From ba5a464ca5d3fcbd171c174a4f07c3326ecb01df Mon Sep 17 00:00:00 2001 From: Natsu Kagami Date: Fri, 12 May 2023 08:16:41 +0000 Subject: [PATCH] [chore] Prefer JSON errors in API endpoints (#1766) * Default to JSON over HTML for error handling * Change the default error display for web endpoints to html --- internal/api/util/errorhandling.go | 10 ++++++++-- internal/api/util/negotiate.go | 8 ++++---- internal/web/about.go | 2 +- internal/web/base.go | 2 +- internal/web/confirmemail.go | 6 +++--- internal/web/customcss.go | 8 ++++---- internal/web/domain-blocklist.go | 8 ++++---- internal/web/profile.go | 16 ++++++++-------- internal/web/rss.go | 12 ++++++------ internal/web/settings-panel.go | 2 +- internal/web/thread.go | 20 ++++++++++---------- 11 files changed, 50 insertions(+), 44 deletions(-) diff --git a/internal/api/util/errorhandling.go b/internal/api/util/errorhandling.go index 4daaf44c..ed7a18fb 100644 --- a/internal/api/util/errorhandling.go +++ b/internal/api/util/errorhandling.go @@ -88,7 +88,8 @@ func genericErrorHandler(c *gin.Context, instanceGet func(ctx context.Context) ( // the caller prefers to see an html page with the error rendered there. If not, or // if something goes wrong during the function, it will recover and just try to serve // an appropriate application/json content-type error. -func ErrorHandler(c *gin.Context, errWithCode gtserror.WithCode, instanceGet func(ctx context.Context) (*apimodel.InstanceV1, gtserror.WithCode)) { +// To override the default response type, specify `offers`. +func ErrorHandler(c *gin.Context, errWithCode gtserror.WithCode, instanceGet func(ctx context.Context) (*apimodel.InstanceV1, gtserror.WithCode), offers ...MIME) { // set the error on the gin context so that it can be logged // in the gin logger middleware (internal/router/logger.go) c.Error(errWithCode) //nolint:errcheck @@ -97,7 +98,7 @@ func ErrorHandler(c *gin.Context, errWithCode gtserror.WithCode, instanceGet fun // or if we should just use a json. Normally we would want to // check for a returned error, but if an error occurs here we // can just fall back to default behavior (serve json error). - accept, _ := NegotiateAccept(c, HTMLOrJSONAcceptHeaders...) + accept, _ := NegotiateAccept(c, JSONOrHTMLAcceptHeaders...) if errWithCode.Code() == http.StatusNotFound { // use our special not found handler with useful status text @@ -107,6 +108,11 @@ func ErrorHandler(c *gin.Context, errWithCode gtserror.WithCode, instanceGet fun } } +// WebErrorHandler is like ErrorHandler, but will display HTML over JSON by default. +func WebErrorHandler(c *gin.Context, errWithCode gtserror.WithCode, instanceGet func(ctx context.Context) (*apimodel.InstanceV1, gtserror.WithCode)) { + ErrorHandler(c, errWithCode, instanceGet, TextHTML, AppJSON) +} + // OAuthErrorHandler is a lot like ErrorHandler, but it specifically returns errors // that are compatible with https://datatracker.ietf.org/doc/html/rfc6749#section-5.2, // but serializing errWithCode.Error() in the 'error' field, and putting any help text diff --git a/internal/api/util/negotiate.go b/internal/api/util/negotiate.go index 1a4df7c4..8e7f4113 100644 --- a/internal/api/util/negotiate.go +++ b/internal/api/util/negotiate.go @@ -44,12 +44,12 @@ var WebfingerJSONAcceptHeaders = []MIME{ AppJSON, } -// HTMLOrJSONAcceptHeaders is a slice of offers that prefers TextHTML and will -// fall back to JSON if necessary. This is useful for error handling, since it can +// JSONOrHTMLAcceptHeaders is a slice of offers that prefers AppJSON and will +// fall back to HTML if necessary. This is useful for error handling, since it can // be used to serve a nice HTML page if the caller accepts that, or just JSON if not. -var HTMLOrJSONAcceptHeaders = []MIME{ - TextHTML, +var JSONOrHTMLAcceptHeaders = []MIME{ AppJSON, + TextHTML, } // HTMLAcceptHeaders is a slice of offers that just contains text/html types. diff --git a/internal/web/about.go b/internal/web/about.go index 86c0accd..ebb1ceef 100644 --- a/internal/web/about.go +++ b/internal/web/about.go @@ -33,7 +33,7 @@ const ( func (m *Module) aboutGETHandler(c *gin.Context) { instance, err := m.processor.InstanceGetV1(c.Request.Context()) if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) return } diff --git a/internal/web/base.go b/internal/web/base.go index 7e8bcf48..5bc3c536 100644 --- a/internal/web/base.go +++ b/internal/web/base.go @@ -36,7 +36,7 @@ func (m *Module) baseHandler(c *gin.Context) { instance, err := m.processor.InstanceGetV1(c.Request.Context()) if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) return } diff --git a/internal/web/confirmemail.go b/internal/web/confirmemail.go index 069640cc..b0ece58c 100644 --- a/internal/web/confirmemail.go +++ b/internal/web/confirmemail.go @@ -32,19 +32,19 @@ func (m *Module) confirmEmailGETHandler(c *gin.Context) { // if there's no token in the query, just serve the 404 web handler token := c.Query(tokenParam) if token == "" { - apiutil.ErrorHandler(c, gtserror.NewErrorNotFound(errors.New(http.StatusText(http.StatusNotFound))), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorNotFound(errors.New(http.StatusText(http.StatusNotFound))), m.processor.InstanceGetV1) return } user, errWithCode := m.processor.User().EmailConfirm(ctx, token) if errWithCode != nil { - apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } instance, err := m.processor.InstanceGetV1(ctx) if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) return } diff --git a/internal/web/customcss.go b/internal/web/customcss.go index aaeb269d..ef57e003 100644 --- a/internal/web/customcss.go +++ b/internal/web/customcss.go @@ -33,12 +33,12 @@ const textCSSUTF8 = string(apiutil.TextCSS + "; charset=utf-8") func (m *Module) customCSSGETHandler(c *gin.Context) { if !config.GetAccountsAllowCustomCSS() { err := errors.New("accounts-allow-custom-css is not enabled on this instance") - apiutil.ErrorHandler(c, gtserror.NewErrorNotFound(err), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorNotFound(err), m.processor.InstanceGetV1) return } if _, err := apiutil.NegotiateAccept(c, apiutil.TextCSS); err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1) return } @@ -46,13 +46,13 @@ func (m *Module) customCSSGETHandler(c *gin.Context) { username := strings.ToLower(c.Param(usernameKey)) if username == "" { err := errors.New("no account username specified") - apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1) return } customCSS, errWithCode := m.processor.Account().GetCustomCSSForUsername(c.Request.Context(), username) if errWithCode != nil { - apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/web/domain-blocklist.go b/internal/web/domain-blocklist.go index b3594470..8a88a093 100644 --- a/internal/web/domain-blocklist.go +++ b/internal/web/domain-blocklist.go @@ -35,25 +35,25 @@ const ( func (m *Module) domainBlockListGETHandler(c *gin.Context) { authed, err := oauth.Authed(c, false, false, false, false) if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) return } if !config.GetInstanceExposeSuspendedWeb() && (authed.Account == nil || authed.User == nil) { err := fmt.Errorf("this instance does not expose the list of suspended domains publicly") - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) return } instance, err := m.processor.InstanceGetV1(c.Request.Context()) if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) return } domainBlocks, errWithCode := m.processor.InstancePeersGet(c.Request.Context(), true, false, false) if errWithCode != nil { - apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } diff --git a/internal/web/profile.go b/internal/web/profile.go index 71bfe6c8..a4fddbaf 100644 --- a/internal/web/profile.go +++ b/internal/web/profile.go @@ -44,20 +44,20 @@ func (m *Module) profileGETHandler(c *gin.Context) { authed, err := oauth.Authed(c, false, false, false, false) if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) return } username := strings.ToLower(c.Param(usernameKey)) if username == "" { err := errors.New("no account username specified") - apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1) return } instance, err := m.processor.InstanceGetV1(ctx) if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) return } @@ -67,7 +67,7 @@ func (m *Module) profileGETHandler(c *gin.Context) { account, errWithCode := m.processor.Account().GetLocalByUsername(ctx, authed.Account, username) if errWithCode != nil { - apiutil.ErrorHandler(c, errWithCode, instanceGet) + apiutil.WebErrorHandler(c, errWithCode, instanceGet) return } @@ -105,7 +105,7 @@ func (m *Module) profileGETHandler(c *gin.Context) { statusResp, errWithCode := m.processor.Account().WebStatusesGet(ctx, account.ID, maxStatusID) if errWithCode != nil { - apiutil.ErrorHandler(c, errWithCode, instanceGet) + apiutil.WebErrorHandler(c, errWithCode, instanceGet) return } @@ -116,7 +116,7 @@ func (m *Module) profileGETHandler(c *gin.Context) { if !paging { pinnedResp, errWithCode = m.processor.Account().StatusesGet(ctx, authed.Account, account.ID, 0, false, false, "", "", true, false, false) if errWithCode != nil { - apiutil.ErrorHandler(c, errWithCode, instanceGet) + apiutil.WebErrorHandler(c, errWithCode, instanceGet) return } } @@ -158,14 +158,14 @@ func (m *Module) returnAPProfile(ctx context.Context, c *gin.Context, username s user, errWithCode := m.processor.Fedi().UserGet(ctx, username, c.Request.URL) if errWithCode != nil { - apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) //nolint:contextcheck + apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1) //nolint:contextcheck return } b, mErr := json.Marshal(user) if mErr != nil { err := fmt.Errorf("could not marshal json: %s", mErr) - apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) //nolint:contextcheck + apiutil.WebErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) //nolint:contextcheck return } diff --git a/internal/web/rss.go b/internal/web/rss.go