web: switch to using /api/session/validate for determining if the user is not logged in

openapi: generate
openapi: opt out of security for get requests
2025-03-26 20:22:31 -07:00 · 2025-03-26 20:17:03 -07:00 · 2025-03-26 20:16:44 -07:00 · 2025-03-26 17:23:21 -07:00
4 changed files with 9 additions and 559 deletions
--- a/openapi.yaml
+++ b/openapi.yaml
@ -61,6 +61,7 @@ paths:
      operationId: sessionValidate
      tags:
        - Session
      security: []
      responses:
        "200":
          description: Successful response
@ -80,6 +81,7 @@ paths:
      operationId: listSubmissions
      tags:
        - Submissions
      security: []
      parameters:
      - $ref: "#/components/parameters/Page"
      - $ref: "#/components/parameters/Limit"
@ -148,6 +150,7 @@ paths:
      operationId: getSubmission
      tags:
        - Submissions
      security: []
      parameters:
        - $ref: '#/components/parameters/SubmissionID'
      responses:
@ -376,6 +379,7 @@ paths:
      operationId: listScriptPolicy
      tags:
        - ScriptPolicy
      security: []
      parameters:
      - $ref: "#/components/parameters/Page"
      - $ref: "#/components/parameters/Limit"
@ -440,6 +444,7 @@ paths:
      operationId: getScriptPolicy
      tags:
        - ScriptPolicy
      security: []
      parameters:
        - $ref: '#/components/parameters/ScriptPolicyID'
      responses:
@ -499,6 +504,7 @@ paths:
      operationId: listScripts
      tags:
        - Script
      security: []
      parameters:
      - $ref: "#/components/parameters/Page"
      - $ref: "#/components/parameters/Limit"
@ -568,6 +574,7 @@ paths:
      operationId: getScript
      tags:
        - Scripts
      security: []
      parameters:
        - $ref: '#/components/parameters/ScriptID'
      responses:
--- a/pkg/api/oas_client_gen.go
+++ b/pkg/api/oas_client_gen.go
@ -1878,39 +1878,6 @@ func (c *Client) sendGetScript(ctx context.Context, params GetScriptParams) (res
 		return res, errors.Wrap(err, "create request")
 	}
 	{
 		type bitset = [1]uint8
 		var satisfied bitset
 		{
 			stage = "Security:CookieAuth"
 			switch err := c.securityCookieAuth(ctx, GetScriptOperation, r); {
 			case err == nil: // if NO error
 				satisfied[0] |= 1 << 0
 			case errors.Is(err, ogenerrors.ErrSkipClientSecurity):
 				// Skip this security.
 			default:
 				return res, errors.Wrap(err, "security \"CookieAuth\"")
 			}
 		}
 		if ok := func() bool {
 		nextRequirement:
 			for _, requirement := range []bitset{
 				{0b00000001},
 			} {
 				for i, mask := range requirement {
 					if satisfied[i]&mask != mask {
 						continue nextRequirement
 					}
 				}
 				return true
 			}
 			return false
 		}(); !ok {
 			return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied
 		}
 	}
 	stage = "SendRequest"
 	resp, err := c.cfg.Client.Do(r)
 	if err != nil {
@ -2001,39 +1968,6 @@ func (c *Client) sendGetScriptPolicy(ctx context.Context, params GetScriptPolicy
 		return res, errors.Wrap(err, "create request")
 	}
 	{
 		type bitset = [1]uint8
 		var satisfied bitset
 		{
 			stage = "Security:CookieAuth"
 			switch err := c.securityCookieAuth(ctx, GetScriptPolicyOperation, r); {
 			case err == nil: // if NO error
 				satisfied[0] |= 1 << 0
 			case errors.Is(err, ogenerrors.ErrSkipClientSecurity):
 				// Skip this security.
 			default:
 				return res, errors.Wrap(err, "security \"CookieAuth\"")
 			}
 		}
 		if ok := func() bool {
 		nextRequirement:
 			for _, requirement := range []bitset{
 				{0b00000001},
 			} {
 				for i, mask := range requirement {
 					if satisfied[i]&mask != mask {
 						continue nextRequirement
 					}
 				}
 				return true
 			}
 			return false
 		}(); !ok {
 			return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied
 		}
 	}
 	stage = "SendRequest"
 	resp, err := c.cfg.Client.Do(r)
 	if err != nil {
@ -2124,39 +2058,6 @@ func (c *Client) sendGetSubmission(ctx context.Context, params GetSubmissionPara
 		return res, errors.Wrap(err, "create request")
 	}
 	{
 		type bitset = [1]uint8
 		var satisfied bitset
 		{
 			stage = "Security:CookieAuth"
 			switch err := c.securityCookieAuth(ctx, GetSubmissionOperation, r); {
 			case err == nil: // if NO error
 				satisfied[0] |= 1 << 0
 			case errors.Is(err, ogenerrors.ErrSkipClientSecurity):
 				// Skip this security.
