From d9d5e61de0678423a0524515b83aac567defaf36 Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Mon, 2 Dec 2024 12:36:29 +0100 Subject: [PATCH] generator: Start span before auth --- http/jsonapi/generator/generate_handler.go | 23 +- .../generator/internal/pay/open-api_test.go | 30 +- .../generator/internal/poi/open-api_test.go | 490 +++++++++--------- .../internal/securitytest/open-api_test.go | 15 +- 4 files changed, 271 insertions(+), 287 deletions(-) diff --git a/http/jsonapi/generator/generate_handler.go b/http/jsonapi/generator/generate_handler.go index 4182fdb0..77c745e4 100644 --- a/http/jsonapi/generator/generate_handler.go +++ b/http/jsonapi/generator/generate_handler.go @@ -595,31 +595,19 @@ func (g *Generator) buildHandler(method string, op *openapi3.Operation, pattern // recover panics g.Defer().Qual(pkgMaintErrors, "HandleRequest").Call(jen.Lit(handler), jen.Id("w"), jen.Id("r")) - g.Add(auth) - // set tracing context - - ctxStmt := jen.Id("r").Dot("Context").Call() - - if auth != nil { - ctxStmt = jen.Id("ctx") - } - g.Line().Comment("Trace the service function handler execution") g.Id("span").Op(":=").Qual(pkgSentry, "StartSpan").Call( - ctxStmt, jen.Lit("http.server"), jen.Qual(pkgSentry, "WithDescription").Call(jen.Lit(handler))) + jen.Id("r").Dot("Context").Call(), jen.Lit("http.server"), jen.Qual(pkgSentry, "WithDescription").Call(jen.Lit(handler))) g.Defer().Id("span").Dot("Finish").Call() g.Line().Empty() - operator := ":=" - - if auth != nil { - operator = "=" - } - - g.Id("ctx").Op(operator).Id("span").Dot("Context").Call() + // set tracing context + g.Id("ctx").Op(":=").Id("span").Dot("Context").Call() g.Id("r").Op("=").Id("r.WithContext").Call(jen.Id("ctx")) + g.Add(auth) + g.Line().Comment("Setup context, response writer and request type") // response writer @@ -830,7 +818,6 @@ func generateAuthorizationForMultipleSecSchemas(op *openapi3.Operation, secSchem caser := cases.Title(language.Und, cases.NoLower) - r.Line().Var().Id("ctx").Id("context.Context") r.Line().Var().Id("ok").Id("bool") for _, val := range orderedSec { name := val[0] diff --git a/http/jsonapi/generator/internal/pay/open-api_test.go b/http/jsonapi/generator/internal/pay/open-api_test.go index 8bf86946..8f0a30bf 100644 --- a/http/jsonapi/generator/internal/pay/open-api_test.go +++ b/http/jsonapi/generator/internal/pay/open-api_test.go @@ -207,7 +207,13 @@ func CreatePaymentMethodSEPAHandler(service CreatePaymentMethodSEPAHandlerServic return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("CreatePaymentMethodSEPAHandler", w, r) - var ctx context.Context + // Trace the service function handler execution + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("CreatePaymentMethodSEPAHandler")) + defer span.Finish() + + ctx := span.Context() + r = r.WithContext(ctx) + var ok bool if authBackend.CanAuthorizeOAuth2(r) { @@ -232,13 +238,6 @@ func CreatePaymentMethodSEPAHandler(service CreatePaymentMethodSEPAHandlerServic return } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("CreatePaymentMethodSEPAHandler")) - defer span.Finish() - - ctx = span.Context() - r = r.WithContext(ctx) - // Setup context, response writer and request type writer := createPaymentMethodSEPAResponseWriter{ ResponseWriter: metrics.NewMetric("pay", "/beta/payment-methods/sepa-direct-debit", w, r), @@ -284,7 +283,13 @@ func DeletePaymentMethodHandler(service DeletePaymentMethodHandlerService, authB return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("DeletePaymentMethodHandler", w, r) - var ctx context.Context + // Trace the service function handler execution + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("DeletePaymentMethodHandler")) + defer span.Finish() + + ctx := span.Context() + r = r.WithContext(ctx) + var ok bool if authBackend.CanAuthorizeOAuth2(r) { @@ -303,13 +308,6 @@ func DeletePaymentMethodHandler(service DeletePaymentMethodHandlerService, authB return } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("DeletePaymentMethodHandler")) - defer span.Finish() - - ctx = span.Context() - r = r.WithContext(ctx) - // Setup context, response writer and request type writer := deletePaymentMethodResponseWriter{ ResponseWriter: metrics.NewMetric("pay", "/beta/payment-methods/{paymentMethodId}", w, r), diff --git a/http/jsonapi/generator/internal/poi/open-api_test.go b/http/jsonapi/generator/internal/poi/open-api_test.go index 0ee675e0..4585aad9 100644 --- a/http/jsonapi/generator/internal/poi/open-api_test.go +++ b/http/jsonapi/generator/internal/poi/open-api_test.go @@ -429,18 +429,18 @@ func DeduplicatePoiHandler(service DeduplicatePoiHandlerService, authBackend Aut return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("DeduplicatePoiHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:pois:update") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("DeduplicatePoiHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("DeduplicatePoiHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:pois:update") + if !ok { + return + } + // Setup context, response writer and request type writer := deduplicatePoiResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/admin/poi/dedupe", w, r), @@ -486,18 +486,18 @@ func MovePoiAtPositionHandler(service MovePoiAtPositionHandlerService, authBacke return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("MovePoiAtPositionHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:pois:update") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("MovePoiAtPositionHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("MovePoiAtPositionHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:pois:update") + if !ok { + return + } + // Setup context, response