gateway: move remaining get of current user from api to action

internal/services/gateway/action/org.go

@@ -184,14 +184,13 @@ func (h *ActionHandler) GetOrgMembers(ctx context.Context, req *GetOrgMembersReq
 type CreateOrgRequest struct {
 	Name       string
 	Visibility cstypes.Visibility
-
-	CreatorUserID string
 }
 
 func (h *ActionHandler) CreateOrg(ctx context.Context, req *CreateOrgRequest) (*cstypes.Organization, error) {
 	if !common.IsUserLoggedOrAdmin(ctx) {
-		return nil, errors.Errorf("user not logged in")
+		return nil, util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authenticated"))
 	}
+	curUserID := common.CurrentUserID(ctx)
 
 	if req.Name == "" {
 		return nil, util.NewAPIError(util.ErrBadRequest, util.WithAPIErrorMsg("organization name required"), serrors.InvalidOrganizationName())
@@ -204,11 +203,9 @@ func (h *ActionHandler) CreateOrg(ctx context.Context, req *CreateOrgRequest) (*
 	}
 
 	creq := &csapitypes.CreateOrgRequest{
-		Name:       req.Name,
-		Visibility: req.Visibility,
-	}
-	if req.CreatorUserID != "" {
-		creq.CreatorUserID = req.CreatorUserID
+		Name:          req.Name,
+		Visibility:    req.Visibility,
+		CreatorUserID: curUserID,
 	}
 
 	h.log.Info().Msgf("creating organization")
@@ -448,13 +445,13 @@ type OrgInvitationActionRequest struct {
 
 func (h *ActionHandler) OrgInvitationAction(ctx context.Context, req *OrgInvitationActionRequest) error {
 	if !req.Action.IsValid() {
-		return errors.Errorf("action is not valid")
+		return util.NewAPIError(util.ErrBadRequest, util.WithAPIErrorMsg("invalid action"))
 	}
 
-	userID := common.CurrentUserID(ctx)
-	if userID == "" {
+	if !common.IsUserLogged(ctx) {
 		return util.NewAPIError(util.ErrBadRequest, util.WithAPIErrorMsg("user not authenticated"))
 	}
+	userID := common.CurrentUserID(ctx)
 
 	orgInvitation, _, err := h.configstoreClient.GetOrgInvitation(ctx, req.OrgRef, userID)
 	if err != nil {

internal/services/gateway/action/project.go

@@ -112,7 +112,7 @@ func (h *ActionHandler) CreateProject(ctx context.Context, req *CreateProjectReq
 		return nil, util.NewAPIError(util.ErrBadRequest, util.WithAPIErrorMsg("project %q already exists", projectPath), serrors.ProjectAlreadyExists())
 	}
 
-	gitSource, rs, la, err := h.GetUserGitSource(ctx, req.RemoteSourceName, curUserID)
+	gitSource, rs, la, err := h.getUserGitSource(ctx, req.RemoteSourceName, curUserID)
 	if err != nil {
 		return nil, errors.Wrapf(err, "failed to create gitsource client")
 	}
@@ -239,6 +239,9 @@ func (h *ActionHandler) UpdateProject(ctx context.Context, projectRef string, re
 }
 
 func (h *ActionHandler) ProjectUpdateRepoLinkedAccount(ctx context.Context, projectRef string) (*csapitypes.Project, error) {
+	if !common.IsUserLogged(ctx) {
+		return nil, util.NewAPIError(util.ErrBadRequest, util.WithAPIErrorMsg("user not authenticated"))
+	}
 	curUserID := common.CurrentUserID(ctx)
 
 	p, _, err := h.configstoreClient.GetProject(ctx, projectRef)
@@ -254,7 +257,7 @@ func (h *ActionHandler) ProjectUpdateRepoLinkedAccount(ctx context.Context, proj
 		return nil, util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authorized"))
 	}
 
-	gitsource, _, la, err := h.GetUserGitSource(ctx, p.RemoteSourceID, curUserID)
+	gitsource, _, la, err := h.getUserGitSource(ctx, p.RemoteSourceID, curUserID)
 	if err != nil {
 		return nil, errors.Wrapf(err, "failed to create gitsource client")
 	}
@@ -434,6 +437,9 @@ func (h *ActionHandler) DeleteProject(ctx context.Context, projectRef string) er
 }
 
 func (h *ActionHandler) ProjectCreateRun(ctx context.Context, projectRef, branch, tag, refName, commitSHA string) error {
+	if !common.IsUserLogged(ctx) {
+		return util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authenticated"))
+	}
 	curUserID := common.CurrentUserID(ctx)
 
 	p, _, err := h.configstoreClient.GetProject(ctx, projectRef)
@@ -449,7 +455,7 @@ func (h *ActionHandler) ProjectCreateRun(ctx context.Context, projectRef, branch
 		return util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authorized"))
 	}
 
