b0esche/b0esche_cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix context key type mismatch causing org files 500 error

Browse Source 
- Export ContextKey type and context keys from middleware package
- Use exported keys (UserKey, SessionKey, TokenKey, OrgKey) in handlers
- Fixes panic: interface conversion: interface {} is nil, not uuid.UUID
- The middleware was setting context with contextKey type but handlers
  were retrieving with string type, causing nil value lookup failure
This commit is contained in:
Leon Bösche
2026-01-11 03:30:31 +01:00
parent 39e0eb0efd
commit e9517a5a4d
2 changed files with 25 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
go_cloud/internal/http/routes.go
View File

@@ -356,7 +356,7 @@ func createOrgHandler(w http.ResponseWriter, r *http.Request, db *database.DB, a
func listFilesHandler(w http.ResponseWriter, r *http.Request, db *database.DB) { func listFilesHandler(w http.ResponseWriter, r *http.Request, db *database.DB) {
// Org ID is provided by middleware.Org // Org ID is provided by middleware.Org
orgID := r.Context().Value("org").(uuid.UUID) orgID := r.Context().Value(middleware.OrgKey).(uuid.UUID)
// Query params: path, q (search), page, pageSize // Query params: path, q (search), page, pageSize
path := r.URL.Query().Get("path") path := r.URL.Query().Get("path")
if path == "" { if path == "" {
@@ -399,7 +399,7 @@ func listFilesHandler(w http.ResponseWriter, r *http.Request, db *database.DB) {
func viewerHandler(w http.ResponseWriter, r *http.Request, db *database.DB, auditLogger *audit.Logger) { func viewerHandler(w http.ResponseWriter, r *http.Request, db *database.DB, auditLogger *audit.Logger) {
userIDStr, _ := middleware.GetUserID(r.Context()) userIDStr, _ := middleware.GetUserID(r.Context())
userID, _ := uuid.Parse(userIDStr) userID, _ := uuid.Parse(userIDStr)
orgID := r.Context().Value("org").(uuid.UUID) orgID := r.Context().Value(middleware.OrgKey).(uuid.UUID)
fileId := chi.URLParam(r, "fileId") fileId := chi.URLParam(r, "fileId")
// Get file metadata to determine path and type // Get file metadata to determine path and type
@@ -535,7 +535,7 @@ func userViewerHandler(w http.ResponseWriter, r *http.Request, db *database.DB,
func editorHandler(w http.ResponseWriter, r *http.Request, db *database.DB, auditLogger *audit.Logger) { func editorHandler(w http.ResponseWriter, r *http.Request, db *database.DB, auditLogger *audit.Logger) {
userIDStr, _ := middleware.GetUserID(r.Context()) userIDStr, _ := middleware.GetUserID(r.Context())
userID, _ := uuid.Parse(userIDStr) userID, _ := uuid.Parse(userIDStr)
orgID := r.Context().Value("org").(uuid.UUID) orgID := r.Context().Value(middleware.OrgKey).(uuid.UUID)
fileId := chi.URLParam(r, "fileId") fileId := chi.URLParam(r, "fileId")
// Get file metadata to determine path and type // Get file metadata to determine path and type
@@ -584,7 +584,7 @@ func editorHandler(w http.ResponseWriter, r *http.Request, db *database.DB, audi
func annotationsHandler(w http.ResponseWriter, r *http.Request, db *database.DB, auditLogger *audit.Logger) { func annotationsHandler(w http.ResponseWriter, r *http.Request, db *database.DB, auditLogger *audit.Logger) {
userIDStr, _ := middleware.GetUserID(r.Context()) userIDStr, _ := middleware.GetUserID(r.Context())
userID, _ := uuid.Parse(userIDStr) userID, _ := uuid.Parse(userIDStr)
orgID := r.Context().Value("org").(uuid.UUID) orgID := r.Context().Value(middleware.OrgKey).(uuid.UUID)
