Let GetUserID and GetOrganizationID panic (#878)

Author: FoseFx

libs/common/auth/auth.go

@@ -238,22 +238,44 @@ func SessionValidUntil(ctx context.Context) (time.Time, error) {
 	}
 }
 
-func GetUserID(ctx context.Context) (uuid.UUID, error) {
+// MaybeGetUserID can be used instead of MustGetUserID
+func MaybeGetUserID(ctx context.Context) *uuid.UUID {
 	res, ok := ctx.Value(userIDKey{}).(uuid.UUID)
 	if !ok {
-		return uuid.UUID{}, status.Error(codes.Internal, "userID not in context, set up auth")
-	} else {
-		return res, nil
+		return nil
+	}
+	return &res
+}
+
+// MustGetUserID panics, if context does not contain the userIDKey,
+// which should have been set in the auth middleware
+// Also see MaybeGetUserID, if you can not ensure that
+func MustGetUserID(ctx context.Context) uuid.UUID {
+	res := MaybeGetUserID(ctx)
+	if res == nil {
+		panic("MustGetUserID called, but userID not in context, set up auth for this handler!")
 	}
+	return *res
 }
 
-func GetOrganizationID(ctx context.Context) (uuid.UUID, error) {
+// MaybeGetOrganizationID can be used instead of MustGetOrganizationID
+func MaybeGetOrganizationID(ctx context.Context) *uuid.UUID {
 	res, ok := ctx.Value(organizationIDKey{}).(uuid.UUID)
 	if !ok {
-		return uuid.UUID{}, status.Error(codes.Internal, "organizationID not in context, set up auth")
-	} else {
-		return res, nil
+		return nil
+	}
+	return &res
+}
+
+// MustGetOrganizationID panics, if context does not contain the organizationIDKey,
+// which should have been set in the auth middleware
+// Also see MaybeGetOrganizationID, if you can not ensure that
+func MustGetOrganizationID(ctx context.Context) uuid.UUID {
+	res := MaybeGetOrganizationID(ctx)
+	if res == nil {
+		panic("MustGetOrganizationID called, but organizationID not in context, set up auth for this handler!")
 	}
+	return *res
 }
 
 // SetupAuth sets up auth, such that GetIDTokenVerifier and GetOAuthConfig work

libs/common/hwgrpc/auth_interceptor.go

@@ -92,7 +92,7 @@ func authInterceptor(ctx context.Context) (context.Context, error) {
 		return nil, status.Errorf(codes.Internal, "invalid userID")
 	}
 
-	// attach userID to the context, so we can get it in a handler using GetUserID()
+	// attach userID to the context, so we can get it in a handler using MustGetUserID()
 	ctx = auth.ContextWithUserID(ctx, userID)
 
 	// attach userID to the current span (should be the auth interceptor span)

libs/common/hwgrpc/organization_interceptor.go

@@ -70,7 +70,7 @@ func organizationInterceptor(ctx context.Context) (context.Context, error) {
 		return nil, status.Errorf(codes.Internal, "invalid organizationID")
 	}
 
-	// attach organizationID to the context, so we can get it in a handler using GetOrganizationID()
+	// attach organizationID to the context, so we can get it in a handler using MustGetOrganizationID()
 	ctx = auth.ContextWithOrganizationID(ctx, organizationID)
 
 	// attach organizationID to the current span

libs/hwes/event.go

@@ -260,29 +260,29 @@ func (e *Event) GetJsonData(data interface{}) error {
 	return json.Unmarshal(e.Data, data)
 }
 
-// SetCommitterFromCtx injects the UserID from the passed context via common.GetUserID().
+// SetCommitterFromCtx injects the UserID from the passed context via auth.MustGetUserID().
 func (e *Event) SetCommitterFromCtx(ctx context.Context) error {
-	userID, err := auth.GetUserID(ctx)
-	if err != nil {
+	userID := auth.MaybeGetUserID(ctx)
+	if userID == nil {
 		// don't set a user, if no user is available
-		return nil //nolint:nilerr
+		return nil
 	}
 
-	e.CommitterUserID = &userID
+	e.CommitterUserID = userID
 
 	telemetry.SetSpanStr(ctx, "committerUserID", e.CommitterUserID.String())
 	return nil
 }
 
-// SetOrganizationFromCtx injects the OrganizationID from the passed context via common.GetOrganizationID().
+// SetOrganizationFromCtx injects the OrganizationID from the passed context via common.MustGetOrganizationID().
 func (e *Event) SetOrganizationFromCtx(ctx context.Context) error {
-	organizationID, err := auth.GetOrganizationID(ctx)
-	if err != nil {
+	organizationID := auth.MaybeGetOrganizationID(ctx)
+	if organizationID == nil {
 		// don't set an org, if no org is available
-		return nil //nolint:nilerr
+		return nil
 	}
 
