fleet/server/service/transport_error.go

package service

import (
	"context"
	"encoding/json"
	"net/http"
	"strconv"

	"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
	"github.com/fleetdm/fleet/v4/server/fleet"
	kithttp "github.com/go-kit/kit/transport/http"
	"github.com/go-sql-driver/mysql"
	"github.com/pkg/errors"
)

// erroer interface is implemented by response structs to encode business logic errors
type errorer interface {
	error() error
}

type jsonError struct {
	Message string              `json:"message"`
	Code    int                 `json:"code,omitempty"`
	Errors  []map[string]string `json:"errors,omitempty"`
}

// use baseError to encode an jsonError.Errors field with an error that has
// a generic "name" field. The frontend client always expects errors in a
// []map[string]string format.
func baseError(err string) []map[string]string {
	return []map[string]string{
		{
			"name":   "base",
			"reason": err,
		},
	}
}

type validationErrorInterface interface {
	error
	Invalid() []map[string]string
}

type permissionErrorInterface interface {
	error
	PermissionError() []map[string]string
}

type badRequestErrorInterface interface {
	error
	BadRequestError() []map[string]string
}

type notFoundErrorInterface interface {
	error
	IsNotFound() bool
}

type existsErrorInterface interface {
	error
	IsExists() bool
}

// encode error and status header to the client
func encodeError(ctx context.Context, err error, w http.ResponseWriter) {
	ctxerr.Handle(ctx, err)

	enc := json.NewEncoder(w)
	enc.SetIndent("", "  ")

	err = ctxerr.Cause(err)

	switch e := err.(type) {
	case validationErrorInterface:
		ve := jsonError{
			Message: "Validation Failed",
			Errors:  e.Invalid(),
		}
		w.WriteHeader(http.StatusUnprocessableEntity)
		enc.Encode(ve)
	case permissionErrorInterface:
		pe := jsonError{
			Message: "Permission Denied",
			Errors:  e.PermissionError(),
		}
		w.WriteHeader(http.StatusForbidden)
		enc.Encode(pe)
		return
	case mailError:
		me := jsonError{
			Message: "Mail Error",
			Errors:  e.MailError(),
		}
		w.WriteHeader(http.StatusInternalServerError)
		enc.Encode(me)
	case osqueryError:
		// osquery expects to receive the node_invalid key when a TLS
		// request provides an invalid node_key for authentication. It
		// doesn't use the error message provided, but we provide this
		// for debugging purposes (and perhaps osquery will use this
		// error message in the future).

		errMap := map[string]interface{}{"error": e.Error()}
		if e.NodeInvalid() {
			w.WriteHeader(http.StatusUnauthorized)
			errMap["node_invalid"] = true
		} else {
			w.WriteHeader(http.StatusInternalServerError)
		}

		enc.Encode(errMap)
	case notFoundErrorInterface:
		je := jsonError{
			Message: "Resource Not Found",
			Errors:  baseError(e.Error()),
		}
		w.WriteHeader(http.StatusNotFound)
		enc.Encode(je)
	case existsErrorInterface:
		je := jsonError{
			Message: "Resource Already Exists",
			Errors:  baseError(e.Error()),
		}
		w.WriteHeader(http.StatusConflict)
		enc.Encode(je)
	case badRequestErrorInterface:
		je := jsonError{
			Message: "Bad request",
			Errors:  baseError(e.Error()),
		}
		w.WriteHeader(http.StatusBadRequest)
		enc.Encode(je)
	case *mysql.MySQLError:
		je := jsonError{
			Message: "Validation Failed",
			Errors:  baseError(e.Error()),
		}
		statusCode := http.StatusUnprocessableEntity
		if e.Number == 1062 {
			statusCode = http.StatusConflict
		}
		w.WriteHeader(statusCode)
		enc.Encode(je)
	case *fleet.Error:
		je := jsonError{
			Message: e.Error(),
			Code:    e.Code,
		}
		w.WriteHeader(http.StatusUnprocessableEntity)
		enc.Encode(je)
	default:
		if fleet.IsForeignKey(ctxerr.Cause(err)) {
			ve := jsonError{
				Message: "Validation Failed",
				Errors:  baseError(err.Error()),
			}
			w.WriteHeader(http.StatusUnprocessableEntity)
			enc.Encode(ve)
			return
		}

