diff --git a/openapi.yaml b/openapi.yaml index 9618079..afb3cd0 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -8,6 +8,8 @@ servers: tags: - name: Submissions description: Submission operations +security: + - cookieAuth: [] paths: # status # submit @@ -328,6 +330,11 @@ paths: schema: $ref: "#/components/schemas/Error" components: + securitySchemes: + cookieAuth: + type: apiKey + in: cookie + name: SESSIONID schemas: Id: type: object diff --git a/pkg/api/oas_client_gen.go b/pkg/api/oas_client_gen.go index 7753a3d..92d61ba 100644 --- a/pkg/api/oas_client_gen.go +++ b/pkg/api/oas_client_gen.go @@ -17,6 +17,7 @@ import ( "github.com/ogen-go/ogen/conv" ht "github.com/ogen-go/ogen/http" + "github.com/ogen-go/ogen/ogenerrors" "github.com/ogen-go/ogen/otelogen" "github.com/ogen-go/ogen/uri" ) @@ -106,6 +107,7 @@ type Invoker interface { // Client implements OAS client. type Client struct { serverURL *url.URL + sec SecuritySource baseClient } type errorHandler interface { @@ -123,7 +125,7 @@ func trimTrailingSlashes(u *url.URL) { } // NewClient initializes new Client defined by OAS. -func NewClient(serverURL string, opts ...ClientOption) (*Client, error) { +func NewClient(serverURL string, sec SecuritySource, opts ...ClientOption) (*Client, error) { u, err := url.Parse(serverURL) if err != nil { return nil, err @@ -136,6 +138,7 @@ func NewClient(serverURL string, opts ...ClientOption) (*Client, error) { } return &Client{ serverURL: u, + sec: sec, baseClient: c, }, nil } @@ -184,7 +187,7 @@ func (c *Client) sendActionSubmissionPublish(ctx context.Context, params ActionS c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...)) // Start a span for this request. - ctx, span := c.cfg.Tracer.Start(ctx, "ActionSubmissionPublish", + ctx, span := c.cfg.Tracer.Start(ctx, ActionSubmissionPublishOperation, trace.WithAttributes(otelAttrs...), clientSpanKind, ) @@ -230,6 +233,39 @@ func (c *Client) sendActionSubmissionPublish(ctx context.Context, params ActionS return res, errors.Wrap(err, "create request") } + { + type bitset = [1]uint8 + var satisfied bitset + { + stage = "Security:CookieAuth" + switch err := c.securityCookieAuth(ctx, ActionSubmissionPublishOperation, r); { + case err == nil: // if NO error + satisfied[0] |= 1 << 0 + case errors.Is(err, ogenerrors.ErrSkipClientSecurity): + // Skip this security. + default: + return res, errors.Wrap(err, "security \"CookieAuth\"") + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied + } + } + stage = "SendRequest" resp, err := c.cfg.Client.Do(r) if err != nil { @@ -275,7 +311,7 @@ func (c *Client) sendActionSubmissionReject(ctx context.Context, params ActionSu c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...)) // Start a span for this request. - ctx, span := c.cfg.Tracer.Start(ctx, "ActionSubmissionReject", + ctx, span := c.cfg.Tracer.Start(ctx, ActionSubmissionRejectOperation, trace.WithAttributes(otelAttrs...), clientSpanKind, ) @@ -321,6 +357,39 @@ func (c *Client) sendActionSubmissionReject(ctx context.Context, params ActionSu return res, errors.Wrap(err, "create request") } + { + type bitset = [1]uint8 + var satisfied bitset + { + stage = "Security:CookieAuth" + switch err := c.securityCookieAuth(ctx, ActionSubmissionRejectOperation, r); { + case err == nil: // if NO error + satisfied[0] |= 1 << 0 + case errors.Is(err, ogenerrors.ErrSkipClientSecurity): + // Skip this security. + default: + return res, errors.Wrap(err, "security \"CookieAuth\"") + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied + } + } + stage = "SendRequest" resp, err := c.cfg.Client.Do(r) if err != nil { @@ -366,7 +435,7 @@ func (c *Client) sendActionSubmissionRequestChanges(ctx context.Context, params c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...)) // Start a span for this request. - ctx, span := c.cfg.Tracer.Start(ctx, "ActionSubmissionRequestChanges", + ctx, span := c.cfg.Tracer.Start(ctx, ActionSubmissionRequestChangesOperation, trace.WithAttributes(otelAttrs...), clientSpanKind, ) @@ -412,6 +481,39 @@ func (c *Client) sendActionSubmissionRequestChanges(ctx context.Context, params return res, errors.Wrap(err, "create request") } + { + type bitset = [1]uint8 + var satisfied bitset + { + stage = "Security:CookieAuth" + switch err := c.securityCookieAuth(ctx, ActionSubmissionRequestChangesOperation, r); { + case err == nil: // if NO error + satisfied[0] |= 1 << 0 + case errors.Is(err, ogenerrors.ErrSkipClientSecurity): + // Skip this security. + default: + return res, errors.Wrap(err, "security \"CookieAuth\"") + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied + } + } + stage = "SendRequest" resp, err := c.cfg.Client.Do(r) if err != nil { @@ -457,7 +559,7 @@ func (c *Client) sendActionSubmissionRevoke(ctx context.Context, params ActionSu c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...)) // Start a span for this request. - ctx, span := c.cfg.Tracer.Start(ctx, "ActionSubmissionRevoke", + ctx, span := c.cfg.Tracer.Start(ctx, ActionSubmissionRevokeOperation, trace.WithAttributes(otelAttrs...), clientSpanKind, ) @@ -503,6 +605,39 @@ func (c *Client) sendActionSubmissionRevoke(ctx context.Context, params ActionSu return res, errors.Wrap(err, "create request") } + { + type bitset = [1]uint8 + var satisfied bitset + { + stage = "Security:CookieAuth" + switch err := c.securityCookieAuth(ctx, ActionSubmissionRevokeOperation, r); { + case err == nil: // if NO error + satisfied[0] |= 1 << 0 + case errors.Is(err, ogenerrors.ErrSkipClientSecurity): + // Skip this security. + default: + return res, errors.Wrap(err, "security \"CookieAuth\"") + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied + } + } + stage = "SendRequest" resp, err := c.cfg.Client.Do(r) if err != nil { @@ -548,7 +683,7 @@ func (c *Client) sendActionSubmissionSubmit(ctx context.Context, params ActionSu c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...)) // Start a span for this request. - ctx, span := c.cfg.Tracer.Start(ctx, "ActionSubmissionSubmit", + ctx, span := c.cfg.Tracer.Start(ctx, ActionSubmissionSubmitOperation, trace.WithAttributes(otelAttrs...), clientSpanKind, ) @@ -594,6 +729,39 @@ func (c *Client) sendActionSubmissionSubmit(ctx context.Context, params ActionSu return res, errors.Wrap(err, "create request") } + { + type bitset = [1]uint8 + var satisfied bitset + { + stage = "Security:CookieAuth" + switch err := c.securityCookieAuth(ctx, ActionSubmissionSubmitOperation, r); { + case err == nil: // if NO error + satisfied[0] |= 1 << 0 + case errors.Is(err, ogenerrors.ErrSkipClientSecurity): + // Skip this security. + default: + return res, errors.Wrap(err, "security \"CookieAuth\"") + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied + } + } + stage = "SendRequest" resp, err := c.cfg.Client.Do(r) if err != nil { @@ -639,7 +807,7 @@ func (c *Client) sendActionSubmissionTriggerPublish(ctx context.Context, params c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...)) // Start a span for this request. - ctx, span := c.cfg.Tracer.Start(ctx, "ActionSubmissionTriggerPublish", + ctx, span := c.cfg.Tracer.Start(ctx, ActionSubmissionTriggerPublishOperation, trace.WithAttributes(otelAttrs...), clientSpanKind, ) @@ -685,6 +853,39 @@ func (c *Client) sendActionSubmissionTriggerPublish(ctx context.Context, params return res, errors.Wrap(err, "create request") } + { + type bitset = [1]uint8 + var satisfied bitset + { + stage = "Security:CookieAuth" + switch err := c.securityCookieAuth(ctx, ActionSubmissionTriggerPublishOperation, r); { + case err == nil: // if NO error + satisfied[0] |= 1 << 0 + case errors.Is(err, ogenerrors.ErrSkipClientSecurity): + // Skip this security. + default: + return res, errors.Wrap(err, "security \"CookieAuth\"") + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied + } + } + stage = "SendRequest" resp, err := c.cfg.Client.Do(r) if err != nil { @@ -730,7 +931,7 @@ func (c *Client) sendActionSubmissionTriggerValidate(ctx context.Context, params c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...)) // Start a span for this request. - ctx, span := c.cfg.Tracer.Start(ctx, "ActionSubmissionTriggerValidate", + ctx, span := c.cfg.Tracer.Start(ctx, ActionSubmissionTriggerValidateOperation, trace.WithAttributes(otelAttrs...), clientSpanKind, ) @@ -776,6 +977,39 @@ func (c *Client) sendActionSubmissionTriggerValidate(ctx context.Context, params return res, errors.Wrap(err, "create request") } + { + type bitset = [1]uint8 + var satisfied bitset + { + stage = "Security:CookieAuth" + switch err := c.securityCookieAuth(ctx, ActionSubmissionTriggerValidateOperation, r); { + case err == nil: // if NO error + satisfied[0] |= 1 << 0 + case errors.Is(err, ogenerrors.ErrSkipClientSecurity): + // Skip this security. + default: + return res, errors.Wrap(err, "security \"CookieAuth\"") + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied + } + } + stage = "SendRequest" resp, err := c.cfg.Client.Do(r) if err != nil { @@ -821,7 +1055,7 @@ func (c *Client) sendActionSubmissionValidate(ctx context.Context, params Action c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...)) // Start a span for this request. - ctx, span := c.cfg.Tracer.Start(ctx, "ActionSubmissionValidate", + ctx, span := c.cfg.Tracer.Start(ctx, ActionSubmissionValidateOperation, trace.WithAttributes(otelAttrs...), clientSpanKind, ) @@ -867,6 +1101,39 @@ func (c *Client) sendActionSubmissionValidate(ctx context.Context, params Action return res, errors.Wrap(err, "create request") } + { + type bitset = [1]uint8 + var satisfied bitset + { + stage = "Security:CookieAuth" + switch err := c.securityCookieAuth(ctx, ActionSubmissionValidateOperation, r); { + case err == nil: // if NO error + satisfied[0] |= 1 << 0 + case errors.Is(err, ogenerrors.ErrSkipClientSecurity): + // Skip this security. + default: + return res, errors.Wrap(err, "security \"CookieAuth\"") + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied + } + } + stage = "SendRequest" resp, err := c.cfg.Client.Do(r) if err != nil { @@ -912,7 +1179,7 @@ func (c *Client) sendCreateSubmission(ctx context.Context, request OptSubmission c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...)) // Start a span for this request. - ctx, span := c.cfg.Tracer.Start(ctx, "CreateSubmission", + ctx, span := c.cfg.Tracer.Start(ctx, CreateSubmissionOperation, trace.WithAttributes(otelAttrs...), clientSpanKind, ) @@ -942,6 +1209,39 @@ func (c *Client) sendCreateSubmission(ctx context.Context, request OptSubmission return res, errors.Wrap(err, "encode request") } + { + type bitset = [1]uint8 + var satisfied bitset + { + stage = "Security:CookieAuth" + switch err := c.securityCookieAuth(ctx, CreateSubmissionOperation, r); { + case err == nil: // if NO error + satisfied[0] |= 1 << 0 + case errors.Is(err, ogenerrors.ErrSkipClientSecurity): + // Skip this security. + default: + return res, errors.Wrap(err, "security \"CookieAuth\"") + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied + } + } + stage = "SendRequest" resp, err := c.cfg.Client.Do(r) if err != nil { @@ -987,7 +1287,7 @@ func (c *Client) sendGetSubmission(ctx context.Context, params GetSubmissionPara c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...)) // Start a span for this request. - ctx, span := c.cfg.Tracer.Start(ctx, "GetSubmission", + ctx, span := c.cfg.Tracer.Start(ctx, GetSubmissionOperation, trace.WithAttributes(otelAttrs...), clientSpanKind, ) @@ -1032,6 +1332,39 @@ func (c *Client) sendGetSubmission(ctx context.Context, params GetSubmissionPara return res, errors.Wrap(err, "create request") } + { + type bitset = [1]uint8 + var satisfied bitset + { + stage = "Security:CookieAuth" + switch err := c.securityCookieAuth(ctx, GetSubmissionOperation, r); { + case err == nil: // if NO error + satisfied[0] |= 1 << 0 + case errors.Is(err, ogenerrors.ErrSkipClientSecurity): + // Skip this security. + default: + return res, errors.Wrap(err, "security \"CookieAuth\"") + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied + } + } + stage = "SendRequest" resp, err := c.cfg.Client.Do(r) if err != nil { @@ -1077,7 +1410,7 @@ func (c *Client) sendListSubmissions(ctx context.Context, params ListSubmissions c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...)) // Start a span for this request. - ctx, span := c.cfg.Tracer.Start(ctx, "ListSubmissions", + ctx, span := c.cfg.Tracer.Start(ctx, ListSubmissionsOperation, trace.WithAttributes(otelAttrs...), clientSpanKind, ) @@ -1139,6 +1472,39 @@ func (c *Client) sendListSubmissions(ctx context.Context, params ListSubmissions return res, errors.Wrap(err, "create request") } + { + type bitset = [1]uint8 + var satisfied bitset + { + stage = "Security:CookieAuth" + switch err := c.securityCookieAuth(ctx, ListSubmissionsOperation, r); { + case err == nil: // if NO error + satisfied[0] |= 1 << 0 + case errors.Is(err, ogenerrors.ErrSkipClientSecurity): + // Skip this security. + default: + return res, errors.Wrap(err, "security \"CookieAuth\"") + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied + } + } + stage = "SendRequest" resp, err := c.cfg.Client.Do(r) if err != nil { @@ -1184,7 +1550,7 @@ func (c *Client) sendPatchSubmissionCompleted(ctx context.Context, params PatchS c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...)) // Start a span for this request. - ctx, span := c.cfg.Tracer.Start(ctx, "PatchSubmissionCompleted", + ctx, span := c.cfg.Tracer.Start(ctx, PatchSubmissionCompletedOperation, trace.WithAttributes(otelAttrs...), clientSpanKind, ) @@ -1230,6 +1596,39 @@ func (c *Client) sendPatchSubmissionCompleted(ctx context.Context, params PatchS return res, errors.Wrap(err, "create request") } + { + type bitset = [1]uint8 + var satisfied bitset + { + stage = "Security:CookieAuth" + switch err := c.securityCookieAuth(ctx, PatchSubmissionCompletedOperation, r); { + case err == nil: // if NO error + satisfied[0] |= 1 << 0 + case errors.Is(err, ogenerrors.ErrSkipClientSecurity): + // Skip this security. + default: + return res, errors.Wrap(err, "security \"CookieAuth\"") + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied + } + } + stage = "SendRequest" resp, err := c.cfg.Client.Do(r) if err != nil { @@ -1275,7 +1674,7 @@ func (c *Client) sendPatchSubmissionModel(ctx context.Context, params PatchSubmi c.requests.Add(ctx, 1, metric.WithAttributes(otelAttrs...)) // Start a span for this request. - ctx, span := c.cfg.Tracer.Start(ctx, "PatchSubmissionModel", + ctx, span := c.cfg.Tracer.Start(ctx, PatchSubmissionModelOperation, trace.WithAttributes(otelAttrs...), clientSpanKind, ) @@ -1353,6 +1752,39 @@ func (c *Client) sendPatchSubmissionModel(ctx context.Context, params PatchSubmi return res, errors.Wrap(err, "create request") } + { + type bitset = [1]uint8 + var satisfied bitset + { + stage = "Security:CookieAuth" + switch err := c.securityCookieAuth(ctx, PatchSubmissionModelOperation, r); { + case err == nil: // if NO error + satisfied[0] |= 1 << 0 + case errors.Is(err, ogenerrors.ErrSkipClientSecurity): + // Skip this security. + default: + return res, errors.Wrap(err, "security \"CookieAuth\"") + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied + } + } + stage = "SendRequest" resp, err := c.cfg.Client.Do(r) if err != nil { diff --git a/pkg/api/oas_handlers_gen.go b/pkg/api/oas_handlers_gen.go index 7ed915c..402bfb8 100644 --- a/pkg/api/oas_handlers_gen.go +++ b/pkg/api/oas_handlers_gen.go @@ -33,7 +33,7 @@ func (s *Server) handleActionSubmissionPublishRequest(args [1]string, argsEscape } // Start a span for this request. - ctx, span := s.cfg.Tracer.Start(r.Context(), "ActionSubmissionPublish", + ctx, span := s.cfg.Tracer.Start(r.Context(), ActionSubmissionPublishOperation, trace.WithAttributes(otelAttrs...), serverSpanKind, ) @@ -64,10 +64,56 @@ func (s *Server) handleActionSubmissionPublishRequest(args [1]string, argsEscape } err error opErrContext = ogenerrors.OperationContext{ - Name: "ActionSubmissionPublish", + Name: ActionSubmissionPublishOperation, ID: "actionSubmissionPublish", } ) + { + type bitset = [1]uint8 + var satisfied bitset + { + sctx, ok, err := s.securityCookieAuth(ctx, ActionSubmissionPublishOperation, r) + if err != nil { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Security: "CookieAuth", + Err: err, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security:CookieAuth", err) + } + return + } + if ok { + satisfied[0] |= 1 << 0 + ctx = sctx + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Err: ogenerrors.ErrSecurityRequirementIsNotSatisfied, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security", err) + } + return + } + } params, err := decodeActionSubmissionPublishParams(args, argsEscaped, r) if err != nil { err = &ogenerrors.DecodeParamsError{ @@ -83,7 +129,7 @@ func (s *Server) handleActionSubmissionPublishRequest(args [1]string, argsEscape if m := s.cfg.Middleware; m != nil { mreq := middleware.Request{ Context: ctx, - OperationName: "ActionSubmissionPublish", + OperationName: ActionSubmissionPublishOperation, OperationSummary: "Role Validator changes status from Publishing -> Published", OperationID: "actionSubmissionPublish", Body: nil, @@ -156,7 +202,7 @@ func (s *Server) handleActionSubmissionRejectRequest(args [1]string, argsEscaped } // Start a span for this request. - ctx, span := s.cfg.Tracer.Start(r.Context(), "ActionSubmissionReject", + ctx, span := s.cfg.Tracer.Start(r.Context(), ActionSubmissionRejectOperation, trace.WithAttributes(otelAttrs...), serverSpanKind, ) @@ -187,10 +233,56 @@ func (s *Server) handleActionSubmissionRejectRequest(args [1]string, argsEscaped } err error opErrContext = ogenerrors.OperationContext{ - Name: "ActionSubmissionReject", + Name: ActionSubmissionRejectOperation, ID: "actionSubmissionReject", } ) + { + type bitset = [1]uint8 + var satisfied bitset + { + sctx, ok, err := s.securityCookieAuth(ctx, ActionSubmissionRejectOperation, r) + if err != nil { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Security: "CookieAuth", + Err: err, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security:CookieAuth", err) + } + return + } + if ok { + satisfied[0] |= 1 << 0 + ctx = sctx + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Err: ogenerrors.ErrSecurityRequirementIsNotSatisfied, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security", err) + } + return + } + } params, err := decodeActionSubmissionRejectParams(args, argsEscaped, r) if err != nil { err = &ogenerrors.DecodeParamsError{ @@ -206,7 +298,7 @@ func (s *Server) handleActionSubmissionRejectRequest(args [1]string, argsEscaped if m := s.cfg.Middleware; m != nil { mreq := middleware.Request{ Context: ctx, - OperationName: "ActionSubmissionReject", + OperationName: ActionSubmissionRejectOperation, OperationSummary: "Role Reviewer changes status from Submitted -> Rejected", OperationID: "actionSubmissionReject", Body: nil, @@ -279,7 +371,7 @@ func (s *Server) handleActionSubmissionRequestChangesRequest(args [1]string, arg } // Start a span for this request. - ctx, span := s.cfg.Tracer.Start(r.Context(), "ActionSubmissionRequestChanges", + ctx, span := s.cfg.Tracer.Start(r.Context(), ActionSubmissionRequestChangesOperation, trace.WithAttributes(otelAttrs...), serverSpanKind, ) @@ -310,10 +402,56 @@ func (s *Server) handleActionSubmissionRequestChangesRequest(args [1]string, arg } err error opErrContext = ogenerrors.OperationContext{ - Name: "ActionSubmissionRequestChanges", + Name: ActionSubmissionRequestChangesOperation, ID: "actionSubmissionRequestChanges", } ) + { + type bitset = [1]uint8 + var satisfied bitset + { + sctx, ok, err := s.securityCookieAuth(ctx, ActionSubmissionRequestChangesOperation, r) + if err != nil { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Security: "CookieAuth", + Err: err, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security:CookieAuth", err) + } + return + } + if ok { + satisfied[0] |= 1 << 0 + ctx = sctx + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Err: ogenerrors.ErrSecurityRequirementIsNotSatisfied, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security", err) + } + return + } + } params, err := decodeActionSubmissionRequestChangesParams(args, argsEscaped, r) if err != nil { err = &ogenerrors.DecodeParamsError{ @@ -329,7 +467,7 @@ func (s *Server) handleActionSubmissionRequestChangesRequest(args [1]string, arg if m := s.cfg.Middleware; m != nil { mreq := middleware.Request{ Context: ctx, - OperationName: "ActionSubmissionRequestChanges", + OperationName: ActionSubmissionRequestChangesOperation, OperationSummary: "Role Reviewer changes status from Validated|Accepted|Submitted -> ChangesRequested", OperationID: "actionSubmissionRequestChanges", Body: nil, @@ -402,7 +540,7 @@ func (s *Server) handleActionSubmissionRevokeRequest(args [1]string, argsEscaped } // Start a span for this request. - ctx, span := s.cfg.Tracer.Start(r.Context(), "ActionSubmissionRevoke", + ctx, span := s.cfg.Tracer.Start(r.Context(), ActionSubmissionRevokeOperation, trace.WithAttributes(otelAttrs...), serverSpanKind, ) @@ -433,10 +571,56 @@ func (s *Server) handleActionSubmissionRevokeRequest(args [1]string, argsEscaped } err error opErrContext = ogenerrors.OperationContext{ - Name: "ActionSubmissionRevoke", + Name: ActionSubmissionRevokeOperation, ID: "actionSubmissionRevoke", } ) + { + type bitset = [1]uint8 + var satisfied bitset + { + sctx, ok, err := s.securityCookieAuth(ctx, ActionSubmissionRevokeOperation, r) + if err != nil { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Security: "CookieAuth", + Err: err, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security:CookieAuth", err) + } + return + } + if ok { + satisfied[0] |= 1 << 0 + ctx = sctx + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Err: ogenerrors.ErrSecurityRequirementIsNotSatisfied, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security", err) + } + return + } + } params, err := decodeActionSubmissionRevokeParams(args, argsEscaped, r) if err != nil { err = &ogenerrors.DecodeParamsError{ @@ -452,7 +636,7 @@ func (s *Server) handleActionSubmissionRevokeRequest(args [1]string, argsEscaped if m := s.cfg.Middleware; m != nil { mreq := middleware.Request{ Context: ctx, - OperationName: "ActionSubmissionRevoke", + OperationName: ActionSubmissionRevokeOperation, OperationSummary: "Role Submitter changes status from Submitted|ChangesRequested -> UnderConstruction", OperationID: "actionSubmissionRevoke", Body: nil, @@ -525,7 +709,7 @@ func (s *Server) handleActionSubmissionSubmitRequest(args [1]string, argsEscaped } // Start a span for this request. - ctx, span := s.cfg.Tracer.Start(r.Context(), "ActionSubmissionSubmit", + ctx, span := s.cfg.Tracer.Start(r.Context(), ActionSubmissionSubmitOperation, trace.WithAttributes(otelAttrs...), serverSpanKind, ) @@ -556,10 +740,56 @@ func (s *Server) handleActionSubmissionSubmitRequest(args [1]string, argsEscaped } err error opErrContext = ogenerrors.OperationContext{ - Name: "ActionSubmissionSubmit", + Name: ActionSubmissionSubmitOperation, ID: "actionSubmissionSubmit", } ) + { + type bitset = [1]uint8 + var satisfied bitset + { + sctx, ok, err := s.securityCookieAuth(ctx, ActionSubmissionSubmitOperation, r) + if err != nil { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Security: "CookieAuth", + Err: err, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security:CookieAuth", err) + } + return + } + if ok { + satisfied[0] |= 1 << 0 + ctx = sctx + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Err: ogenerrors.ErrSecurityRequirementIsNotSatisfied, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security", err) + } + return + } + } params, err := decodeActionSubmissionSubmitParams(args, argsEscaped, r) if err != nil { err = &ogenerrors.DecodeParamsError{ @@ -575,7 +805,7 @@ func (s *Server) handleActionSubmissionSubmitRequest(args [1]string, argsEscaped if m := s.cfg.Middleware; m != nil { mreq := middleware.Request{ Context: ctx, - OperationName: "ActionSubmissionSubmit", + OperationName: ActionSubmissionSubmitOperation, OperationSummary: "Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitted", OperationID: "actionSubmissionSubmit", Body: nil, @@ -648,7 +878,7 @@ func (s *Server) handleActionSubmissionTriggerPublishRequest(args [1]string, arg } // Start a span for this request. - ctx, span := s.cfg.Tracer.Start(r.Context(), "ActionSubmissionTriggerPublish", + ctx, span := s.cfg.Tracer.Start(r.Context(), ActionSubmissionTriggerPublishOperation, trace.WithAttributes(otelAttrs...), serverSpanKind, ) @@ -679,10 +909,56 @@ func (s *Server) handleActionSubmissionTriggerPublishRequest(args [1]string, arg } err error opErrContext = ogenerrors.OperationContext{ - Name: "ActionSubmissionTriggerPublish", + Name: ActionSubmissionTriggerPublishOperation, ID: "actionSubmissionTriggerPublish", } ) + { + type bitset = [1]uint8 + var satisfied bitset + { + sctx, ok, err := s.securityCookieAuth(ctx, ActionSubmissionTriggerPublishOperation, r) + if err != nil { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Security: "CookieAuth", + Err: err, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security:CookieAuth", err) + } + return + } + if ok { + satisfied[0] |= 1 << 0 + ctx = sctx + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Err: ogenerrors.ErrSecurityRequirementIsNotSatisfied, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security", err) + } + return + } + } params, err := decodeActionSubmissionTriggerPublishParams(args, argsEscaped, r) if err != nil { err = &ogenerrors.DecodeParamsError{ @@ -698,7 +974,7 @@ func (s *Server) handleActionSubmissionTriggerPublishRequest(args [1]string, arg if m := s.cfg.Middleware; m != nil { mreq := middleware.Request{ Context: ctx, - OperationName: "ActionSubmissionTriggerPublish", + OperationName: ActionSubmissionTriggerPublishOperation, OperationSummary: "Role Admin changes status from Validated -> Publishing", OperationID: "actionSubmissionTriggerPublish", Body: nil, @@ -771,7 +1047,7 @@ func (s *Server) handleActionSubmissionTriggerValidateRequest(args [1]string, ar } // Start a span for this request. - ctx, span := s.cfg.Tracer.Start(r.Context(), "ActionSubmissionTriggerValidate", + ctx, span := s.cfg.Tracer.Start(r.Context(), ActionSubmissionTriggerValidateOperation, trace.WithAttributes(otelAttrs...), serverSpanKind, ) @@ -802,10 +1078,56 @@ func (s *Server) handleActionSubmissionTriggerValidateRequest(args [1]string, ar } err error opErrContext = ogenerrors.OperationContext{ - Name: "ActionSubmissionTriggerValidate", + Name: ActionSubmissionTriggerValidateOperation, ID: "actionSubmissionTriggerValidate", } ) + { + type bitset = [1]uint8 + var satisfied bitset + { + sctx, ok, err := s.securityCookieAuth(ctx, ActionSubmissionTriggerValidateOperation, r) + if err != nil { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Security: "CookieAuth", + Err: err, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security:CookieAuth", err) + } + return + } + if ok { + satisfied[0] |= 1 << 0 + ctx = sctx + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Err: ogenerrors.ErrSecurityRequirementIsNotSatisfied, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security", err) + } + return + } + } params, err := decodeActionSubmissionTriggerValidateParams(args, argsEscaped, r) if err != nil { err = &ogenerrors.DecodeParamsError{ @@ -821,7 +1143,7 @@ func (s *Server) handleActionSubmissionTriggerValidateRequest(args [1]string, ar if m := s.cfg.Middleware; m != nil { mreq := middleware.Request{ Context: ctx, - OperationName: "ActionSubmissionTriggerValidate", + OperationName: ActionSubmissionTriggerValidateOperation, OperationSummary: "Role Reviewer triggers validation and changes status from Submitted|Accepted -> Validating", OperationID: "actionSubmissionTriggerValidate", Body: nil, @@ -894,7 +1216,7 @@ func (s *Server) handleActionSubmissionValidateRequest(args [1]string, argsEscap } // Start a span for this request. - ctx, span := s.cfg.Tracer.Start(r.Context(), "ActionSubmissionValidate", + ctx, span := s.cfg.Tracer.Start(r.Context(), ActionSubmissionValidateOperation, trace.WithAttributes(otelAttrs...), serverSpanKind, ) @@ -925,10 +1247,56 @@ func (s *Server) handleActionSubmissionValidateRequest(args [1]string, argsEscap } err error opErrContext = ogenerrors.OperationContext{ - Name: "ActionSubmissionValidate", + Name: ActionSubmissionValidateOperation, ID: "actionSubmissionValidate", } ) + { + type bitset = [1]uint8 + var satisfied bitset + { + sctx, ok, err := s.securityCookieAuth(ctx, ActionSubmissionValidateOperation, r) + if err != nil { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Security: "CookieAuth", + Err: err, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security:CookieAuth", err) + } + return + } + if ok { + satisfied[0] |= 1 << 0 + ctx = sctx + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Err: ogenerrors.ErrSecurityRequirementIsNotSatisfied, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security", err) + } + return + } + } params, err := decodeActionSubmissionValidateParams(args, argsEscaped, r) if err != nil { err = &ogenerrors.DecodeParamsError{ @@ -944,7 +1312,7 @@ func (s *Server) handleActionSubmissionValidateRequest(args [1]string, argsEscap if m := s.cfg.Middleware; m != nil { mreq := middleware.Request{ Context: ctx, - OperationName: "ActionSubmissionValidate", + OperationName: ActionSubmissionValidateOperation, OperationSummary: "Role Validator changes status from Validating -> Validated", OperationID: "actionSubmissionValidate", Body: nil, @@ -1017,7 +1385,7 @@ func (s *Server) handleCreateSubmissionRequest(args [0]string, argsEscaped bool, } // Start a span for this request. - ctx, span := s.cfg.Tracer.Start(r.Context(), "CreateSubmission", + ctx, span := s.cfg.Tracer.Start(r.Context(), CreateSubmissionOperation, trace.WithAttributes(otelAttrs...), serverSpanKind, ) @@ -1048,10 +1416,56 @@ func (s *Server) handleCreateSubmissionRequest(args [0]string, argsEscaped bool, } err error