extractOAuth2ProviderAppBase is the internal implementation that uses the strategy pattern instead of a control flag to handle different error formats.
(db database.Store, errWriter errorWriter)
| 304 | // extractOAuth2ProviderAppBase is the internal implementation that uses the strategy pattern |
| 305 | // instead of a control flag to handle different error formats. |
| 306 | func extractOAuth2ProviderAppBase(db database.Store, errWriter errorWriter) func(http.Handler) http.Handler { |
| 307 | return func(next http.Handler) http.Handler { |
| 308 | return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { |
| 309 | ctx := r.Context() |
| 310 | |
| 311 | // App can come from a URL param, query param, or form value. |
| 312 | paramID := "app" |
| 313 | var appID uuid.UUID |
| 314 | if chi.URLParam(r, paramID) != "" { |
| 315 | var ok bool |
| 316 | appID, ok = ParseUUIDParam(rw, r, "app") |
| 317 | if !ok { |
| 318 | return |
| 319 | } |
| 320 | } else { |
| 321 | // If not provided by the url, then it is provided according to the |
| 322 | // oauth 2 spec. This can occur with query params, or in the body as |
| 323 | // form parameters. |
| 324 | // This also depends on if you are doing a POST (tokens) or GET (authorize). |
| 325 | paramAppID := r.URL.Query().Get("client_id") |
| 326 | if paramAppID == "" { |
| 327 | // Check the form params! |
| 328 | if r.ParseForm() == nil { |
| 329 | paramAppID = r.Form.Get("client_id") |
| 330 | } |
| 331 | } |
| 332 | if paramAppID == "" { |
| 333 | // RFC 6749 §2.3.1: confidential clients may authenticate via |
| 334 | // HTTP Basic where the username is the client_id. |
| 335 | if user, _, ok := r.BasicAuth(); ok && user != "" { |
| 336 | paramAppID = user |
| 337 | } |
| 338 | } |
| 339 | if paramAppID == "" { |
| 340 | errWriter.writeMissingClientID(ctx, rw) |
| 341 | return |
| 342 | } |
| 343 | |
| 344 | var err error |
| 345 | appID, err = uuid.Parse(paramAppID) |
| 346 | if err != nil { |
| 347 | errWriter.writeInvalidClientID(ctx, rw, err) |
| 348 | return |
| 349 | } |
| 350 | } |
| 351 | |
| 352 | app, err := db.GetOAuth2ProviderAppByID(ctx, appID) |
| 353 | if httpapi.Is404Error(err) { |
| 354 | errWriter.writeClientNotFound(ctx, rw) |
| 355 | return |
| 356 | } |
| 357 | if err != nil { |
| 358 | httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{ |
| 359 | Message: "Internal error fetching OAuth2 app.", |
| 360 | Detail: err.Error(), |
| 361 | }) |
| 362 | return |
| 363 | } |
no test coverage detected