 			default:
 				return res, errors.Wrap(err, "security \"CookieAuth\"")
 			}
 		}
 		if ok := func() bool {
 		nextRequirement:
 			for _, requirement := range []bitset{
 				{0b00000001},
 			} {
 				for i, mask := range requirement {
 					if satisfied[i]&mask != mask {
 						continue nextRequirement
 					}
 				}
 				return true
 			}
 			return false
 		}(); !ok {
 			return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied
 		}
 	}
 	stage = "SendRequest"
 	resp, err := c.cfg.Client.Do(r)
 	if err != nil {
@ -2312,39 +2213,6 @@ func (c *Client) sendListScriptPolicy(ctx context.Context, params ListScriptPoli
 		return res, errors.Wrap(err, "create request")
 	}
 	{
 		type bitset = [1]uint8
 		var satisfied bitset
 		{
 			stage = "Security:CookieAuth"
 			switch err := c.securityCookieAuth(ctx, ListScriptPolicyOperation, r); {
 			case err == nil: // if NO error
 				satisfied[0] |= 1 << 0
 			case errors.Is(err, ogenerrors.ErrSkipClientSecurity):
 				// Skip this security.
 			default:
 				return res, errors.Wrap(err, "security \"CookieAuth\"")
 			}
 		}
 		if ok := func() bool {
 		nextRequirement:
 			for _, requirement := range []bitset{
 				{0b00000001},
 			} {
 				for i, mask := range requirement {
 					if satisfied[i]&mask != mask {
 						continue nextRequirement
 					}
 				}
 				return true
 			}
 			return false
 		}(); !ok {
 			return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied
 		}
 	}
 	stage = "SendRequest"
 	resp, err := c.cfg.Client.Do(r)
 	if err != nil {
@ -2517,39 +2385,6 @@ func (c *Client) sendListScripts(ctx context.Context, params ListScriptsParams)
 		return res, errors.Wrap(err, "create request")
 	}
 	{
 		type bitset = [1]uint8
 		var satisfied bitset
 		{
 			stage = "Security:CookieAuth"
 			switch err := c.securityCookieAuth(ctx, ListScriptsOperation, r); {
 			case err == nil: // if NO error
 				satisfied[0] |= 1 << 0
 			case errors.Is(err, ogenerrors.ErrSkipClientSecurity):
 				// Skip this security.
 			default:
 				return res, errors.Wrap(err, "security \"CookieAuth\"")
 			}
 		}
 		if ok := func() bool {
 		nextRequirement:
 			for _, requirement := range []bitset{
 				{0b00000001},
 			} {
 				for i, mask := range requirement {
 					if satisfied[i]&mask != mask {
 						continue nextRequirement
 					}
 				}
 				return true
 			}
 			return false
 		}(); !ok {
 			return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied
 		}
 	}
 	stage = "SendRequest"
 	resp, err := c.cfg.Client.Do(r)
 	if err != nil {
@ -2722,39 +2557,6 @@ func (c *Client) sendListSubmissions(ctx context.Context, params ListSubmissions
 		return res, errors.Wrap(err, "create request")
 	}
 	{
 		type bitset = [1]uint8
 		var satisfied bitset
 		{
 			stage = "Security:CookieAuth"
 			switch err := c.securityCookieAuth(ctx, ListSubmissionsOperation, r); {
 			case err == nil: // if NO error
 				satisfied[0] |= 1 << 0
 			case errors.Is(err, ogenerrors.ErrSkipClientSecurity):
 				// Skip this security.