writer and request type writer := movePoiAtPositionResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/admin/poi/move", w, r), @@ -543,18 +543,18 @@ func GetAppsHandler(service GetAppsHandlerService, authBackend AuthorizationBack return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetAppsHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:apps:read") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetAppsHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetAppsHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:apps:read") + if !ok { + return + } + // Setup context, response writer and request type writer := getAppsResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/apps", w, r), @@ -620,18 +620,18 @@ func CreateAppHandler(service CreateAppHandlerService, authBackend Authorization return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("CreateAppHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:apps:create") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("CreateAppHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("CreateAppHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:apps:create") + if !ok { + return + } + // Setup context, response writer and request type writer := createAppResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/apps", w, r), @@ -677,18 +677,18 @@ func CheckForPaceAppHandler(service CheckForPaceAppHandlerService, authBackend A return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("CheckForPaceAppHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:apps:read") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("CheckForPaceAppHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("CheckForPaceAppHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:apps:read") + if !ok { + return + } + // Setup context, response writer and request type writer := checkForPaceAppResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/apps/query", w, r), @@ -746,18 +746,18 @@ func DeleteAppHandler(service DeleteAppHandlerService, authBackend Authorization return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("DeleteAppHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:apps:delete") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("DeleteAppHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("DeleteAppHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:apps:delete") + if !ok { + return + } + // Setup context, response writer and request type writer := deleteAppResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/apps/{appID}", w, r), @@ -809,18 +809,18 @@ func GetAppHandler(service GetAppHandlerService, authBackend AuthorizationBacken return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetAppHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:apps:read") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetAppHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetAppHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:apps:read") + if !ok { + return + } + // Setup context, response writer and request type writer := getAppResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/apps/{appID}", w, r), @@ -872,18 +872,18 @@ func UpdateAppHandler(service UpdateAppHandlerService, authBackend Authorization return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("UpdateAppHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:apps:update") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("UpdateAppHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("UpdateAppHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:apps:update") + if !ok { + return + } + // Setup context, response writer and request type writer := updateAppResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/apps/{appID}", w, r), @@ -938,18 +938,18 @@ func GetAppPOIsRelationshipsHandler(service GetAppPOIsRelationshipsHandlerServic return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetAppPOIsRelationshipsHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:apps:read") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetAppPOIsRelationshipsHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetAppPOIsRelationshipsHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:apps:read") + if !ok { + return + } + // Setup context, response writer and request type writer := getAppPOIsRelationshipsResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/apps/{appID}/relationships/pois", w, r), @@ -1001,18 +1001,18 @@ func UpdateAppPOIsRelationshipsHandler(service UpdateAppPOIsRelationshipsHandler return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("UpdateAppPOIsRelationshipsHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:apps:update") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("UpdateAppPOIsRelationshipsHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("UpdateAppPOIsRelationshipsHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:apps:update") + if !ok { + return + } + // Setup context, response writer and request type writer := updateAppPOIsRelationshipsResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/apps/{appID}/relationships/pois", w, r), @@ -1067,18 +1067,18 @@ func GetDuplicatesKMLHandler(service GetDuplicatesKMLHandlerService, authBackend return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetDuplicatesKMLHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:dumps:duplicatemap") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetDuplicatesKMLHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetDuplicatesKMLHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:dumps:duplicatemap") + if !ok { + return + } + // Setup context, response writer and request type writer := getDuplicatesKMLResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/datadumps/duplicatemap/{countryCode}", w, r), @@ -1130,18 +1130,18 @@ func GetPoisDumpHandler(service GetPoisDumpHandlerService, authBackend Authoriza return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetPoisDumpHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:dumps:pois") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetPoisDumpHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetPoisDumpHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:dumps:pois") + if !ok { + return + } + // Setup context, response writer and request type writer := getPoisDumpResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/datadumps/pois", w, r), @@ -1191,18 +1191,18 @@ func DeleteGasStationReferenceStatusHandler(service DeleteGasStationReferenceSta return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("DeleteGasStationReferenceStatusHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:gas-stations.references:update") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("DeleteGasStationReferenceStatusHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("DeleteGasStationReferenceStatusHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:gas-stations.references:update") + if !ok { + return + } + // Setup context, response writer and request type writer := deleteGasStationReferenceStatusResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/delivery/gas-stations/{gasStationId}/reference-status/{reference}", w, r), @@ -1259,18 +1259,18 @@ func PutGasStationReferenceStatusHandler(service PutGasStationReferenceStatusHan return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("PutGasStationReferenceStatusHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:gas-stations.references:update") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("PutGasStationReferenceStatusHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("PutGasStationReferenceStatusHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:gas-stations.references:update") + if !ok { + return + } + // Setup context, response writer and request type writer := putGasStationReferenceStatusResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/delivery/gas-stations/{gasStationId}/reference-status/{reference}", w, r), @@ -1330,18 +1330,18 @@ func GetEventsHandler(service GetEventsHandlerService, authBackend Authorization return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetEventsHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:events:read") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetEventsHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetEventsHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:events:read") + if !ok { + return + } + // Setup context, response writer and request type writer := getEventsResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/events", w, r), @@ -1403,18 +1403,18 @@ func GetGasStationsHandler(service GetGasStationsHandlerService, authBackend Aut return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetGasStationsHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:gas-stations:read") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetGasStationsHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetGasStationsHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:gas-stations:read") + if !ok { + return + } + // Setup context, response writer and request type writer := getGasStationsResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/gas-stations", w, r), @@ -1500,18 +1500,18 @@ func GetGasStationHandler(service GetGasStationHandlerService, authBackend Autho return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetGasStationHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:gas-stations:read") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetGasStationHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetGasStationHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:gas-stations:read") + if !ok { + return + } + // Setup context, response writer and request type writer := getGasStationResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/gas-stations/{id}", w, r), @@ -1567,18 +1567,18 @@ func GetPriceHistoryHandler(service GetPriceHistoryHandlerService, authBackend A return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetPriceHistoryHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:gas-stations:read") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetPriceHistoryHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetPriceHistoryHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:gas-stations:read") + if !ok { + return + } + // Setup context, response writer and request type writer := getPriceHistoryResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/gas-stations/{id}/fuel-price-histories/{fuel_type}", w, r), @@ -1647,18 +1647,18 @@ func GetGasStationFuelTypeNameMappingHandler(service GetGasStationFuelTypeNameMa return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetGasStationFuelTypeNameMappingHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:gas-stations:read") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetGasStationFuelTypeNameMappingHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetGasStationFuelTypeNameMappingHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:gas-stations:read") + if !ok { + return + } + // Setup context, response writer and request type writer := getGasStationFuelTypeNameMappingResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/gas-stations/{id}/fueltype", w, r), @@ -1714,18 +1714,18 @@ func GetMetadataFiltersHandler(service GetMetadataFiltersHandlerService, authBac