.Encode(w, r, http.StatusCreated, resp) |
| paddy@15 | 87 } |