		// Get specific status code if it is available from this error type,
		// defaulting to HTTP 500
		status := http.StatusInternalServerError
		var sce kithttp.StatusCoder
		if errors.As(err, &sce) {
			status = sce.StatusCode()
		}

		// See header documentation
		// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Retry-After)
		var ewra fleet.ErrWithRetryAfter
		if errors.As(err, &ewra) {
			w.Header().Add("Retry-After", strconv.Itoa(ewra.RetryAfter()))
		}

		w.WriteHeader(status)
		je := jsonError{
			Message: err.Error(),
			Errors:  baseError(err.Error()),
		}
		enc.Encode(je)
	}
}
Organizing go code (#241) 2016-09-26 18:48:55 +00:00			`package service`
update how permission errors are updated to the client (#187) Closes #152 allow batching of permission errors refactor some of the error handling in encodeError clean up some of the error messages 2016-09-23 02:41:58 +00:00
			`import (`
Update go-kit to 0.4.0 (#1411) Notable refactoring: - Use stdlib "context" in place of "golang.org/x/net/context" - Go-kit no longer wraps errors, so we remove the unwrap in transport_error.go - Use MakeHandler when setting up endpoint tests (fixes test bug caught during this refactoring) Closes #1411. 2017-03-15 15:55:30 +00:00			`"context"`
update how permission errors are updated to the client (#187) Closes #152 allow batching of permission errors refactor some of the error handling in encodeError clean up some of the error messages 2016-09-23 02:41:58 +00:00			`"encoding/json"`
Configure golangci-lint for the whole repository Add a relatively minimal set of linters that raise safe and mostly un-opinionated issues with the code. It runs automatically on CI via a github action. 2021-08-24 17:35:03 +00:00			`"net/http"`
			`"strconv"`

Create errors with ctxerr, add the call to store them in redis (#2786) 2021-11-15 14:11:38 +00:00			`"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"`
Add v4 suffix in go.mod (#1224) 2021-06-26 04:46:51 +00:00			`"github.com/fleetdm/fleet/v4/server/fleet"`
Clean up service and return license errors (#1097) - Expose license errors instead of permission errors by adding explicit skip authorization. - Remove pre-Teams authorization checks from service. Fixes #964 2021-06-16 17:55:41 +00:00			`kithttp "github.com/go-kit/kit/transport/http"`
Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file 2021-07-08 15:50:43 +00:00			`"github.com/go-sql-driver/mysql"`
Fix pack and query UI issues in Fleet 2.0 (#1829) Replaces (and appropriately refactors) a number of endpoints that were removed long ago when we decided to kill the UI with the fleetctl release. We turned out not to do this, and now need to restore these missing endpoints. This is not a straight up replacement of the existing code because of refactoring to the DB schemas that was also done in the migration. Most of the replaced code was removed in #1670 and #1686. Fixes #1811, fixes #1810 2018-06-15 14:13:11 +00:00			`"github.com/pkg/errors"`
update how permission errors are updated to the client (#187) Closes #152 allow batching of permission errors refactor some of the error handling in encodeError clean up some of the error messages 2016-09-23 02:41:58 +00:00			`)`

			`// erroer interface is implemented by response structs to encode business logic errors`
			`type errorer interface {`
			`error() error`
			`}`

			`type jsonError struct {`
			Message string `json:"message"`
Make roles for users mandatory (#1338) * Make roles for users mandatory * Remove nop migration * Add missing test for wrong role * Properly validate global and team roles * Address codacy issues * Address codacy review * No need to check for nil 2021-07-13 19:33:04 +00:00			Code int `json:"code,omitempty"`
update how permission errors are updated to the client (#187) Closes #152 allow batching of permission errors refactor some of the error handling in encodeError clean up some of the error messages 2016-09-23 02:41:58 +00:00			Errors []map[string]string `json:"errors,omitempty"`
always return errors to the client as a map slice (#724) keep the format for error returns consistent by always returning a []map[string]string for json errors. This simplifies the error handling on the frontend. Use "name":"base" as the name field for errors which do not have a specific or known form field. 2016-12-30 00:40:12 +00:00			`}`

