Summary

Remove reliance on global state

Review Request #9782 — Created March 15, 2018 and submitted April 6, 2018, 1:30 p.m.

Information

Owner

brennie

Repository

rb-gateway

Branch

master

Bugs

Depends On

~~9773~~

Blocks

9840

Commit

d9ade07...

Reviewers

Groups

rb-gateway

People

Description

This patch is a cleanup of the API routes. The major change is that we
now have an API type which contains the API methods. With this change,
the routes now have access to the API's configuration so we no longer
need a global Config object!

Additionally, some cleanup has been done to the routes that require a
repository with the api.withRepository middleware, which provides the
requested repository as the "repo" context variable (instead of having
each route retrieve it and do error checking). Routes have been
re-written to have a simpler error-checking flow as well.

Testing Done

Ran unit tests.

Issues

Description	From	Last Updated
Do we need to fetch the config from out of this package? It seems better if this were unexported.	david	March 26, 2018, 3:19 p.m.
Wrapping here doesn't really improve readability.	david	March 26, 2018, 3:19 p.m.
I think I prefer having the table of path/method/handler that we iterate over to build all the routes.	david	March 26, 2018, 3:42 p.m.
This is not a good error message, plus things should use log rather than println. Leftover debug output?	david	March 26, 2018, 3:42 p.m.
Same here.	david	March 26, 2018, 3:42 p.m.
Leftover debug output?	david	March 26, 2018, 3:42 p.m.
Typo: Contenet	david	March 26, 2018, 3:43 p.m.
This needs to be run through gofmt	david	March 27, 2018, 3:50 p.m.

flake8 passed.

JSHint passed.

Summary:

Remove reliance on global state and prevent timing attacks in auth

Remove reliance on global state

Description:

		This patch is a cleanup of the API routes. The major change is that we
		now have an `API` type which contains the API methods. With this change,
		the routes now have access to the API's configuration so we no longer
		need a global `Config` object!

		Additionally, some cleanup has been done to the routes that require a
		repository with the `api.withRepository` middleware, which provides the
		requested repository as the `"repo"` context variable (instead of having
		each route retrieve it and do error checking). Routes have been
		re-written to have a simpler error-checking flow as well.
-
-		Authentication has also been cleaned up a touch. We now prevent timing
-		attacks when authentication by using constant time username and password
-		comparison.

Commit:

04b72aa6e85d7f359b73095492f469faa1d3a6b7

dcb2f7d65089261819140f0b4764f99494a63ff7

Diff:

Revision 2 (+327 -505)

Show changes

	main.go
	api/api.go
	api/auth.go
	api/middleware.go
	api/routes.go
	api/routes_test.go
	config/config.go
	helpers/config_helpers.go

Checks run (2 succeeded)

flake8 passed.

JSHint passed.

api/api.go (Diff revision 2)

The issue has been resolved. Show all issues

Do we need to fetch the config from out of this package? It seems better if this were unexported.

brennie March 26, 2018, 12:24 p.m.

I was using it as a way to set it, but I guess we can unexport it and have a setter?

api/api.go (Diff revision 2)
The issue has been resolved. Show all issues
```
Wrapping here doesn't really improve readability.
```

api/api.go (Diff revision 2)

The issue has been resolved. Show all issues

I think I prefer having the table of path/method/handler that we iterate over to build all the routes.

api/api.go (Diff revision 2)

The issue has been resolved. Show all issues

This is not a good error message, plus things should use log rather than println. Leftover debug output?

brennie March 26, 2018, 12:24 p.m.
```
Oops :P
```

api/api.go (Diff revision 2)
The issue has been resolved. Show all issues
```
Same here.
```
api/routes.go (Diff revision 2)
The issue has been resolved. Show all issues
```
Leftover debug output?
```
api/routes.go (Diff revision 2)
The issue has been resolved. Show all issues
```
Typo: Contenet
```

Change Summary:

Addressed David's issues.

Commit:

dcb2f7d65089261819140f0b4764f99494a63ff7

8125191a1503f9a4bbb89c62af685d2197b4b8ff

Diff:

Revision 3 (+322 -512)

Show changes

	main.go
	api/api.go
	api/auth.go
	api/middleware.go
	api/routes.go
	api/routes_test.go
	config/config.go
	helpers/config_helpers.go

Checks run (2 succeeded)

flake8 passed.

JSHint passed.

api/api.go (Diff revision 3)

The issue has been resolved. Show all issues

This needs to be run through gofmt

Commit:

8125191a1503f9a4bbb89c62af685d2197b4b8ff

d9ade07a06326078aa18d88a3d163d0e8873461b

Diff:

Revision 4 (+322 -512)

Show changes

	main.go
	api/api.go
	api/auth.go
	api/middleware.go
	api/routes.go
	api/routes_test.go
	config/config.go
	helpers/config_helpers.go

Checks run (2 succeeded)

flake8 passed.

JSHint passed.

Change Summary:

Rebasing all patches.

Diff:

Revision 5 (+322 -512)

Show changes

	main.go
	api/api.go
	api/auth.go
	api/middleware.go
	api/routes.go
	api/routes_test.go
	config/config.go
	helpers/config_helpers.go

Checks run (2 succeeded)

flake8 passed.

JSHint passed.

Ship it!

```
Ship It!
```

Status:: Completed
Change Summary:: Pushed to master (6c77911)