diff options
-rw-r--r-- | internal/artifact/artifact.go | 13 | ||||
-rw-r--r-- | internal/auth/auth.go | 36 | ||||
-rw-r--r-- | main.go | 32 |
3 files changed, 40 insertions, 41 deletions
diff --git a/internal/artifact/artifact.go b/internal/artifact/artifact.go index d11a7ebd..922aeeee 100644 --- a/internal/artifact/artifact.go +++ b/internal/artifact/artifact.go @@ -26,14 +26,15 @@ const ( minStatusCode = 200 maxStatusCode = 299 + + createArtifactRequestErrMsg = "failed to create the artifact request" + artifactRequestErrMsg = "failed to request the artifact" ) var ( // Captures subgroup + project, job ID and artifacts path - pathExtractor = regexp.MustCompile(`(?i)\A/-/(.*)/-/jobs/(\d+)/artifacts(/[^?]*)\z`) - errCreateArtifactRequest = errors.New("Failed to create the artifact request") - errArtifactRequest = errors.New("Failed to request the artifact") - errArtifactResponse = errors.New("Artifact request response was not successful") + pathExtractor = regexp.MustCompile(`(?i)\A/-/(.*)/-/jobs/(\d+)/artifacts(/[^?]*)\z`) + errArtifactResponse = errors.New("artifact request response was not successful") ) // Artifact proxies requests for artifact files to the GitLab artifacts API @@ -78,7 +79,7 @@ func (a *Artifact) TryMakeRequest(host string, w http.ResponseWriter, r *http.Re func (a *Artifact) makeRequest(w http.ResponseWriter, r *http.Request, reqURL *url.URL, token string, additionalHandler func(*http.Response) bool) { req, err := http.NewRequest("GET", reqURL.String(), nil) if err != nil { - logging.LogRequest(r).WithError(err).Error(errCreateArtifactRequest) + logging.LogRequest(r).WithError(err).Error(createArtifactRequestErrMsg) errortracking.Capture(err, errortracking.WithRequest(r)) httperrors.Serve500(w) return @@ -90,7 +91,7 @@ func (a *Artifact) makeRequest(w http.ResponseWriter, r *http.Request, reqURL *u resp, err := a.client.Do(req) if err != nil { - logging.LogRequest(r).WithError(err).Error(errArtifactRequest) + logging.LogRequest(r).WithError(err).Error(artifactRequestErrMsg) errortracking.Capture(err, errortracking.WithRequest(r)) httperrors.Serve502(w) return diff --git a/internal/auth/auth.go b/internal/auth/auth.go index 252954a6..215290ba 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -38,17 +38,17 @@ const ( callbackPath = "/auth" authorizeProxyTemplate = "%s?domain=%s&state=%s" authSessionMaxAge = 60 * 10 // 10 minutes + + failAuthErrMsg = "failed to authenticate request" + fetchAccessTokenErrMsg = "fetching access token failed" + queryParameterErrMsg = "failed to parse domain query parameter" + saveSessionErrMsg = "failed to save the session" ) var ( - errSaveSession = errors.New("Failed to save the session") - errFetchAccessToken = errors.New("Fetching access token failed") - errResponseNotOk = errors.New("Response was not ok") - errFailAuth = errors.New("Failed to authenticate request") - errAuthNotConfigured = errors.New("Authentication is not configured") - errQueryParameter = errors.New("Failed to parse domain query parameter") - - errGenerateKeys = errors.New("could not generate auth keys") + errResponseNotOk = errors.New("response was not ok") + errAuthNotConfigured = errors.New("authentication is not configured") + errGenerateKeys = errors.New("could not generate auth keys") ) // Auth handles authenticating users with GitLab API @@ -104,7 +104,7 @@ func (a *Auth) checkSession(w http.ResponseWriter, r *http.Request) (*sessions.S // Save cookie again errsave := session.Save(r, w) if errsave != nil { - logRequest(r).WithError(errsave).Error(errSaveSession) + logRequest(r).WithError(errsave).Error(saveSessionErrMsg) errortracking.Capture(errsave, errortracking.WithRequest(r)) httperrors.Serve500(w) return nil, errsave @@ -186,7 +186,7 @@ func (a *Auth) checkAuthenticationResponse(session *sessions.Session, w http.Res // Fetching token not OK logRequest(r).WithError(err).WithField( "redirect_uri", redirectURI, - ).Error(errFetchAccessToken) + ).Error(fetchAccessTokenErrMsg) errortracking.Capture( err, errortracking.WithRequest(r), @@ -200,7 +200,7 @@ func (a *Auth) checkAuthenticationResponse(session *sessions.Session, w http.Res session.Values["access_token"] = token.AccessToken err = session.Save(r, w) if err != nil { - logRequest(r).WithError(err).Error(errSaveSession) + logRequest(r).WithError(err).Error(saveSessionErrMsg) errortracking.Capture(err, errortracking.WithRequest(r)) httperrors.Serve500(w) @@ -236,7 +236,7 @@ func (a *Auth) handleProxyingAuth(session *sessions.Session, w http.ResponseWrit proxyurl, err := url.Parse(domain) if err != nil { - logRequest(r).WithField("domain", domain).Error(errQueryParameter) + logRequest(r).WithField("domain", domain).Error(queryParameterErrMsg) errortracking.Capture(err, errortracking.WithRequest(r), errortracking.WithField("domain", domain)) httperrors.Serve500(w) @@ -259,7 +259,7 @@ func (a *Auth) handleProxyingAuth(session *sessions.Session, w