			`// use baseError to encode an jsonError.Errors field with an error that has`
			`// a generic "name" field. The frontend client always expects errors in a`
			`// []map[string]string format.`
			`func baseError(err string) []map[string]string {`
Clean up service and return license errors (#1097) - Expose license errors instead of permission errors by adding explicit skip authorization. - Remove pre-Teams authorization checks from service. Fixes #964 2021-06-16 17:55:41 +00:00			`return []map[string]string{`
			`{`
			`"name": "base",`
			`"reason": err,`
			`},`
always return errors to the client as a map slice (#724) keep the format for error returns consistent by always returning a []map[string]string for json errors. This simplifies the error handling on the frontend. Use "name":"base" as the name field for errors which do not have a specific or known form field. 2016-12-30 00:40:12 +00:00			`}`
update how permission errors are updated to the client (#187) Closes #152 allow batching of permission errors refactor some of the error handling in encodeError clean up some of the error messages 2016-09-23 02:41:58 +00:00			`}`

Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file 2021-07-08 15:50:43 +00:00			`type validationErrorInterface interface {`
			`error`
			`Invalid() []map[string]string`
			`}`

			`type permissionErrorInterface interface {`
			`error`
			`PermissionError() []map[string]string`
			`}`

Issue 1840 bulk delete hosts (#2268) * wp * Add test by ids * Add changes file * Update docs and remove unneeded return values * Address review comments * Improve integration tests * Use TearDownTest 2021-09-29 16:13:23 +00:00			`type badRequestErrorInterface interface {`
			`error`
			`BadRequestError() []map[string]string`
			`}`

Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file 2021-07-08 15:50:43 +00:00			`type notFoundErrorInterface interface {`
			`error`
			`IsNotFound() bool`
			`}`

			`type existsErrorInterface interface {`
			`error`
			`IsExists() bool`
			`}`

update how permission errors are updated to the client (#187) Closes #152 allow batching of permission errors refactor some of the error handling in encodeError clean up some of the error messages 2016-09-23 02:41:58 +00:00			`// encode error and status header to the client`
			`func encodeError(ctx context.Context, err error, w http.ResponseWriter) {`
Create errors with ctxerr, add the call to store them in redis (#2786) 2021-11-15 14:11:38 +00:00			`ctxerr.Handle(ctx, err)`

update how permission errors are updated to the client (#187) Closes #152 allow batching of permission errors refactor some of the error handling in encodeError clean up some of the error messages 2016-09-23 02:41:58 +00:00			`enc := json.NewEncoder(w)`
			`enc.SetIndent("", " ")`

Create errors with ctxerr, add the call to store them in redis (#2786) 2021-11-15 14:11:38 +00:00			`err = ctxerr.Cause(err)`
Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file 2021-07-08 15:50:43 +00:00
			`switch e := err.(type) {`
			`case validationErrorInterface:`
update how permission errors are updated to the client (#187) Closes #152 allow batching of permission errors refactor some of the error handling in encodeError clean up some of the error messages 2016-09-23 02:41:58 +00:00			`ve := jsonError{`
			`Message: "Validation Failed",`
			`Errors: e.Invalid(),`
			`}`
			`w.WriteHeader(http.StatusUnprocessableEntity)`
			`enc.Encode(ve)`
Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file 2021-07-08 15:50:43 +00:00			`case permissionErrorInterface:`
update how permission errors are updated to the client (#187) Closes #152 allow batching of permission errors refactor some of the error handling in encodeError clean up some of the error messages 2016-09-23 02:41:58 +00:00			`pe := jsonError{`
			`Message: "Permission Denied",`
			`Errors: e.PermissionError(),`
			`}`
			`w.WriteHeader(http.StatusForbidden)`
			`enc.Encode(pe)`
			`return`
Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file 2021-07-08 15:50:43 +00:00			`case mailError:`
Make SMTP configuration work (#877) * add a js validator that makes smtp server port required * specifying that the InputField should be a number. this doesn't work, but i think that it should. * casting the port as an int as a stop-gap fix * email doesn't already have to be enabled to be enabled * don't return the smtp password from the API * show a fake placeholder password if the username is also set * error type for @groob 2017-01-11 02:00:46 +00:00			`me := jsonError{`
			`Message: "Mail Error",`
			`Errors: e.MailError(),`
			`}`
			`w.WriteHeader(http.StatusInternalServerError)`
			`enc.Encode(me)`
Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file 2021-07-08 15:50:43 +00:00			`case osqueryError:`
Build endpoints for osquery service methods (#245) - Establish a pattern for host authentication - Establish a pattern for error JSON - Add transport and make endpoint functions - Fix discovered bugs + update tests 2016-09-29 04:21:39 +00:00			`// osquery expects to receive the node_invalid key when a TLS`
			`// request provides an invalid node_key for authentication. It`
			`// doesn't use the error message provided, but we provide this`
			`// for debugging purposes (and perhaps osquery will use this`
			`// error message in the future).`