return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetMetadataFiltersHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:gas-stations:read") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetMetadataFiltersHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetMetadataFiltersHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:gas-stations:read") + if !ok { + return + } + // Setup context, response writer and request type writer := getMetadataFiltersResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/meta", w, r), @@ -1779,18 +1779,18 @@ func GetPoisHandler(service GetPoisHandlerService, authBackend AuthorizationBack return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetPoisHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:pois:read") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetPoisHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetPoisHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:pois:read") + if !ok { + return + } + // Setup context, response writer and request type writer := getPoisResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/pois", w, r), @@ -1852,18 +1852,18 @@ func GetPoiHandler(service GetPoiHandlerService, authBackend AuthorizationBacken return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetPoiHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:pois:read") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetPoiHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetPoiHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:pois:read") + if !ok { + return + } + // Setup context, response writer and request type writer := getPoiResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/pois/{poiId}", w, r), @@ -1915,18 +1915,18 @@ func ChangePoiHandler(service ChangePoiHandlerService, authBackend Authorization return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("ChangePoiHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:pois:update") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("ChangePoiHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("ChangePoiHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:pois:update") + if !ok { + return + } + // Setup context, response writer and request type writer := changePoiResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/pois/{poiId}", w, r), @@ -1981,18 +1981,18 @@ func GetPoliciesHandler(service GetPoliciesHandlerService, authBackend Authoriza return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetPoliciesHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:policies:read") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetPoliciesHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetPoliciesHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:policies:read") + if !ok { + return + } + // Setup context, response writer and request type writer := getPoliciesResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/policies", w, r), @@ -2058,18 +2058,18 @@ func CreatePolicyHandler(service CreatePolicyHandlerService, authBackend Authori return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("CreatePolicyHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:policies:create") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("CreatePolicyHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("CreatePolicyHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:policies:create") + if !ok { + return + } + // Setup context, response writer and request type writer := createPolicyResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/policies", w, r), @@ -2115,18 +2115,18 @@ func GetPolicyHandler(service GetPolicyHandlerService, authBackend Authorization return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetPolicyHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:policies:read") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetPolicyHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetPolicyHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:policies:read") + if !ok { + return + } + // Setup context, response writer and request type writer := getPolicyResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/policies/{policyId}", w, r), @@ -2238,18 +2238,18 @@ func GetSourcesHandler(service GetSourcesHandlerService, authBackend Authorizati return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetSourcesHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:sources:read") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetSourcesHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetSourcesHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:sources:read") + if !ok { + return + } + // Setup context, response writer and request type writer := getSourcesResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/sources", w, r), @@ -2311,18 +2311,18 @@ func CreateSourceHandler(service CreateSourceHandlerService, authBackend Authori return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("CreateSourceHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:sources:create") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("CreateSourceHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("CreateSourceHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:sources:create") + if !ok { + return + } + // Setup context, response writer and request type writer := createSourceResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/sources", w, r), @@ -2368,18 +2368,18 @@ func DeleteSourceHandler(service DeleteSourceHandlerService, authBackend Authori