index fc792321..8c8d5112 100644 --- a/internal/web/rss.go +++ b/internal/web/rss.go @@ -83,7 +83,7 @@ func (m *Module) rssFeedGETHandler(c *gin.Context) { ctx := c.Request.Context() if _, err := apiutil.NegotiateAccept(c, apiutil.AppRSSXML); err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1) return } @@ -91,7 +91,7 @@ func (m *Module) rssFeedGETHandler(c *gin.Context) { username := strings.ToLower(c.Param(usernameKey)) if username == "" { err := errors.New("no account username specified") - apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1) return } @@ -100,7 +100,7 @@ func (m *Module) rssFeedGETHandler(c *gin.Context) { getRssFeed, accountLastPostedPublic, errWithCode := m.processor.Account().GetRSSFeedForUsername(ctx, username) if errWithCode != nil { - apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } @@ -112,13 +112,13 @@ func (m *Module) rssFeedGETHandler(c *gin.Context) { // we either have no cache entry for this, or we have an expired cache entry; generate a new one rssFeed, errWithCode = getRssFeed() if errWithCode != nil { - apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } eTag, err := generateEtag(bytes.NewBufferString(rssFeed)) if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) return } @@ -146,7 +146,7 @@ func (m *Module) rssFeedGETHandler(c *gin.Context) { // we had a cache entry already so we didn't call to get the rss feed yet rssFeed, errWithCode = getRssFeed() if errWithCode != nil { - apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1) return } } diff --git a/internal/web/settings-panel.go b/internal/web/settings-panel.go index a302945c..615f2d26 100644 --- a/internal/web/settings-panel.go +++ b/internal/web/settings-panel.go @@ -28,7 +28,7 @@ import ( func (m *Module) SettingsPanelHandler(c *gin.Context) { instance, err := m.processor.InstanceGetV1(c.Request.Context()) if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) return } diff --git a/internal/web/thread.go b/internal/web/thread.go index ed024177..fe57ddf1 100644 --- a/internal/web/thread.go +++ b/internal/web/thread.go @@ -39,7 +39,7 @@ func (m *Module) threadGETHandler(c *gin.Context) { authed, err := oauth.Authed(c, false, false, false, false) if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) return } @@ -47,7 +47,7 @@ func (m *Module) threadGETHandler(c *gin.Context) { username := strings.ToLower(c.Param(usernameKey)) if username == "" { err := errors.New("no account username specified") - apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1) return } @@ -55,13 +55,13 @@ func (m *Module) threadGETHandler(c *gin.Context) { statusID := strings.ToUpper(c.Param(statusIDKey)) if statusID == "" { err := errors.New("no status id specified") - apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1) return } instance, err := m.processor.InstanceGetV1(ctx) if err != nil { - apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) + apiutil.WebErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) return } @@ -72,19 +72,19 @@ func (m *Module) threadGETHandler(c *gin.Context) { // do this check to make sure the status is actually from a local account, // we shouldn't render threads from statuses that don't belong to us! if _, errWithCode := m.processor.Account().GetLocalByUsername(ctx, authed.Account, username); errWithCode != nil { - apiutil.ErrorHandler(c, errWithCode, instanceGet) + apiutil.WebErrorHandler(c, errWithCode, instanceGet) return } status, errWithCode := m.processor.Status().Get(ctx, authed.Account, statusID) if errWithCode != nil { - apiutil.ErrorHandler(c, errWithCode, instanceGet) + apiutil.WebErrorHandler(c, errWithCode, instanceGet) return } if !strings.EqualFold(username, status.Account.Username) { err := gtserror.NewErrorNotFound(errors.New("path username not equal to status author username")) - apiutil.ErrorHandler(c, gtserror.NewErrorNotFound(err), instanceGet) + apiutil.WebErrorHandler(c, gtserror.NewErrorNotFound(err), instanceGet) return } @@ -98,7 +98,7 @@ func (m *Module) threadGETHandler(c *gin.Context) { context, errWithCode := m.processor.Status().ContextGet(ctx, authed.Account, statusID) if errWithCode != nil { - apiutil.ErrorHandler(c, errWithCode, instanceGet) + apiutil.WebErrorHandler(c, errWithCode, instanceGet) return } @@ -133,14 +133,14 @@ func (m *Module) returnAPStatus(ctx context.Context, c *gin.Context, username st status, errWithCode := m.processor.Fedi().StatusGet(ctx, username, statusID) if errWithCode != nil { - apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) //nolint:contextcheck + apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1) //nolint:contextcheck return } b, mErr := json.Marshal(status) if mErr != nil { err := fmt.Errorf("could not marshal json: %s", mErr) - apiutil.ErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) //nolint:contextcheck + apiutil.WebErrorHandler(c, gtserror.NewErrorInternalError(err), m.processor.InstanceGetV1) //nolint:contextcheck return }