package service import ( "context" "encoding/json" "net/http" "github.com/kolide/fleet/server/kolide" "github.com/pkg/errors" ) // erroer interface is implemented by response structs to encode business logic errors type errorer interface { error() error } type jsonError struct { Message string `json:"message"` Errors []map[string]string `json:"errors,omitempty"` } // use baseError to encode an jsonError.Errors field with an error that has // a generic "name" field. The frontend client always expects errors in a // []map[string]string format. func baseError(err string) []map[string]string { return []map[string]string{map[string]string{ "name": "base", "reason": err}, } } // same as baseError, but replaces "base" with different name. func namedError(name string, err string) []map[string]string { return []map[string]string{map[string]string{ "name": name, "reason": err}, } } // encode error and status header to the client func encodeError(ctx context.Context, err error, w http.ResponseWriter) { enc := json.NewEncoder(w) enc.SetIndent("", " ") type validationError interface { error Invalid() []map[string]string } if e, ok := err.(validationError); ok { ve := jsonError{ Message: "Validation Failed", Errors: e.Invalid(), } w.WriteHeader(http.StatusUnprocessableEntity) enc.Encode(ve) return } type authenticationError interface { error AuthError() string } if e, ok := err.(authenticationError); ok { ae := jsonError{ Message: "Authentication Failed", Errors: baseError(e.AuthError()), } w.WriteHeader(http.StatusUnauthorized) enc.Encode(ae) return } type permissionError interface { PermissionError() []map[string]string } if e, ok := err.(permissionError); ok { pe := jsonError{ Message: "Permission Denied", Errors: e.PermissionError(), } w.WriteHeader(http.StatusForbidden) enc.Encode(pe) return } if kolide.IsForeignKey(errors.Cause(err)) { ve := jsonError{ Message: "Validation Failed", Errors: baseError(err.Error()), } w.WriteHeader(http.StatusForbidden) enc.Encode(ve) return } type mailError interface { MailError() []map[string]string } if e, ok := err.(mailError); ok { me := jsonError{ Message: "Mail Error", Errors: e.MailError(), } w.WriteHeader(http.StatusInternalServerError) enc.Encode(me) return } type osqueryError interface { error NodeInvalid() bool } if e, ok := err.(osqueryError); ok { // osquery expects to receive the node_invalid key when a TLS // request provides an invalid node_key for authentication. It // doesn't use the error message provided, but we provide this // for debugging purposes (and perhaps osquery will use this // error message in the future). errMap := map[string]interface{}{"error": e.Error()} if e.NodeInvalid() { w.WriteHeader(http.StatusUnauthorized) errMap["node_invalid"] = true } else { w.WriteHeader(http.StatusInternalServerError) } enc.Encode(errMap) return } type notFoundError interface { error IsNotFound() bool } if e, ok := err.(notFoundError); ok { je := jsonError{ Message: "Resource Not Found", Errors: baseError(e.Error()), } w.WriteHeader(http.StatusNotFound) enc.Encode(je) return } type existsError interface { error IsExists() bool } if e, ok := err.(existsError); ok { je := jsonError{ Message: "Resource Already Exists", Errors: baseError(e.Error()), } w.WriteHeader(http.StatusConflict) enc.Encode(je) return } w.WriteHeader(http.StatusInternalServerError) je := jsonError{ Message: "Unknown Error", Errors: baseError(err.Error()), } enc.Encode(je) }