return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("DeleteSourceHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:sources:delete") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("DeleteSourceHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("DeleteSourceHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:sources:delete") + if !ok { + return + } + // Setup context, response writer and request type writer := deleteSourceResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/sources/{sourceId}", w, r), @@ -2431,18 +2431,18 @@ func GetSourceHandler(service GetSourceHandlerService, authBackend Authorization return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetSourceHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:sources:read") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetSourceHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetSourceHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:sources:read") + if !ok { + return + } + // Setup context, response writer and request type writer := getSourceResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/sources/{sourceId}", w, r), @@ -2494,18 +2494,18 @@ func UpdateSourceHandler(service UpdateSourceHandlerService, authBackend Authori return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("UpdateSourceHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:sources:update") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("UpdateSourceHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("UpdateSourceHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:sources:update") + if !ok { + return + } + // Setup context, response writer and request type writer := updateSourceResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/sources/{sourceId}", w, r), @@ -2560,18 +2560,18 @@ func GetSubscriptionsHandler(service GetSubscriptionsHandlerService, authBackend return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetSubscriptionsHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:subscriptions:read") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetSubscriptionsHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetSubscriptionsHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:subscriptions:read") + if !ok { + return + } + // Setup context, response writer and request type writer := getSubscriptionsResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/subscriptions", w, r), @@ -2617,18 +2617,18 @@ func DeleteSubscriptionHandler(service DeleteSubscriptionHandlerService, authBac return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("DeleteSubscriptionHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:subscriptions:delete") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("DeleteSubscriptionHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("DeleteSubscriptionHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:subscriptions:delete") + if !ok { + return + } + // Setup context, response writer and request type writer := deleteSubscriptionResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/subscriptions/{id}", w, r), @@ -2668,18 +2668,18 @@ func StoreSubscriptionHandler(service StoreSubscriptionHandlerService, authBacke return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("StoreSubscriptionHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:subscriptions:create") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("StoreSubscriptionHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("StoreSubscriptionHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:subscriptions:create") + if !ok { + return + } + // Setup context, response writer and request type writer := storeSubscriptionResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/beta/subscriptions/{id}", w, r), @@ -2725,18 +2725,18 @@ func GetTilesHandler(service GetTilesHandlerService, authBackend AuthorizationBa return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetTilesHandler", w, r) - ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:tiles:read") - if !ok { - return - } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetTilesHandler")) + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetTilesHandler")) defer span.Finish() - ctx = span.Context() + ctx := span.Context() r = r.WithContext(ctx) + ctx, ok := authBackend.AuthorizeOAuth2(r, w, "poi:tiles:read") + if !ok { + return + } + // Setup context, response writer and request type writer := getTilesResponseWriter{ ResponseWriter: metrics.NewMetric("poi", "/v1/tiles/query", w, r), diff --git a/http/jsonapi/generator/internal/securitytest/open-api_test.go b/http/jsonapi/generator/internal/securitytest/open-api_test.go index e8157fc0..45a7315a 100644 --- a/http/jsonapi/generator/internal/securitytest/open-api_test.go +++ b/http/jsonapi/generator/internal/securitytest/open-api_test.go @@ -46,7 +46,13 @@ func GetTestHandler(service GetTestHandlerService, authBackend AuthorizationBack return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { defer errors.HandleRequest("GetTestHandler", w, r) - var ctx context.Context + // Trace the service function handler execution + span := sentry.StartSpan(r.Context(), "http.server", sentry.WithDescription("GetTestHandler")) + defer span.Finish() + + ctx := span.Context() + r = r.WithContext(ctx) + var ok bool if authBackend.CanAuthorizeOAuth2(r) { @@ -65,13 +71,6 @@ func GetTestHandler(service GetTestHandlerService, authBackend AuthorizationBack return } - // Trace the service function handler execution - span := sentry.StartSpan(ctx, "http.server", sentry.WithDescription("GetTestHandler")) - defer span.Finish() - - ctx = span.Context() - r = r.WithContext(ctx) - // Setup context, response writer and request type writer := getTestResponseWriter{ ResponseWriter: metrics.NewMetric("securitytest", "/beta/test", w, r),