			`errMap := map[string]interface{}{"error": e.Error()}`
			`if e.NodeInvalid() {`
			`w.WriteHeader(http.StatusUnauthorized)`
			`errMap["node_invalid"] = true`
			`} else {`
			`w.WriteHeader(http.StatusInternalServerError)`
			`}`

			`enc.Encode(errMap)`
Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file 2021-07-08 15:50:43 +00:00			`case notFoundErrorInterface:`
change the implementation of ErrNotFound and AlreadyExists to a struct type (#665) with an exposed interface. Not checking for a specific sentinel error reduces coupling between packages and allows adding context like the resource ID and resource type. 2016-12-20 18:35:22 +00:00			`je := jsonError{`
			`Message: "Resource Not Found",`
always return errors to the client as a map slice (#724) keep the format for error returns consistent by always returning a []map[string]string for json errors. This simplifies the error handling on the frontend. Use "name":"base" as the name field for errors which do not have a specific or known form field. 2016-12-30 00:40:12 +00:00			`Errors: baseError(e.Error()),`
change the implementation of ErrNotFound and AlreadyExists to a struct type (#665) with an exposed interface. Not checking for a specific sentinel error reduces coupling between packages and allows adding context like the resource ID and resource type. 2016-12-20 18:35:22 +00:00			`}`
			`w.WriteHeader(http.StatusNotFound)`
			`enc.Encode(je)`
Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file 2021-07-08 15:50:43 +00:00			`case existsErrorInterface:`
change the implementation of ErrNotFound and AlreadyExists to a struct type (#665) with an exposed interface. Not checking for a specific sentinel error reduces coupling between packages and allows adding context like the resource ID and resource type. 2016-12-20 18:35:22 +00:00			`je := jsonError{`
			`Message: "Resource Already Exists",`
always return errors to the client as a map slice (#724) keep the format for error returns consistent by always returning a []map[string]string for json errors. This simplifies the error handling on the frontend. Use "name":"base" as the name field for errors which do not have a specific or known form field. 2016-12-30 00:40:12 +00:00			`Errors: baseError(e.Error()),`
change the implementation of ErrNotFound and AlreadyExists to a struct type (#665) with an exposed interface. Not checking for a specific sentinel error reduces coupling between packages and allows adding context like the resource ID and resource type. 2016-12-20 18:35:22 +00:00			`}`
			`w.WriteHeader(http.StatusConflict)`
			`enc.Encode(je)`
Issue 1840 bulk delete hosts (#2268) * wp * Add test by ids * Add changes file * Update docs and remove unneeded return values * Address review comments * Improve integration tests * Use TearDownTest 2021-09-29 16:13:23 +00:00			`case badRequestErrorInterface:`
			`je := jsonError{`
			`Message: "Bad request",`
			`Errors: baseError(e.Error()),`
			`}`
			`w.WriteHeader(http.StatusBadRequest)`
			`enc.Encode(je)`
Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file 2021-07-08 15:50:43 +00:00			`case *mysql.MySQLError:`
			`je := jsonError{`
			`Message: "Validation Failed",`
			`Errors: baseError(e.Error()),`
			`}`
			`statusCode := http.StatusUnprocessableEntity`
			`if e.Number == 1062 {`
			`statusCode = http.StatusConflict`
			`}`
			`w.WriteHeader(statusCode)`
			`enc.Encode(je)`
Make roles for users mandatory (#1338) * Make roles for users mandatory * Remove nop migration * Add missing test for wrong role * Properly validate global and team roles * Address codacy issues * Address codacy review * No need to check for nil 2021-07-13 19:33:04 +00:00			`case *fleet.Error:`
