commit 7bbb305a40dfa50bb62bdcf686ecbf3e6e9a0e86 · stream.place/streamplace

stream.place / streamplace

Live video on the AT Protocol

fork atom

oauth: don't clobber the context you goof

Eli Mallon 9 months ago 7bbb305a 92d5a4aa

+19 -10

3 changed files

expand all

unified split

pkg

api

api.go

oproxy

oauth_middleware.go

spxrpc

spxrpc.go

+16 -2

pkg/api/api.go

··· 18 18 19 19 "github.com/NYTimes/gziphandler" 20 20 "github.com/bluesky-social/indigo/api/bsky" 21 + "github.com/google/uuid" 21 22 "github.com/julienschmidt/httprouter" 22 23 "github.com/rs/cors" 23 24 sloghttp "github.com/samber/slog-http" ··· 126 127 // api/playback/iame.li/hls/source/000000000000.ts 127 128 128 129 func (a *StreamplaceAPI) Handler(ctx context.Context) (http.Handler, error) { 130 + 129 131 var xrpc http.Handler 130 132 xrpc, err := spxrpc.NewServer(ctx, a.CLI, a.Model) 131 133 if err != nil { 132 134 return nil, err 133 135 } 134 - 135 136 xrpc = a.op.OAuthMiddleware(xrpc) 136 137 router := httprouter.New() 138 + 137 139 router.Handler("GET", "/oauth/*anything", a.op.Handler()) 138 140 router.Handler("POST", "/oauth/*anything", a.op.Handler()) 139 141 router.Handler("GET", "/.well-known/oauth-authorization-server", a.op.Handler()) ··· 243 245 handler = sloghttp.New(slog.Default())(handler) 244 246 handler = a.RateLimitMiddleware(ctx)(handler) 245 247 248 + // this needs to be LAST so nothing else clobbers the context 249 + handler = a.ContextMiddleware(ctx)(handler) 250 + 246 251 return handler, nil 247 252 } 248 - 253 + func (a *StreamplaceAPI) ContextMiddleware(ctx context.Context) func(next http.Handler) http.Handler { 254 + return func(next http.Handler) http.Handler { 255 + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 256 + uuid := uuid.New().String() 257 + ctx = log.WithLogValues(ctx, "requestID", uuid, "method", r.Method, "path", r.URL.Path) 258 + r = r.WithContext(ctx) 259 + next.ServeHTTP(w, r) 260 + }) 261 + } 262 + } 249 263 func copyHeader(dst, src http.Header) { 250 264 for k, vv := range src { 251 265 // we'll handle CORS ourselves, thanks

+1 -1

pkg/oproxy/oauth_middleware.go

··· 124 124 return nil, fmt.Errorf("could not get oauth session: %w", err) 125 125 } 126 126 if session == nil { 127 - return nil, nil 127 + return nil, echo.NewHTTPError(http.StatusUnauthorized, "oauth session not found") 128 128 } 129 129 if session.RevokedAt != nil { 130 130 return nil, fmt.Errorf("oauth session revoked")

+2 -7

pkg/spxrpc/spxrpc.go

··· 4 4 "context" 5 5 "net/http" 6 6 7 - "github.com/google/uuid" 8 7 "github.com/labstack/echo/v4" 9 8 "stream.place/streamplace/pkg/config" 10 9 "stream.place/streamplace/pkg/log" ··· 24 23 cli: cli, 25 24 model: model, 26 25 } 27 - e.Use(s.ErrorHandlingMiddleware(ctx)) 26 + e.Use(s.ErrorHandlingMiddleware()) 28 27 err := s.RegisterHandlersPlaceStream(e) 29 28 if err != nil { 30 29 return nil, err ··· 46 45 s.e.ServeHTTP(w, r) 47 46 } 48 47 49 - func (s *Server) ErrorHandlingMiddleware(ctx context.Context) echo.MiddlewareFunc { 48 + func (s *Server) ErrorHandlingMiddleware() echo.MiddlewareFunc { 50 49 return func(next echo.HandlerFunc) echo.HandlerFunc { 51 50 return func(c echo.Context) error { 52 - req := c.Request() 53 - uuid := uuid.New().String() 54 - ctx = log.WithLogValues(ctx, "requestID", uuid, "method", req.Method, "path", req.URL.Path) 55 - c.SetRequest(req.WithContext(ctx)) 56 51 err := next(c) 57 52 if err == nil { 58 53 return nil