 			default:
 				return res, errors.Wrap(err, "security \"CookieAuth\"")
 			}
 		}
 		if ok := func() bool {
 		nextRequirement:
 			for _, requirement := range []bitset{
 				{0b00000001},
 			} {
 				for i, mask := range requirement {
 					if satisfied[i]&mask != mask {
 						continue nextRequirement
 					}
 				}
 				return true
 			}
 			return false
 		}(); !ok {
 			return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied
 		}
 	}
 	stage = "SendRequest"
 	resp, err := c.cfg.Client.Do(r)
 	if err != nil {
@ -3145,39 +2947,6 @@ func (c *Client) sendSessionValidate(ctx context.Context) (res bool, err error)
 		return res, errors.Wrap(err, "create request")
 	}
 	{
 		type bitset = [1]uint8
 		var satisfied bitset
 		{
 			stage = "Security:CookieAuth"
 			switch err := c.securityCookieAuth(ctx, SessionValidateOperation, r); {
 			case err == nil: // if NO error
 				satisfied[0] |= 1 << 0
 			case errors.Is(err, ogenerrors.ErrSkipClientSecurity):
 				// Skip this security.
 			default:
 				return res, errors.Wrap(err, "security \"CookieAuth\"")
 			}
 		}
 		if ok := func() bool {
 		nextRequirement:
 			for _, requirement := range []bitset{
 				{0b00000001},
 			} {
 				for i, mask := range requirement {
 					if satisfied[i]&mask != mask {
 						continue nextRequirement
 					}
 				}
 				return true
 			}
 			return false
 		}(); !ok {
 			return res, ogenerrors.ErrSecurityRequirementIsNotSatisfied
 		}
 	}
 	stage = "SendRequest"
 	resp, err := c.cfg.Client.Do(r)
 	if err != nil {
--- a/pkg/api/oas_handlers_gen.go
+++ b/pkg/api/oas_handlers_gen.go
@ -2639,52 +2639,6 @@ func (s *Server) handleGetScriptRequest(args [1]string, argsEscaped bool, w http
 			ID:   "getScript",
 		}
 	)
 	{
 		type bitset = [1]uint8
 		var satisfied bitset
 		{
 			sctx, ok, err := s.securityCookieAuth(ctx, GetScriptOperation, r)
 			if err != nil {
 				err = &ogenerrors.SecurityError{
 					OperationContext: opErrContext,
 					Security:         "CookieAuth",
 					Err:              err,
 				}
 				if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil {
 					defer recordError("Security:CookieAuth", err)
 				}
 				return
 			}
 			if ok {
 				satisfied[0] |= 1 << 0
 				ctx = sctx
 			}
 		}
 		if ok := func() bool {
 		nextRequirement:
 			for _, requirement := range []bitset{
 				{0b00000001},
 			} {
 				for i, mask := range requirement {
 					if satisfied[i]&mask != mask {
 						continue nextRequirement
 					}
 				}
 				return true
 			}
 			return false
 		}(); !ok {
 			err = &ogenerrors.SecurityError{
 				OperationContext: opErrContext,
 				Err:              ogenerrors.ErrSecurityRequirementIsNotSatisfied,
 			}
 			if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil {
 				defer recordError("Security", err)
 			}
 			return
 		}
 	}
 	params, err := decodeGetScriptParams(args, argsEscaped, r)
 	if err != nil {
 		err = &ogenerrors.DecodeParamsError{
@ -2834,52 +2788,6 @@ func (s *Server) handleGetScriptPolicyRequest(args [1]string, argsEscaped bool,
 			ID:   "getScriptPolicy",
 		}
 	)
 	{
 		type bitset = [1]uint8
 		var satisfied bitset
 		{
 			sctx, ok, err := s.securityCookieAuth(ctx, GetScriptPolicyOperation, r)
 			if err != nil {
 				err = &ogenerrors.SecurityError{
 					OperationContext: opErrContext,
 					Security:         "CookieAuth",
 					Err:              err,
 				}
 				if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil {
 					defer recordError("Security:CookieAuth", err)
 				}
 				return
 			}
 			if ok {
 				satisfied[0] |= 1 << 0
 				ctx = sctx
 			}
 		}
 		if ok := func() bool {
 		nextRequirement:
 			for _, requirement := range []bitset{
 				{0b00000001},
 			} {
 				for i, mask := range requirement {
 					if satisfied[i]&mask != mask {
 						continue nextRequirement
 					}
 				}
 				return true
 			}
 			return false
 		}(); !ok {
 			err = &ogenerrors.SecurityError{