http.ResponseWrit err = session.Save(r, w) if err != nil { - logRequest(r).WithError(err).Error(errSaveSession) + logRequest(r).WithError(err).Error(saveSessionErrMsg) errortracking.Capture(err, errortracking.WithRequest(r)) httperrors.Serve500(w) @@ -290,7 +290,7 @@ func (a *Auth) handleProxyingAuth(session *sessions.Session, w http.ResponseWrit delete(session.Values, "proxy_auth_domain") err := session.Save(r, w) if err != nil { - logRequest(r).WithError(err).Error(errSaveSession) + logRequest(r).WithError(err).Error(saveSessionErrMsg) errortracking.Capture(err, errortracking.WithRequest(r)) httperrors.Serve500(w) @@ -304,7 +304,7 @@ func (a *Auth) handleProxyingAuth(session *sessions.Session, w http.ResponseWrit // and signing the OAuth code signedCode, err := a.EncryptAndSignCode(proxyDomain, query.Get("code")) if err != nil { - logRequest(r).WithError(err).Error(errSaveSession) + logRequest(r).WithError(err).Error(saveSessionErrMsg) errortracking.Capture(err, errortracking.WithRequest(r)) httperrors.Serve503(w) @@ -434,7 +434,7 @@ func (a *Auth) checkTokenExists(session *sessions.Session, w http.ResponseWriter err := session.Save(r, w) if err != nil { - logRequest(r).WithError(err).Error(errSaveSession) + logRequest(r).WithError(err).Error(saveSessionErrMsg) errortracking.Capture(err, errortracking.WithRequest(r)) httperrors.Serve500(w) @@ -461,7 +461,7 @@ func destroySession(session *sessions.Session, w http.ResponseWriter, r *http.Re delete(session.Values, "access_token") err := session.Save(r, w) if err != nil { - logRequest(r).WithError(err).Error(errSaveSession) + logRequest(r).WithError(err).Error(saveSessionErrMsg) errortracking.Capture(err, errortracking.WithRequest(r)) httperrors.Serve500(w) @@ -493,7 +493,7 @@ func (a *Auth) checkAuthentication(w http.ResponseWriter, r *http.Request, domai req, err := http.NewRequest("GET", url, nil) if err != nil { - logRequest(r).WithError(err).Error(errFailAuth) + logRequest(r).WithError(err).Error(failAuthErrMsg) errortracking.Capture(err, errortracking.WithRequest(req)) httperrors.Serve500(w) @@ -2,7 +2,6 @@ package main import ( "encoding/base64" - "errors" "fmt" "io" "math/rand" @@ -95,15 +94,14 @@ var ( header MultiStringFlag ) -var ( - errArtifactSchemaUnsupported = errors.New("artifacts-server scheme must be either http:// or https://") - errArtifactsServerTimeoutValue = errors.New("artifacts-server-timeout must be greater than or equal to 1") - - errSecretNotDefined = errors.New("auth-secret must be defined if authentication is supported") - errClientIDNotDefined = errors.New("auth-client-id must be defined if authentication is supported") - errClientSecretNotDefined = errors.New("auth-client-secret must be defined if authentication is supported") - errGitLabServerNotDefined = errors.New("gitlab-server must be defined if authentication is supported") - errRedirectURINotDefined = errors.New("auth-redirect-uri must be defined if authentication is supported") +const ( + artifactSchemaUnsupportedErrMsg = "artifacts-server scheme must be either http:// or https://" + artifactsServerTimeoutValueErrMsg = "artifacts-server-timeout must be greater than or equal to 1" + clientIDNotDefinedErrMsg = "auth-client-id must be defined if authentication is supported" + clientSecretNotDefinedErrMsg = "auth-client-secret must be defined if authentication is supported" // #nosec + gitLabServerNotDefinedErrMsg = "gitlab-server must be defined if authentication is supported" + redirectURINotDefinedErrMsg = "auth-redirect-uri must be defined if authentication is supported" + secretNotDefinedErrMsg = "auth-secret must be defined if authentication is supported" ) func gitlabServerFromFlags() string { @@ -141,12 +139,12 @@ func setArtifactsServer(artifactsServer string, artifactsServerTimeout int, conf // url.Parse ensures that the Scheme attribute is always lower case. if u.Scheme != request.SchemeHTTP && u.Scheme != request.SchemeHTTPS { errortracking.Capture(err) - log.Fatal(errArtifactSchemaUnsupported) + log.Fatal(artifactSchemaUnsupportedErrMsg) } if artifactsServerTimeout < 1 { errortracking.Capture(err) - log.Fatal(errArtifactsServerTimeoutValue) + log.Fatal(artifactsServerTimeoutValueErrMsg) } config.ArtifactsServerTimeout = artifactsServerTimeout @@ -238,19 +236,19 @@ func checkAuthenticationConfig(config appConfig) { func assertAuthConfig(config appConfig) { if config.StoreSecret == "" { - log.Fatal(errSecretNotDefined) + log.Fatal(secretNotDefinedErrMsg) } if config.ClientID == "" { - log.Fatal(errClientIDNotDefined) + log.Fatal(clientIDNotDefinedErrMsg) } if config.ClientSecret == "" { - log.Fatal(errClientSecretNotDefined) + log.Fatal(clientSecretNotDefinedErrMsg) } if config.GitLabServer == "" { - log.Fatal(errGitLabServerNotDefined) + log.Fatal(gitLabServerNotDefinedErrMsg) } if config.RedirectURI == "" { - log.Fatal(errRedirectURINotDefined) + log.Fatal(redirectURINotDefinedErrMsg) } } |