-	gitSource, rs, _, err := h.GetUserGitSource(ctx, p.RemoteSourceID, curUserID)
+	gitSource, rs, _, err := h.getUserGitSource(ctx, p.RemoteSourceID, curUserID)
 	if err != nil {
 		return errors.Wrapf(err, "failed to create gitsource client")
 	}
@@ -603,6 +609,11 @@ func (h *ActionHandler) getRemoteRepoAccessData(ctx context.Context, linkedAccou
 }
 
 func (h *ActionHandler) RefreshRemoteRepositoryInfo(ctx context.Context, projectRef string) (*csapitypes.Project, error) {
+	if !common.IsUserLogged(ctx) {
+		return nil, util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authenticated"))
+	}
+	curUserID := common.CurrentUserID(ctx)
+
 	p, err := h.GetProject(ctx, projectRef)
 	if err != nil {
 		return nil, APIErrorFromRemoteError(err, util.WithAPIErrorMsg("failed to get project %q", projectRef))
@@ -616,7 +627,7 @@ func (h *ActionHandler) RefreshRemoteRepositoryInfo(ctx context.Context, project
 		return nil, util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authorized"))
 	}
 
-	gitSource, _, _, err := h.GetUserGitSource(ctx, p.RemoteSourceID, common.CurrentUserID(ctx))
+	gitSource, _, _, err := h.getUserGitSource(ctx, p.RemoteSourceID, curUserID)
 	if err != nil {
 		return nil, APIErrorFromRemoteError(err, util.WithAPIErrorMsg("failed to get remote source %q", p.RemoteSourceID))
 	}

internal/services/gateway/action/projectgroup.go

@@ -21,6 +21,7 @@ import (
 	"github.com/sorintlab/errors"
 
 	serrors "agola.io/agola/internal/services/errors"
+	"agola.io/agola/internal/services/gateway/common"
 	"agola.io/agola/internal/util"
 	csapitypes "agola.io/agola/services/configstore/api/types"
 	cstypes "agola.io/agola/services/configstore/types"
@@ -64,13 +65,22 @@ func (h *ActionHandler) GetProjectGroupProjects(ctx context.Context, projectGrou
 }
 
 type CreateProjectGroupRequest struct {
-	CurrentUserID string
-	Name          string
-	ParentRef     string
-	Visibility    cstypes.Visibility
+	Name       string
+	ParentRef  string
+	Visibility cstypes.Visibility
 }
 
 func (h *ActionHandler) CreateProjectGroup(ctx context.Context, req *CreateProjectGroupRequest) (*csapitypes.ProjectGroup, error) {
+	if !common.IsUserLogged(ctx) {
+		return nil, util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authenticated"))
+	}
+	curUserID := common.CurrentUserID(ctx)
+
+	user, _, err := h.configstoreClient.GetUser(ctx, curUserID)
+	if err != nil {
+		return nil, APIErrorFromRemoteError(err, util.WithAPIErrorMsg("failed to get user %q", curUserID))
+	}
+
 	if !util.ValidateName(req.Name) {
 		return nil, util.NewAPIError(util.ErrBadRequest, util.WithAPIErrorMsg("invalid project group name %q", req.Name), serrors.InvalidProjectName())
 	}
@@ -91,11 +101,6 @@ func (h *ActionHandler) CreateProjectGroup(ctx context.Context, req *CreateProje
 		return nil, util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authorized"))
 	}
 
-	user, _, err := h.configstoreClient.GetUser(ctx, req.CurrentUserID)
-	if err != nil {
-		return nil, APIErrorFromRemoteError(err, util.WithAPIErrorMsg("failed to get user %q", req.CurrentUserID))
-	}
-
 	parentRef := req.ParentRef
 	if parentRef == "" {
 		// create projectGroup in current user namespace

internal/services/gateway/action/user.go

@@ -55,12 +55,14 @@ type PrivateUserResponse struct {
 	LinkedAccounts []*cstypes.LinkedAccount
 }
 