-	e.OrganizationID = &organizationID
+	e.OrganizationID = organizationID
 
 	if _, err := uuid.Parse(e.OrganizationID.String()); err != nil {
 		return fmt.Errorf("SetOrganizationFromCtx: cant parse organization uid: %w", err)

libs/telemetry/setup.go

@@ -3,12 +3,13 @@ package telemetry
 import (
 	"context"
 	"errors"
-	"github.com/prometheus/client_golang/prometheus/promauto"
 	"hwutil"
 	"net/http"
 	"os"
 	"time"
 
+	"github.com/prometheus/client_golang/prometheus/promauto"
+
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"github.com/rs/zerolog"

services/property-svc/internal/property/commands/v1/create_property.go

@@ -35,15 +35,8 @@ func NewCreatePropertyCommandHandler(as hwes.AggregateStore, authz hwauthz.AuthZ
 		setID *string,
 		fieldTypeData *models.FieldTypeData,
 	) (version common.ConsistencyToken, err error) {
-		user, err := perm.UserFromCtx(ctx)
-		if err != nil {
-			return 0, err
-		}
-
-		organization, err := perm.OrganizationFromCtx(ctx)
-		if err != nil {
-			return 0, err
-		}
+		user := perm.UserFromCtx(ctx)
+		organization := perm.OrganizationFromCtx(ctx)
 
 		check := hwauthz.NewPermissionCheck(user, perm.OrganizationCanUserCreateProperty, organization)
 		if err = authz.Must(ctx, check); err != nil {

services/property-svc/internal/property/commands/v1/update_property.go

@@ -40,13 +40,10 @@ func NewUpdatePropertyCommandHandler(as hwes.AggregateStore, authz hwauthz.AuthZ
 		removeOptions []string,
 		isArchived *bool,
 	) (common.ConsistencyToken, error) {
-		user, err := perm.UserFromCtx(ctx)
-		if err != nil {
-			return 0, err
-		}
+		user := perm.UserFromCtx(ctx)
 
 		check := hwauthz.NewPermissionCheck(user, perm.PropertyCanUserUpdate, perm.Property(propertyID))
-		if err = authz.Must(ctx, check); err != nil {
+		if err := authz.Must(ctx, check); err != nil {
 			return 0, err
 		}
 

services/property-svc/internal/property/perm/permission.go

@@ -20,25 +20,19 @@ type User uuid.UUID
 func (t User) Type() string { return "user" }
 func (t User) ID() string   { return uuid.UUID(t).String() }
 
-func UserFromCtx(ctx context.Context) (User, error) {
-	userID, err := auth.GetUserID(ctx)
-	if err != nil {
-		return User{}, err
-	}
-	return User(userID), nil
+func UserFromCtx(ctx context.Context) User {
+	userID := auth.MustGetUserID(ctx)
+	return User(userID)
 }
 
 type Organization uuid.UUID
 
 func (p Organization) Type() string { return "organization" }
 func (p Organization) ID() string   { return uuid.UUID(p).String() }
 
-func OrganizationFromCtx(ctx context.Context) (Organization, error) {
-	organizationID, err := auth.GetOrganizationID(ctx)
-	if err != nil {
-		return Organization{}, err
-	}
-	return Organization(organizationID), nil
+func OrganizationFromCtx(ctx context.Context) Organization {
+	organizationID := auth.MustGetOrganizationID(ctx)
+	return Organization(organizationID)
 }
 
 // Direct Relations

services/property-svc/internal/property/queries/v1/get_properties_by_subject_type.go

@@ -22,10 +22,7 @@ type GetPropertiesQueryHandler func(
 
 func NewGetPropertiesQueryHandler(authz hwauthz.AuthZ) GetPropertiesQueryHandler {
 	return func(ctx context.Context, subjectType *pb.SubjectType) ([]*models.PropertyWithConsistency, error) {
-		user, err := perm.UserFromCtx(ctx)
-		if err != nil {
-			return nil, err
-		}
+		user := perm.UserFromCtx(ctx)
 
 		propertyRepo := property_repo.New(hwdb.GetDB())
 

services/property-svc/internal/property/queries/v1/get_property_by_id.go

@@ -22,14 +22,11 @@ type GetPropertyByIDQueryHandler func(
 
 func NewGetPropertyByIDQueryHandler(authz hwauthz.AuthZ) GetPropertyByIDQueryHandler {
 	return func(ctx context.Context, propertyID uuid.UUID) (*models.Property, common.ConsistencyToken, error) {
-		user, err := perm.UserFromCtx(ctx)
-		if err != nil {
-			return nil, 0, err
-		}
+		user := perm.UserFromCtx(ctx)
 
 		// Verify user is allowed to see this property
 		check := hwauthz.NewPermissionCheck(user, perm.PropertyCanUserGet, perm.Property(propertyID))
-		if err = authz.Must(ctx, check); err != nil {
+		if err := authz.Must(ctx, check); err != nil {
 			return nil, 0, err
 		}