 				OperationContext: opErrContext,
 				Err:              ogenerrors.ErrSecurityRequirementIsNotSatisfied,
 			}
 			if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil {
 				defer recordError("Security", err)
 			}
 			return
 		}
 	}
 	params, err := decodeGetScriptPolicyParams(args, argsEscaped, r)
 	if err != nil {
 		err = &ogenerrors.DecodeParamsError{
@ -3029,52 +2937,6 @@ func (s *Server) handleGetSubmissionRequest(args [1]string, argsEscaped bool, w
 			ID:   "getSubmission",
 		}
 	)
 	{
 		type bitset = [1]uint8
 		var satisfied bitset
 		{
 			sctx, ok, err := s.securityCookieAuth(ctx, GetSubmissionOperation, r)
 			if err != nil {
 				err = &ogenerrors.SecurityError{
 					OperationContext: opErrContext,
 					Security:         "CookieAuth",
 					Err:              err,
 				}
 				if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil {
 					defer recordError("Security:CookieAuth", err)
 				}
 				return
 			}
 			if ok {
 				satisfied[0] |= 1 << 0
 				ctx = sctx
 			}
 		}
 		if ok := func() bool {
 		nextRequirement:
 			for _, requirement := range []bitset{
 				{0b00000001},
 			} {
 				for i, mask := range requirement {
 					if satisfied[i]&mask != mask {
 						continue nextRequirement
 					}
 				}
 				return true
 			}
 			return false
 		}(); !ok {
 			err = &ogenerrors.SecurityError{
 				OperationContext: opErrContext,
 				Err:              ogenerrors.ErrSecurityRequirementIsNotSatisfied,
 			}
 			if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil {
 				defer recordError("Security", err)
 			}
 			return
 		}
 	}
 	params, err := decodeGetSubmissionParams(args, argsEscaped, r)
 	if err != nil {
 		err = &ogenerrors.DecodeParamsError{
@ -3224,52 +3086,6 @@ func (s *Server) handleListScriptPolicyRequest(args [0]string, argsEscaped bool,
 			ID:   "listScriptPolicy",
 		}
 	)
 	{
 		type bitset = [1]uint8
 		var satisfied bitset
 		{
 			sctx, ok, err := s.securityCookieAuth(ctx, ListScriptPolicyOperation, r)
 			if err != nil {
 				err = &ogenerrors.SecurityError{
 					OperationContext: opErrContext,
 					Security:         "CookieAuth",
 					Err:              err,
 				}
 				if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil {
 					defer recordError("Security:CookieAuth", err)
 				}
 				return
 			}
 			if ok {
 				satisfied[0] |= 1 << 0
 				ctx = sctx
 			}
 		}
 		if ok := func() bool {
 		nextRequirement:
 			for _, requirement := range []bitset{
 				{0b00000001},
 			} {
 				for i, mask := range requirement {
 					if satisfied[i]&mask != mask {
 						continue nextRequirement
 					}
 				}
 				return true
 			}
 			return false
 		}(); !ok {
 			err = &ogenerrors.SecurityError{
 				OperationContext: opErrContext,
 				Err:              ogenerrors.ErrSecurityRequirementIsNotSatisfied,
 			}
 			if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil {
 				defer recordError("Security", err)
 			}
 			return
 		}
 	}
 	params, err := decodeListScriptPolicyParams(args, argsEscaped, r)
 	if err != nil {
 		err = &ogenerrors.DecodeParamsError{
@ -3435,52 +3251,6 @@ func (s *Server) handleListScriptsRequest(args [0]string, argsEscaped bool, w ht
 			ID:   "listScripts",
 		}
 	)
 	{
 		type bitset = [1]uint8
 		var satisfied bitset
 		{
 			sctx, ok, err := s.securityCookieAuth(ctx, ListScriptsOperation, r)
 			if err != nil {
 				err = &ogenerrors.SecurityError{
 					OperationContext: opErrContext,
 					Security:         "CookieAuth",
 					Err:              err,
 				}
 				if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil {
 					defer recordError("Security:CookieAuth", err)
 				}
 				return
 			}
 			if ok {
 				satisfied[0] |= 1 << 0
 				ctx = sctx
 			}
 		}
 		if ok := func() bool {
 		nextRequirement:
 			for _, requirement := range []bitset{
 				{0b00000001},
 			} {
 				for i, mask := range requirement {
 					if satisfied[i]&mask != mask {
 						continue nextRequirement
 					}