opErrContext = ogenerrors.OperationContext{ - Name: "CreateSubmission", + Name: CreateSubmissionOperation, ID: "createSubmission", } ) + { + type bitset = [1]uint8 + var satisfied bitset + { + sctx, ok, err := s.securityCookieAuth(ctx, CreateSubmissionOperation, r) + if err != nil { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Security: "CookieAuth", + Err: err, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security:CookieAuth", err) + } + return + } + if ok { + satisfied[0] |= 1 << 0 + ctx = sctx + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Err: ogenerrors.ErrSecurityRequirementIsNotSatisfied, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security", err) + } + return + } + } request, close, err := s.decodeCreateSubmissionRequest(r) if err != nil { err = &ogenerrors.DecodeRequestError{ @@ -1072,7 +1486,7 @@ func (s *Server) handleCreateSubmissionRequest(args [0]string, argsEscaped bool, if m := s.cfg.Middleware; m != nil { mreq := middleware.Request{ Context: ctx, - OperationName: "CreateSubmission", + OperationName: CreateSubmissionOperation, OperationSummary: "Create new submission", OperationID: "createSubmission", Body: request, @@ -1140,7 +1554,7 @@ func (s *Server) handleGetSubmissionRequest(args [1]string, argsEscaped bool, w } // Start a span for this request. - ctx, span := s.cfg.Tracer.Start(r.Context(), "GetSubmission", + ctx, span := s.cfg.Tracer.Start(r.Context(), GetSubmissionOperation, trace.WithAttributes(otelAttrs...), serverSpanKind, ) @@ -1171,10 +1585,56 @@ func (s *Server) handleGetSubmissionRequest(args [1]string, argsEscaped bool, w } err error opErrContext = ogenerrors.OperationContext{ - Name: "GetSubmission", + Name: GetSubmissionOperation, ID: "getSubmission", } ) + { + type bitset = [1]uint8 + var satisfied bitset + { + sctx, ok, err := s.securityCookieAuth(ctx, GetSubmissionOperation, r) + if err != nil { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Security: "CookieAuth", + Err: err, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security:CookieAuth", err) + } + return + } + if ok { + satisfied[0] |= 1 << 0 + ctx = sctx + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Err: ogenerrors.ErrSecurityRequirementIsNotSatisfied, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security", err) + } + return + } + } params, err := decodeGetSubmissionParams(args, argsEscaped, r) if err != nil { err = &ogenerrors.DecodeParamsError{ @@ -1190,7 +1650,7 @@ func (s *Server) handleGetSubmissionRequest(args [1]string, argsEscaped bool, w if m := s.cfg.Middleware; m != nil { mreq := middleware.Request{ Context: ctx, - OperationName: "GetSubmission", + OperationName: GetSubmissionOperation, OperationSummary: "Retrieve map with ID", OperationID: "getSubmission", Body: nil, @@ -1263,7 +1723,7 @@ func (s *Server) handleListSubmissionsRequest(args [0]string, argsEscaped bool, } // Start a span for this request. - ctx, span := s.cfg.Tracer.Start(r.Context(), "ListSubmissions", + ctx, span := s.cfg.Tracer.Start(r.Context(), ListSubmissionsOperation, trace.WithAttributes(otelAttrs...), serverSpanKind, ) @@ -1294,10 +1754,56 @@ func (s *Server) handleListSubmissionsRequest(args [0]string, argsEscaped bool, } err error opErrContext = ogenerrors.OperationContext{ - Name: "ListSubmissions", + Name: ListSubmissionsOperation, ID: "listSubmissions", } ) + { + type bitset = [1]uint8 + var satisfied bitset + { + sctx, ok, err := s.securityCookieAuth(ctx, ListSubmissionsOperation, r) + if err != nil { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Security: "CookieAuth", + Err: err, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security:CookieAuth", err) + } + return + } + if ok { + satisfied[0] |= 1 << 0 + ctx = sctx + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Err: ogenerrors.ErrSecurityRequirementIsNotSatisfied, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security", err) + } + return + } + } params, err := decodeListSubmissionsParams(args, argsEscaped, r) if err != nil { err = &ogenerrors.DecodeParamsError{ @@ -1313,7 +1819,7 @@ func (s *Server) handleListSubmissionsRequest(args [0]string, argsEscaped bool, if m := s.cfg.Middleware; m != nil { mreq := middleware.Request{ Context: ctx, - OperationName: "ListSubmissions", + OperationName: ListSubmissionsOperation, OperationSummary: "Get list of submissions", OperationID: "listSubmissions", Body: nil, @@ -1390,7 +1896,7 @@ func (s *Server) handlePatchSubmissionCompletedRequest(args [1]string, argsEscap } // Start a span for this request. - ctx, span := s.cfg.Tracer.Start(r.Context(), "PatchSubmissionCompleted", + ctx, span := s.cfg.Tracer.Start(r.Context(), PatchSubmissionCompletedOperation, trace.WithAttributes(otelAttrs...), serverSpanKind, ) @@ -1421,10 +1927,56 @@ func (s *Server) handlePatchSubmissionCompletedRequest(args [1]string, argsEscap } err error opErrContext = ogenerrors.OperationContext{ - Name: "PatchSubmissionCompleted", + Name: PatchSubmissionCompletedOperation, ID: "patchSubmissionCompleted", } ) + { + type bitset = [1]uint8 + var satisfied bitset + { + sctx, ok, err := s.securityCookieAuth(ctx, PatchSubmissionCompletedOperation, r) + if err != nil { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Security: "CookieAuth", + Err: err, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security:CookieAuth", err) + } + return + } + if ok { + satisfied[0] |= 1 << 0 + ctx = sctx + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Err: ogenerrors.ErrSecurityRequirementIsNotSatisfied, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security", err) + } + return + } + } params, err := decodePatchSubmissionCompletedParams(args, argsEscaped, r) if err != nil { err = &ogenerrors.DecodeParamsError{ @@ -1440,7 +1992,7 @@ func (s *Server) handlePatchSubmissionCompletedRequest(args [1]string, argsEscap if m := s.cfg.Middleware; m != nil { mreq := middleware.Request{ Context: ctx, - OperationName: "PatchSubmissionCompleted", + OperationName: PatchSubmissionCompletedOperation, OperationSummary: "Retrieve map with ID", OperationID: "patchSubmissionCompleted", Body: nil, @@ -1513,7 +2065,7 @@ func (s *Server) handlePatchSubmissionModelRequest(args [1]string, argsEscaped b } // Start a span for this request. - ctx, span := s.cfg.Tracer.Start(r.Context(), "PatchSubmissionModel", + ctx, span := s.cfg.Tracer.Start(r.Context(), PatchSubmissionModelOperation, trace.WithAttributes(otelAttrs...), serverSpanKind, ) @@ -1544,10 +2096,56 @@ func (s *Server) handlePatchSubmissionModelRequest(args [1]string, argsEscaped b } err error opErrContext = ogenerrors.OperationContext{ - Name: "PatchSubmissionModel", + Name: PatchSubmissionModelOperation, ID: "patchSubmissionModel", } ) + { + type bitset = [1]uint8 + var satisfied bitset + { + sctx, ok, err := s.securityCookieAuth(ctx, PatchSubmissionModelOperation, r) + if err != nil { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Security: "CookieAuth", + Err: err, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security:CookieAuth", err) + } + return + } + if ok { + satisfied[0] |= 1 << 0 + ctx = sctx + } + } + + if ok := func() bool { + nextRequirement: + for _, requirement := range []bitset{ + {0b00000001}, + } { + for i, mask := range requirement { + if satisfied[i]&mask != mask { + continue nextRequirement + } + } + return true + } + return false + }(); !ok { + err = &ogenerrors.SecurityError{ + OperationContext: opErrContext, + Err: ogenerrors.ErrSecurityRequirementIsNotSatisfied, + } + if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil { + defer recordError("Security", err) + } + return + } + } params, err := decodePatchSubmissionModelParams(args, argsEscaped, r) if err != nil { err = &ogenerrors.DecodeParamsError{ @@ -1563,7 +2161,7 @@ func (s *Server) handlePatchSubmissionModelRequest(args [1]string, argsEscaped b if m := s.cfg.Middleware; m != nil { mreq := middleware.Request{ Context: ctx, - OperationName: "PatchSubmissionModel", + OperationName: PatchSubmissionModelOperation, OperationSummary: "Update model following role restrictions", OperationID: "patchSubmissionModel", Body: nil, diff --git a/pkg/api/oas_operations_gen.go b/pkg/api/oas_operations_gen.go new file mode 100644 index 0000000..ba2a2bc --- /dev/null +++ b/pkg/api/oas_operations_gen.go @@ -0,0 +1,22 @@ +// Code generated by ogen, DO NOT EDIT. + +package api + +// OperationName is the ogen operation name +type OperationName = string + +const ( + ActionSubmissionPublishOperation OperationName = "ActionSubmissionPublish" + ActionSubmissionRejectOperation OperationName = "ActionSubmissionReject" + ActionSubmissionRequestChangesOperation OperationName = "ActionSubmissionRequestChanges" + ActionSubmissionRevokeOperation OperationName = "ActionSubmissionRevoke" + ActionSubmissionSubmitOperation OperationName = "ActionSubmissionSubmit" + ActionSubmissionTriggerPublishOperation OperationName = "ActionSubmissionTriggerPublish" + ActionSubmissionTriggerValidateOperation OperationName = "ActionSubmissionTriggerValidate" + ActionSubmissionValidateOperation OperationName = "ActionSubmissionValidate" + CreateSubmissionOperation OperationName = "CreateSubmission" + GetSubmissionOperation OperationName = "GetSubmission" + ListSubmissionsOperation OperationName = "ListSubmissions" + PatchSubmissionCompletedOperation OperationName = "PatchSubmissionCompleted" + PatchSubmissionModelOperation OperationName = "PatchSubmissionModel" +) diff --git a/pkg/api/oas_router_gen.go b/pkg/api/oas_router_gen.go index c45af2b..03a49f5 100644 --- a/pkg/api/oas_router_gen.go +++ b/pkg/api/oas_router_gen.go @@ -487,7 +487,7 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) { if len(elem) == 0 { switch method { case "GET": - r.name = "ListSubmissions" + r.name = ListSubmissionsOperation r.summary = "Get list of submissions" r.operationID = "listSubmissions" r.pathPattern = "/submissions" @@ -495,7 +495,7 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) { r.count = 0 return r, true case "POST": - r.name = "CreateSubmission" + r.name = CreateSubmissionOperation r.summary = "Create new submission" r.operationID = "createSubmission" r.pathPattern = "/submissions" @@ -527,7 +527,7 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) { if len(elem) == 0 { switch method { case "GET": - r.name = "GetSubmission" + r.name = GetSubmissionOperation r.summary = "Retrieve map with ID" r.operationID = "getSubmission" r.pathPattern = "/submissions/{SubmissionID}" @@ -563,7 +563,7 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) { // Leaf node. switch method { case "PATCH": - r.name = "PatchSubmissionCompleted" + r.name = PatchSubmissionCompletedOperation r.summary = "Retrieve map with ID" r.operationID = "patchSubmissionCompleted" r.pathPattern = "/submissions/{SubmissionID}/completed" @@ -588,7 +588,7 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) { // Leaf node. switch method { case "PATCH": - r.name = "PatchSubmissionModel" + r.name = PatchSubmissionModelOperation r.summary = "Update model following role restrictions" r.operationID = "patchSubmissionModel" r.pathPattern = "/submissions/{SubmissionID}/model" @@ -625,7 +625,7 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) { // Leaf node. switch method { case "PATCH": - r.name = "ActionSubmissionPublish" + r.name = ActionSubmissionPublishOperation r.summary = "Role Validator changes status from Publishing -> Published" r.operationID = "actionSubmissionPublish" r.pathPattern = "/submissions/{SubmissionID}/status/publish" @@ -662,7 +662,7 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) { // Leaf node. switch method { case "PATCH": - r.name = "ActionSubmissionReject" + r.name = ActionSubmissionRejectOperation r.summary = "Role Reviewer changes status from Submitted -> Rejected" r.operationID = "actionSubmissionReject" r.pathPattern = "/submissions/{SubmissionID}/status/reject" @@ -687,7 +687,7 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) { // Leaf node. switch method { case "PATCH": - r.name = "ActionSubmissionRequestChanges" + r.name = ActionSubmissionRequestChangesOperation r.summary = "Role Reviewer changes status from Validated|Accepted|Submitted -> ChangesRequested" r.operationID = "actionSubmissionRequestChanges" r.pathPattern = "/submissions/{SubmissionID}/status/request-changes" @@ -712,7 +712,7 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) { // Leaf node. switch method { case "PATCH": - r.name = "ActionSubmissionRevoke" + r.name = ActionSubmissionRevokeOperation r.summary = "Role Submitter changes status from Submitted|ChangesRequested -> UnderConstruction" r.operationID = "actionSubmissionRevoke" r.pathPattern = "/submissions/{SubmissionID}/status/revoke" @@ -740,7 +740,7 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) { // Leaf node. switch method { case "PATCH": - r.name = "ActionSubmissionSubmit" + r.name = ActionSubmissionSubmitOperation r.summary = "Role Submitter changes status from UnderConstruction|ChangesRequested -> Submitted" r.operationID = "actionSubmissionSubmit" r.pathPattern = "/submissions/{SubmissionID}/status/submit" @@ -777,7 +777,7 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) { // Leaf node. switch method { case "PATCH": - r.name = "ActionSubmissionTriggerPublish" + r.name = ActionSubmissionTriggerPublishOperation r.summary = "Role Admin changes status from Validated -> Publishing" r.operationID = "actionSubmissionTriggerPublish" r.pathPattern = "/submissions/{SubmissionID}/status/trigger-publish" @@ -802,7 +802,7 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) { // Leaf node. switch method { case "PATCH": - r.name = "ActionSubmissionTriggerValidate" + r.name = ActionSubmissionTriggerValidateOperation r.summary = "Role Reviewer triggers validation and changes status from Submitted|Accepted -> Validating" r.operationID = "actionSubmissionTriggerValidate" r.pathPattern = "/submissions/{SubmissionID}/status/trigger-validate" @@ -830,7 +830,7 @@ func (s *Server) FindPath(method string, u *url.URL) (r Route, _ bool) { // Leaf node. switch method { case "PATCH": - r.name = "ActionSubmissionValidate" + r.name = ActionSubmissionValidateOperation r.summary = "Role Validator changes status from Validating -> Validated" r.operationID = "actionSubmissionValidate" r.pathPattern = "/submissions/{SubmissionID}/status/validate" diff --git a/pkg/api/oas_schemas_gen.go b/pkg/api/oas_schemas_gen.go index b7b8265..34f451e 100644 --- a/pkg/api/oas_schemas_gen.go +++ b/pkg/api/oas_schemas_gen.go @@ -34,6 +34,20 @@ type ActionSubmissionTriggerValidateOK struct{} // ActionSubmissionValidateOK is response for ActionSubmissionValidate operation. type ActionSubmissionValidateOK struct{} +type CookieAuth struct { + APIKey string +} + +// GetAPIKey returns the value of APIKey. +func (s *CookieAuth) GetAPIKey() string { + return s.APIKey +} + +// SetAPIKey sets the value of APIKey. +func (s *CookieAuth) SetAPIKey(val string) { + s.APIKey = val +} + // Represents error object. // Ref: #/components/schemas/Error type Error struct { diff --git a/pkg/api/oas_security_gen.go b/pkg/api/oas_security_gen.go new file mode 100644 index 0000000..a9749fa --- /dev/null +++ b/pkg/api/oas_security_gen.go @@ -0,0 +1,74 @@ +// Code generated by ogen, DO NOT EDIT. + +package api + +import ( + "context" + "net/http" + "strings" + + "github.com/go-faster/errors" + + "github.com/ogen-go/ogen/ogenerrors" +) + +// SecurityHandler is handler for security parameters. +type SecurityHandler interface { + // HandleCookieAuth handles cookieAuth security. + HandleCookieAuth(ctx context.Context, operationName OperationName, t CookieAuth) (context.Context, error) +} + +func findAuthorization(h http.Header, prefix string) (string, bool) { + v, ok := h["Authorization"] + if !ok { + return "", false + } + for _, vv := range v { + scheme, value, ok := strings.Cut(vv, " ") + if !ok || !strings.EqualFold(scheme, prefix) { + continue + } + return value, true + } + return "", false +} + +func (s *Server) securityCookieAuth(ctx context.Context, operationName OperationName, req *http.Request) (context.Context, bool, error) { + var t CookieAuth + const parameterName = "SESSIONID" + var value string + switch cookie, err := req.Cookie(parameterName); { + case err == nil: // if NO error + value = cookie.Value + case errors.Is(err, http.ErrNoCookie): + return ctx, false, nil + default: + return nil, false, errors.Wrap(err, "get cookie value") + } + t.APIKey = value + rctx, err := s.sec.HandleCookieAuth(ctx, operationName, t) + if errors.Is(err, ogenerrors.ErrSkipServerSecurity) { + return nil, false, nil + } else if err != nil { + return nil, false, err + } + return rctx, true, err +} + +// SecuritySource is provider of security values (tokens, passwords, etc.). +type SecuritySource interface { + // CookieAuth provides cookieAuth security value. + CookieAuth(ctx context.Context, operationName OperationName) (CookieAuth, error) +} + +func (s *Client) securityCookieAuth(ctx context.Context, operationName OperationName, req *http.Request) error { + t, err := s.sec.CookieAuth(ctx, operationName) + if err != nil { + return errors.Wrap(err, "security source \"CookieAuth\"") + } + req.AddCookie(&http.Cookie{ + Name: "SESSIONID", + Value: t.APIKey, + }) + return nil +} diff --git a/pkg/api/oas_server_gen.go b/pkg/api/oas_server_gen.go index 0e0b450..dffbfd3 100644 --- a/pkg/api/oas_server_gen.go +++ b/pkg/api/oas_server_gen.go @@ -95,18 +95,20 @@ type Handler interface { // Server implements http server based on OpenAPI v3 specification and // calls Handler to handle requests. type Server struct { - h Handler + h Handler + sec SecurityHandler baseServer } // NewServer creates new Server. -func NewServer(h Handler, opts ...ServerOption) (*Server, error) { +func NewServer(h Handler, sec SecurityHandler, opts ...ServerOption) (*Server, error) { s, err := newServerConfig(opts...).baseServer() if err != nil { return nil, err } return &Server{ h: h, + sec: sec, baseServer: s, }, nil }