-func (h *ActionHandler) GetCurrentUser(ctx context.Context, userRef string) (*PrivateUserResponse, error) {
-	if !common.IsUserLoggedOrAdmin(ctx) {
-		return nil, errors.Errorf("user not logged in")
+func (h *ActionHandler) GetCurrentUser(ctx context.Context) (*PrivateUserResponse, error) {
+	if !common.IsUserLogged(ctx) {
+		return nil, util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authenticated"))
 	}
 
-	user, _, err := h.configstoreClient.GetUser(ctx, userRef)
+	userID := common.CurrentUserID(ctx)
+
+	user, _, err := h.configstoreClient.GetUser(ctx, userID)
 	if err != nil {
 		return nil, APIErrorFromRemoteError(err)
 	}
@@ -91,8 +93,6 @@ func (h *ActionHandler) GetUser(ctx context.Context, userRef string) (*cstypes.U
 }
 
 type GetUserOrgsRequest struct {
-	UserRef string
-
 	Cursor string
 
 	Limit         int
@@ -104,11 +104,16 @@ type GetUserOrgsResponse struct {
 	Cursor string
 }
 
-func (h *ActionHandler) GetUserOrgs(ctx context.Context, req *GetUserOrgsRequest) (*GetUserOrgsResponse, error) {
+func (h *ActionHandler) GetCurrentUserOrgs(ctx context.Context, req *GetUserOrgsRequest) (*GetUserOrgsResponse, error) {
 	if !common.IsUserLogged(ctx) {
-		return nil, errors.Errorf("user not logged in")
+		return nil, util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authenticated"))
 	}
+	curUserID := common.CurrentUserID(ctx)
+
+	return h.getUserOrgs(ctx, curUserID, req)
+}
 
+func (h *ActionHandler) getUserOrgs(ctx context.Context, userRef string, req *GetUserOrgsRequest) (*GetUserOrgsResponse, error) {
 	inCursor := &StartCursor{}
 	sortDirection := req.SortDirection
 	if req.Cursor != "" {
@@ -121,7 +126,7 @@ func (h *ActionHandler) GetUserOrgs(ctx context.Context, req *GetUserOrgsRequest
 		sortDirection = SortDirectionAsc
 	}
 
-	orgs, resp, err := h.configstoreClient.GetUserOrgs(ctx, req.UserRef, &client.GetUserOrgsOptions{ListOptions: &client.ListOptions{Limit: req.Limit, SortDirection: cstypes.SortDirection(sortDirection)}, StartOrgName: inCursor.Start})
+	orgs, resp, err := h.configstoreClient.GetUserOrgs(ctx, userRef, &client.GetUserOrgsOptions{ListOptions: &client.ListOptions{Limit: req.Limit, SortDirection: cstypes.SortDirection(sortDirection)}, StartOrgName: inCursor.Start})
 	if err != nil {
 		return nil, APIErrorFromRemoteError(err)
 	}
@@ -1178,7 +1183,16 @@ func (h *ActionHandler) UserCreateRun(ctx context.Context, req *UserCreateRunReq
 	return h.CreateRuns(ctx, creq)
 }
 
-func (h *ActionHandler) GetUserGitSource(ctx context.Context, remoteSourceRef, userRef string) (gitsource.GitSource, *cstypes.RemoteSource, *cstypes.LinkedAccount, error) {
+func (h *ActionHandler) GetCurrentUserGitSource(ctx context.Context, remoteSourceRef string) (gitsource.GitSource, *cstypes.RemoteSource, *cstypes.LinkedAccount, error) {
+	if !common.IsUserLogged(ctx) {
+		return nil, nil, nil, util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authenticated"))
+	}
+	curUserID := common.CurrentUserID(ctx)
+
+	return h.getUserGitSource(ctx, remoteSourceRef, curUserID)
+}
+
+func (h *ActionHandler) getUserGitSource(ctx context.Context, remoteSourceRef, userRef string) (gitsource.GitSource, *cstypes.RemoteSource, *cstypes.LinkedAccount, error) {
 	rs, _, err := h.configstoreClient.GetRemoteSource(ctx, remoteSourceRef)
 	if err != nil {
 		return nil, nil, nil, errors.Wrapf(err, "failed to get remote source %q", remoteSourceRef)
@@ -1208,7 +1222,16 @@ func (h *ActionHandler) GetUserGitSource(ctx context.Context, remoteSourceRef, u
 	return gitSource, rs, la, nil
 }
 