			`je := jsonError{`
			`Message: e.Error(),`
			`Code: e.Code,`
			`}`
			`w.WriteHeader(http.StatusUnprocessableEntity)`
			`enc.Encode(je)`
Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file 2021-07-08 15:50:43 +00:00			`default:`
Create errors with ctxerr, add the call to store them in redis (#2786) 2021-11-15 14:11:38 +00:00			`if fleet.IsForeignKey(ctxerr.Cause(err)) {`
Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file 2021-07-08 15:50:43 +00:00			`ve := jsonError{`
			`Message: "Validation Failed",`
			`Errors: baseError(err.Error()),`
			`}`
			`w.WriteHeader(http.StatusUnprocessableEntity)`
			`enc.Encode(ve)`
			`return`
			`}`
change the implementation of ErrNotFound and AlreadyExists to a struct type (#665) with an exposed interface. Not checking for a specific sentinel error reduces coupling between packages and allows adding context like the resource ID and resource type. 2016-12-20 18:35:22 +00:00
Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file 2021-07-08 15:50:43 +00:00			`// Get specific status code if it is available from this error type,`
			`// defaulting to HTTP 500`
			`status := http.StatusInternalServerError`
Create errors with ctxerr, add the call to store them in redis (#2786) 2021-11-15 14:11:38 +00:00			`var sce kithttp.StatusCoder`
			`if errors.As(err, &sce) {`
			`status = sce.StatusCode()`
Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file 2021-07-08 15:50:43 +00:00			`}`
Prevent user enumeration (#533) - Return same error in all cases for login endpoint. - Log error details in server logs. - Make most login errors take ~1s to prevent timing attacks. - Don't return forgot password errors. - Log password errors in server logs. - Make most forgot password requests take ~1s to prevent timing attacks. Fixes #531 2021-03-25 02:36:30 +00:00
Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file 2021-07-08 15:50:43 +00:00			`// See header documentation`
			`// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Retry-After)`
Create errors with ctxerr, add the call to store them in redis (#2786) 2021-11-15 14:11:38 +00:00			`var ewra fleet.ErrWithRetryAfter`
			`if errors.As(err, &ewra) {`
			`w.Header().Add("Retry-After", strconv.Itoa(ewra.RetryAfter()))`
Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file 2021-07-08 15:50:43 +00:00			`}`
Add rate-limiting to login and password reset (#543) Prevent abuse of these endpoints with rate limiting backed by Redis. The limits assigned should be appropriate for almost any Fleet deployment. Closes #530 2021-03-26 18:23:29 +00:00
Issue 1286 improve errors (#1322) * Refactor error handling for better extensibility and add more scaffolding for specific db errors * Add integration tests to check errors from mysql are translated properly * Address review comments * Add changes file 2021-07-08 15:50:43 +00:00			`w.WriteHeader(status)`
			`je := jsonError{`
			`Message: err.Error(),`
			`Errors: baseError(err.Error()),`
			`}`
			`enc.Encode(je)`
always return errors to the client as a map slice (#724) keep the format for error returns consistent by always returning a []map[string]string for json errors. This simplifies the error handling on the frontend. Use "name":"base" as the name field for errors which do not have a specific or known form field. 2016-12-30 00:40:12 +00:00			`}`
update how permission errors are updated to the client (#187) Closes #152 allow batching of permission errors refactor some of the error handling in encodeError clean up some of the error messages 2016-09-23 02:41:58 +00:00			`}`