fileId := chi.URLParam(r, "fileId") fileId := chi.URLParam(r, "fileId")
// Parse payload // Parse payload
@@ -612,7 +612,7 @@ func annotationsHandler(w http.ResponseWriter, r *http.Request, db *database.DB,
} }
func activityHandler(w http.ResponseWriter, r *http.Request, db *database.DB) { func activityHandler(w http.ResponseWriter, r *http.Request, db *database.DB) {
orgID := r.Context().Value("org").(uuid.UUID) orgID := r.Context().Value(middleware.OrgKey).(uuid.UUID)
activities, err := db.GetOrgActivities(r.Context(), orgID, 50) activities, err := db.GetOrgActivities(r.Context(), orgID, 50)
if err != nil { if err != nil {
@@ -626,7 +626,7 @@ func activityHandler(w http.ResponseWriter, r *http.Request, db *database.DB) {
} }
func listMembersHandler(w http.ResponseWriter, r *http.Request, db *database.DB) { func listMembersHandler(w http.ResponseWriter, r *http.Request, db *database.DB) {
orgID := r.Context().Value("org").(uuid.UUID) orgID := r.Context().Value(middleware.OrgKey).(uuid.UUID)
members, err := db.GetOrgMembers(r.Context(), orgID) members, err := db.GetOrgMembers(r.Context(), orgID)
if err != nil { if err != nil {
@@ -640,7 +640,7 @@ func listMembersHandler(w http.ResponseWriter, r *http.Request, db *database.DB)
} }
func updateMemberRoleHandler(w http.ResponseWriter, r *http.Request, db *database.DB, auditLogger *audit.Logger) { func updateMemberRoleHandler(w http.ResponseWriter, r *http.Request, db *database.DB, auditLogger *audit.Logger) {
orgID := r.Context().Value("org").(uuid.UUID) orgID := r.Context().Value(middleware.OrgKey).(uuid.UUID)
userIDStr := chi.URLParam(r, "userId") userIDStr := chi.URLParam(r, "userId")
userID, err := uuid.Parse(userIDStr) userID, err := uuid.Parse(userIDStr)
if err != nil { if err != nil {
@@ -1076,7 +1076,7 @@ func userFilesHandler(w http.ResponseWriter, r *http.Request, db *database.DB) {
// createOrgFileHandler creates a file or folder record for an org workspace. // createOrgFileHandler creates a file or folder record for an org workspace.
func createOrgFileHandler(w http.ResponseWriter, r *http.Request, db *database.DB, auditLogger *audit.Logger, cfg *config.Config) { func createOrgFileHandler(w http.ResponseWriter, r *http.Request, db *database.DB, auditLogger *audit.Logger, cfg *config.Config) {
orgID := r.Context().Value("org").(uuid.UUID) orgID := r.Context().Value(middleware.OrgKey).(uuid.UUID)
userIDStr, _ := middleware.GetUserID(r.Context()) userIDStr, _ := middleware.GetUserID(r.Context())
userID, _ := uuid.Parse(userIDStr) userID, _ := uuid.Parse(userIDStr)
var f *database.File var f *database.File
@@ -1183,7 +1183,7 @@ func createOrgFileHandler(w http.ResponseWriter, r *http.Request, db *database.D
// deleteOrgFileHandler deletes a file/folder in org workspace by path // deleteOrgFileHandler deletes a file/folder in org workspace by path
func deleteOrgFileHandler(w http.ResponseWriter, r *http.Request, db *database.DB, auditLogger *audit.Logger, cfg *config.Config) { func deleteOrgFileHandler(w http.ResponseWriter, r *http.Request, db *database.DB, auditLogger *audit.Logger, cfg *config.Config) {
orgID := r.Context().Value("org").(uuid.UUID) orgID := r.Context().Value(middleware.OrgKey).(uuid.UUID)
userIDStr, _ := middleware.GetUserID(r.Context()) userIDStr, _ := middleware.GetUserID(r.Context())
userID, _ := uuid.Parse(userIDStr) userID, _ := uuid.Parse(userIDStr)
@@ -1388,7 +1388,7 @@ func deleteUserFileHandler(w http.ResponseWriter, r *http.Request, db *database.