-func (h *ActionHandler) GetUserOrgInvitations(ctx context.Context, userRef string, limit int) ([]*OrgInvitationResponse, error) {
+func (h *ActionHandler) GetCurrentUserOrgInvitations(ctx context.Context, limit int) ([]*OrgInvitationResponse, error) {
+	if !common.IsUserLogged(ctx) {
+		return nil, util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authenticated"))
+	}
+	curUserID := common.CurrentUserID(ctx)
+
+	return h.getUserOrgInvitations(ctx, curUserID, limit)
+}
+
+func (h *ActionHandler) getUserOrgInvitations(ctx context.Context, userRef string, limit int) ([]*OrgInvitationResponse, error) {
 	cOrgInvitations, _, err := h.configstoreClient.GetUserOrgInvitations(ctx, userRef, limit)
 	if err != nil {
 		return nil, APIErrorFromRemoteError(err)

internal/services/gateway/api/org.go

@@ -25,7 +25,6 @@ import (
 
 	serrors "agola.io/agola/internal/services/errors"
 	"agola.io/agola/internal/services/gateway/action"
-	"agola.io/agola/internal/services/gateway/common"
 	"agola.io/agola/internal/util"
 	cstypes "agola.io/agola/services/configstore/types"
 	gwapitypes "agola.io/agola/services/gateway/api/types"
@@ -55,18 +54,15 @@ func (h *CreateOrgHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 func (h *CreateOrgHandler) do(r *http.Request) (*gwapitypes.OrgResponse, error) {
 	ctx := r.Context()
 
-	userID := common.CurrentUserID(ctx)
-
 	var req gwapitypes.CreateOrgRequest
 	d := json.NewDecoder(r.Body)
 	if err := d.Decode(&req); err != nil {
 		return nil, util.NewAPIErrorWrap(util.ErrBadRequest, err)
 	}
 
 	creq := &action.CreateOrgRequest{
-		Name:          req.Name,
-		Visibility:    cstypes.Visibility(req.Visibility),
-		CreatorUserID: userID,
+		Name:       req.Name,
+		Visibility: cstypes.Visibility(req.Visibility),
 	}
 
 	org, err := h.ah.CreateOrg(ctx, creq)

internal/services/gateway/api/projectgroup.go

@@ -24,7 +24,6 @@ import (
 	"github.com/sorintlab/errors"
 
 	"agola.io/agola/internal/services/gateway/action"
-	"agola.io/agola/internal/services/gateway/common"
 	"agola.io/agola/internal/util"
 	csapitypes "agola.io/agola/services/configstore/api/types"
 	cstypes "agola.io/agola/services/configstore/types"
@@ -61,16 +60,10 @@ func (h *CreateProjectGroupHandler) do(r *http.Request) (*gwapitypes.ProjectGrou
 		return nil, util.NewAPIErrorWrap(util.ErrBadRequest, err)
 	}
 
-	userID := common.CurrentUserID(ctx)
-	if userID == "" {
-		return nil, util.NewAPIError(util.ErrBadRequest, util.WithAPIErrorMsg("user not authenticated"))
-	}
-
 	creq := &action.CreateProjectGroupRequest{
-		Name:          req.Name,
-		ParentRef:     req.ParentRef,
-		Visibility:    cstypes.Visibility(req.Visibility),
-		CurrentUserID: userID,
+		Name:       req.Name,
+		ParentRef:  req.ParentRef,
+		Visibility: cstypes.Visibility(req.Visibility),
 	}
 
 	projectGroup, err := h.ah.CreateProjectGroup(ctx, creq)

internal/services/gateway/api/remoterepo.go

@@ -23,7 +23,6 @@ import (
 
 	gitsource "agola.io/agola/internal/gitsources"
 	"agola.io/agola/internal/services/gateway/action"
-	"agola.io/agola/internal/services/gateway/common"
 	"agola.io/agola/internal/util"
 	csclient "agola.io/agola/services/configstore/client"
 	gwapitypes "agola.io/agola/services/gateway/api/types"
@@ -65,12 +64,7 @@ func (h *UserRemoteReposHandler) do(r *http.Request) ([]*gwapitypes.RemoteRepoRe
 	vars := mux.Vars(r)
 	remoteSourceRef := vars["remotesourceref"]
 
-	userID := common.CurrentUserID(ctx)
-	if userID == "" {
-		return nil, util.NewAPIError(util.ErrBadRequest, util.WithAPIErrorMsg("user not authenticated"))
-	}
-
-	gitsource, _, _, err := h.ah.GetUserGitSource(ctx, remoteSourceRef, userID)
+	gitsource, _, _, err := h.ah.GetCurrentUserGitSource(ctx, remoteSourceRef)
 	if err != nil {
 		return nil, errors.WithStack(err)
 	}