 				}
 				return true
 			}
 			return false
 		}(); !ok {
 			err = &ogenerrors.SecurityError{
 				OperationContext: opErrContext,
 				Err:              ogenerrors.ErrSecurityRequirementIsNotSatisfied,
 			}
 			if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil {
 				defer recordError("Security", err)
 			}
 			return
 		}
 	}
 	params, err := decodeListScriptsParams(args, argsEscaped, r)
 	if err != nil {
 		err = &ogenerrors.DecodeParamsError{
@ -3650,52 +3420,6 @@ func (s *Server) handleListSubmissionsRequest(args [0]string, argsEscaped bool,
 			ID:   "listSubmissions",
 		}
 	)
 	{
 		type bitset = [1]uint8
 		var satisfied bitset
 		{
 			sctx, ok, err := s.securityCookieAuth(ctx, ListSubmissionsOperation, r)
 			if err != nil {
 				err = &ogenerrors.SecurityError{
 					OperationContext: opErrContext,
 					Security:         "CookieAuth",
 					Err:              err,
 				}
 				if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil {
 					defer recordError("Security:CookieAuth", err)
 				}
 				return
 			}
 			if ok {
 				satisfied[0] |= 1 << 0
 				ctx = sctx
 			}
 		}
 		if ok := func() bool {
 		nextRequirement:
 			for _, requirement := range []bitset{
 				{0b00000001},
 			} {
 				for i, mask := range requirement {
 					if satisfied[i]&mask != mask {
 						continue nextRequirement
 					}
 				}
 				return true
 			}
 			return false
 		}(); !ok {
 			err = &ogenerrors.SecurityError{
 				OperationContext: opErrContext,
 				Err:              ogenerrors.ErrSecurityRequirementIsNotSatisfied,
 			}
 			if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil {
 				defer recordError("Security", err)
 			}
 			return
 		}
 	}
 	params, err := decodeListSubmissionsParams(args, argsEscaped, r)
 	if err != nil {
 		err = &ogenerrors.DecodeParamsError{
@ -4414,58 +4138,8 @@ func (s *Server) handleSessionValidateRequest(args [0]string, argsEscaped bool,
 			s.errors.Add(ctx, 1, metric.WithAttributes(attrs...))
 		}
-		err          error
+		err error
 		opErrContext = ogenerrors.OperationContext{
 			Name: SessionValidateOperation,
 			ID:   "sessionValidate",
 		}
 	)
 	{
 		type bitset = [1]uint8
 		var satisfied bitset
 		{
 			sctx, ok, err := s.securityCookieAuth(ctx, SessionValidateOperation, r)
 			if err != nil {
 				err = &ogenerrors.SecurityError{
 					OperationContext: opErrContext,
 					Security:         "CookieAuth",
 					Err:              err,
 				}
 				if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil {
 					defer recordError("Security:CookieAuth", err)
 				}
 				return
 			}
 			if ok {
 				satisfied[0] |= 1 << 0
 				ctx = sctx
 			}
 		}
 		if ok := func() bool {
 		nextRequirement:
 			for _, requirement := range []bitset{
 				{0b00000001},
 			} {
 				for i, mask := range requirement {
 					if satisfied[i]&mask != mask {
 						continue nextRequirement
 					}
 				}
 				return true
 			}
 			return false
 		}(); !ok {
 			err = &ogenerrors.SecurityError{
 				OperationContext: opErrContext,
 				Err:              ogenerrors.ErrSecurityRequirementIsNotSatisfied,
 			}
 			if encodeErr := encodeErrorResponse(s.h.NewError(ctx, err), w, span); encodeErr != nil {
 				defer recordError("Security", err)
 			}
 			return
 		}
 	}
 	var response bool
 	if m := s.cfg.Middleware; m != nil {
--- a/web/src/app/_components/webpage.tsx
+++ b/web/src/app/_components/webpage.tsx
@ -30,4 +30,4 @@ export default function Webpage({children}: Readonly<{children?: React.ReactNode
 		<Header/>
 		{children}
 	</>
-}
+}
Author	SHA1	Message	Date
rhpidfyre	8b06a1414d	web: switch to using `/api/session/validate` for determining if the user is not logged in	2025-03-26 20:22:31 -07:00
Quaternions	79c21b62d8	openapi: generate	2025-03-26 20:17:03 -07:00
Quaternions	032f0e8739	openapi: opt out of security for get requests	2025-03-26 20:16:44 -07:00
Quaternions	251a24efae	web: Revert auth redirect	2025-03-26 17:23:21 -07:00