// downloadOrgFileHandler downloads a file from org workspace // downloadOrgFileHandler downloads a file from org workspace
func downloadOrgFileHandler(w http.ResponseWriter, r *http.Request, db *database.DB, cfg *config.Config) { func downloadOrgFileHandler(w http.ResponseWriter, r *http.Request, db *database.DB, cfg *config.Config) {
orgID := r.Context().Value("org").(uuid.UUID) orgID := r.Context().Value(middleware.OrgKey).(uuid.UUID)
userIDStr, _ := middleware.GetUserID(r.Context()) userIDStr, _ := middleware.GetUserID(r.Context())
userID, _ := uuid.Parse(userIDStr) userID, _ := uuid.Parse(userIDStr)

30
go_cloud/internal/middleware/middleware.go
View File

@@ -64,30 +64,30 @@ var RateLimit = func(next http.Handler) http.Handler {
}) })
} }
type contextKey string type ContextKey string
const ( const (
userKey contextKey = "user" UserKey ContextKey = "user"
sessionKey contextKey = "session" SessionKey ContextKey = "session"
tokenKey contextKey = "token" TokenKey ContextKey = "token"
orgKey contextKey = "org" OrgKey ContextKey = "org"
) )
// GetUserID retrieves the user ID from the request context // GetUserID retrieves the user ID from the request context
func GetUserID(ctx context.Context) (string, bool) { func GetUserID(ctx context.Context) (string, bool) {
userID, ok := ctx.Value(userKey).(string) userID, ok := ctx.Value(UserKey).(string)
return userID, ok return userID, ok
} }
// GetSession retrieves the session from the request context // GetSession retrieves the session from the request context
func GetSession(ctx context.Context) (*database.Session, bool) { func GetSession(ctx context.Context) (*database.Session, bool) {
session, ok := ctx.Value(sessionKey).(*database.Session) session, ok := ctx.Value(SessionKey).(*database.Session)
return session, ok return session, ok
} }
// GetToken retrieves the JWT token from the request context // GetToken retrieves the JWT token from the request context
func GetToken(ctx context.Context) (string, bool) { func GetToken(ctx context.Context) (string, bool) {
token, ok := ctx.Value(tokenKey).(string) token, ok := ctx.Value(TokenKey).(string)
return token, ok return token, ok
} }
@@ -108,9 +108,9 @@ func Auth(jwtManager *jwt.Manager, db *database.DB) func(http.Handler) http.Hand
return return
} }
ctx := context.WithValue(r.Context(), userKey, claims.UserID) ctx := context.WithValue(r.Context(), UserKey, claims.UserID)
ctx = context.WithValue(ctx, sessionKey, session) ctx = context.WithValue(ctx, SessionKey, session)
ctx = context.WithValue(ctx, tokenKey, tokenString) ctx = context.WithValue(ctx, TokenKey, tokenString)
next.ServeHTTP(w, r.WithContext(ctx)) next.ServeHTTP(w, r.WithContext(ctx))
}) })
} }
@@ -120,7 +120,7 @@ func Auth(jwtManager *jwt.Manager, db *database.DB) func(http.Handler) http.Hand
func Org(db *database.DB, auditLogger *audit.Logger) func(http.Handler) http.Handler { func Org(db *database.DB, auditLogger *audit.Logger) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler { return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
userIDStr := r.Context().Value(userKey).(string) userIDStr := r.Context().Value(UserKey).(string)
userID, _ := uuid.Parse(userIDStr) userID, _ := uuid.Parse(userIDStr)
orgIDStr := r.Header.Get("X-Org-ID") orgIDStr := r.Header.Get("X-Org-ID")
@@ -159,7 +159,7 @@ func Org(db *database.DB, auditLogger *audit.Logger) func(http.Handler) http.Han
return return
} }
ctx := context.WithValue(r.Context(), orgKey, orgID) ctx := context.WithValue(r.Context(), OrgKey, orgID)
next.ServeHTTP(w, r.WithContext(ctx)) next.ServeHTTP(w, r.WithContext(ctx))
}) })
} }
@@ -169,9 +169,9 @@ func Org(db *database.DB, auditLogger *audit.Logger) func(http.Handler) http.Han
func Permission(db *database.DB, auditLogger *audit.Logger, perm permission.Permission) func(http.Handler) http.Handler { func Permission(db *database.DB, auditLogger *audit.Logger, perm permission.Permission) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler { return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
userIDStr := r.Context().Value(userKey).(string) userIDStr := r.Context().Value(UserKey).(string)
userID, _ := uuid.Parse(userIDStr) userID, _ := uuid.Parse(userIDStr)
orgID := r.Context().Value(orgKey).(uuid.UUID) orgID := r.Context().Value(OrgKey).(uuid.UUID)
hasPerm, err := permission.HasPermission(r.Context(), db, userID, orgID, perm) hasPerm, err := permission.HasPermission(r.Context(), db, userID, orgID, perm)
if err != nil || !hasPerm { if err != nil || !hasPerm {