This repository has been archived by the owner on Nov 8, 2017. It is now read-only.
forked from go-macaroon-bakery/macaroon-bakery
/
error.go
293 lines (259 loc) · 9.41 KB
/
error.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
package httpbakery
import (
"net/http"
"strconv"
"github.com/juju/httprequest"
"gopkg.in/errgo.v1"
"gopkg.in/macaroon.v1"
)
// ErrorCode holds an error code that classifies
// an error returned from a bakery HTTP handler.
type ErrorCode string
func (e ErrorCode) Error() string {
return string(e)
}
func (e ErrorCode) ErrorCode() ErrorCode {
return e
}
const (
ErrBadRequest = ErrorCode("bad request")
ErrDischargeRequired = ErrorCode("macaroon discharge required")
ErrInteractionRequired = ErrorCode("interaction required")
)
var (
errorMapper httprequest.ErrorMapper = ErrorToResponse
handleJSON = errorMapper.HandleJSON
writeError = errorMapper.WriteError
)
// Error holds the type of a response from an httpbakery HTTP request,
// marshaled as JSON.
//
// Note: Do not construct Error values with ErrDischargeRequired or
// ErrInteractionRequired codes directly - use the
// NewDischargeRequiredErrorForRequest or NewInteractionRequiredError
// functions instead.
type Error struct {
Code ErrorCode `json:",omitempty"`
Message string `json:",omitempty"`
Info *ErrorInfo `json:",omitempty"`
// version holds the protocol version that was used
// to create the error (see NewDischargeRequiredErrorWithVersion).
version version
}
// version represents a version of the bakery protocol. It is jused
// to determine the kind of response to send when there is a
// discharge-required error.
type version int
const (
version0 version = 0
version1 version = 1
latestVersion = version1
)
// ErrorInfo holds additional information provided
// by an error.
type ErrorInfo struct {
// Macaroon may hold a macaroon that, when
// discharged, may allow access to a service.
// This field is associated with the ErrDischargeRequired
// error code.
Macaroon *macaroon.Macaroon `json:",omitempty"`
// MacaroonPath holds the URL path to be associated
// with the macaroon. The macaroon is potentially
// valid for all URLs under the given path.
// If it is empty, the macaroon will be associated with
// the original URL from which the error was returned.
MacaroonPath string `json:",omitempty"`
// CookieNameSuffix holds the desired cookie name suffix to be
// associated with the macaroon. The actual name used will be
// ("macaroon-" + CookieName). Clients may ignore this field -
// older clients will always use ("macaroon-" +
// macaroon.Signature() in hex).
CookieNameSuffix string `json:",omitempty"`
// VisitURL and WaitURL are associated with the
// ErrInteractionRequired error code.
// VisitURL holds a URL that the client should visit
// in a web browser to authenticate themselves.
VisitURL string `json:",omitempty"`
// WaitURL holds a URL that the client should visit
// to acquire the discharge macaroon. A GET on
// this URL will block until the client has authenticated,
// and then it will return the discharge macaroon.
WaitURL string `json:",omitempty"`
}
func (e *Error) Error() string {
return e.Message
}
func (e *Error) ErrorCode() ErrorCode {
return e.Code
}
// ErrorInfo returns additional information
// about the error.
// TODO return interface{} here?
func (e *Error) ErrorInfo() *ErrorInfo {
return e.Info
}
// ErrorToResponse returns the HTTP status and an error body to be
// marshaled as JSON for the given error. This allows a third party
// package to integrate bakery errors into their error responses when
// they encounter an error with a *bakery.Error cause.
func ErrorToResponse(err error) (int, interface{}) {
errorBody := errorResponseBody(err)
var body interface{} = errorBody
status := http.StatusInternalServerError
switch errorBody.Code {
case ErrBadRequest:
status = http.StatusBadRequest
case ErrDischargeRequired, ErrInteractionRequired:
switch errorBody.version {
case version0:
status = http.StatusProxyAuthRequired
case version1:
status = http.StatusUnauthorized
body = httprequest.CustomHeader{
Body: body,
SetHeaderFunc: setAuthenticateHeader,
}
default:
panic("out of range version number")
}
}
return status, body
}
func setAuthenticateHeader(h http.Header) {
h.Set("WWW-Authenticate", "Macaroon")
}
type errorInfoer interface {
ErrorInfo() *ErrorInfo
}
type errorCoder interface {
ErrorCode() ErrorCode
}
// errorResponse returns an appropriate error
// response for the provided error.
func errorResponseBody(err error) *Error {
var errResp Error
cause := errgo.Cause(err)
if cause, ok := cause.(*Error); ok {
// It's an Error already. Preserve the wrapped
// error message but copy everything else.
errResp = *cause
errResp.Message = err.Error()
return &errResp
}
// It's not an error. Preserve as much info as
// we can find.
errResp.Message = err.Error()
if coder, ok := cause.(errorCoder); ok {
errResp.Code = coder.ErrorCode()
}
if infoer, ok := cause.(errorInfoer); ok {
errResp.Info = infoer.ErrorInfo()
}
return &errResp
}
func badRequestErrorf(f string, a ...interface{}) error {
return errgo.WithCausef(nil, ErrBadRequest, f, a...)
}
// WriteDischargeRequiredError creates an error using
// NewDischargeRequiredError and writes it to the given response writer,
// indicating that the client should discharge the macaroon to allow the
// original request to be accepted.
func WriteDischargeRequiredError(w http.ResponseWriter, m *macaroon.Macaroon, path string, originalErr error) {
writeError(w, NewDischargeRequiredError(m, path, originalErr))
}
// WriteDischargeRequiredErrorForRequest is like NewDischargeRequiredError
// but uses the given request to determine the protocol version appropriate
// for the client.
//
// This function should always be used in preference to
// WriteDischargeRequiredError, because it enables
// in-browser macaroon discharge.
func WriteDischargeRequiredErrorForRequest(w http.ResponseWriter, m *macaroon.Macaroon, path string, originalErr error, req *http.Request) {
writeError(w, NewDischargeRequiredErrorForRequest(m, path, originalErr, req))
}
// NewDischargeRequiredError returns an error of type *Error that
// reports the given original error and includes the given macaroon.
//
// The returned macaroon will be declared as valid for the given URL
// path and may be relative. When the client stores the discharged
// macaroon as a cookie this will be the path associated with the
// cookie. See ErrorInfo.MacaroonPath for more information.
func NewDischargeRequiredError(m *macaroon.Macaroon, path string, originalErr error) error {
return newDischargeRequiredErrorWithVersion(m, path, originalErr, version0)
}
// NewInteractionRequiredError returns an error of type *Error
// that requests an interaction from the client in response
// to the given request. The originalErr value describes the original
// error - if it is nil, a default message will be provided.
//
// See Error.ErrorInfo for more details of visitURL and waitURL.
//
// This function should be used in preference to creating the Error value
// directly, as it sets the bakery protocol version correctly in the error.
func NewInteractionRequiredError(visitURL, waitURL string, originalErr error, req *http.Request) error {
if originalErr == nil {
originalErr = ErrInteractionRequired
}
return &Error{
Message: originalErr.Error(),
version: versionFromRequest(req),
Code: ErrInteractionRequired,
Info: &ErrorInfo{
VisitURL: visitURL,
WaitURL: waitURL,
},
}
}
// NewDischargeRequiredErrorForRequest is like NewDischargeRequiredError
// except that it determines the client's bakery protocol version from
// the request and returns an error response appropriate for that.
//
// This function should always be used in preference to
// NewDischargeRequiredError, because it enables in-browser macaroon
// discharge.
//
// To request a particular cookie name:
//
// err := NewDischargeRequiredErrorForRequest(...)
// err.(*httpbakery.Error).Info.CookieNameSuffix = cookieName
func NewDischargeRequiredErrorForRequest(m *macaroon.Macaroon, path string, originalErr error, req *http.Request) error {
v := versionFromRequest(req)
return newDischargeRequiredErrorWithVersion(m, path, originalErr, v)
}
// newDischargeRequiredErrorWithVersion is the internal version of NewDischargeRequiredErrorForRequest.
func newDischargeRequiredErrorWithVersion(m *macaroon.Macaroon, path string, originalErr error, v version) error {
if originalErr == nil {
originalErr = ErrDischargeRequired
}
return &Error{
Message: originalErr.Error(),
version: v,
Code: ErrDischargeRequired,
Info: &ErrorInfo{
Macaroon: m,
MacaroonPath: path,
},
}
}
// BakeryProtocolHeader is the header that HTTP clients should set
// to determine the bakery protocol version. If it is 0 or missing,
// a discharge-required error response will be returned with HTTP status 407;
// if it is 1, the response will have status 401 with the WWW-Authenticate
// header set to "Macaroon".
const BakeryProtocolHeader = "Bakery-Protocol-Version"
// versionFromRequest determines the bakery protocol version from a client
// request. If the protocol cannot be determined, or is invalid,
// the original version of the protocol is used.
func versionFromRequest(req *http.Request) version {
vs := req.Header.Get(BakeryProtocolHeader)
if vs == "" {
// No header - use backward compatibility mode.
return version0
}
v, err := strconv.Atoi(vs)
if err != nil || version(v) < 0 || version(v) > latestVersion {
// Badly formed header - use backward compatibility mode.
return version0
}
return version(v)
}