(isAuthorized isAuthorizedFunc, checkCSRFToken csrfTokenOption, f apiRequestFunc)
| 358 | } |
| 359 | |
| 360 | func (s *Server) handleRequestPossiblyNotConnected(isAuthorized isAuthorizedFunc, checkCSRFToken csrfTokenOption, f apiRequestFunc) http.HandlerFunc { |
| 361 | return s.requireAuth(checkCSRFToken, func(ctx context.Context, rc requestContext) { |
| 362 | // we must pre-read request body before acquiring the lock as it sometimes leads to deadlock |
| 363 | // in HTTP/2 server. |
| 364 | // See https://github.com/golang/go/issues/40816 |
| 365 | body, berr := io.ReadAll(rc.req.Body) |
| 366 | if berr != nil { |
| 367 | http.Error(rc.w, "error reading request body", http.StatusInternalServerError) |
| 368 | return |
| 369 | } |
| 370 | |
| 371 | rc.body = body |
| 372 | |
| 373 | if s.options.LogRequests { |
| 374 | userLog(ctx).Debugf("request %v (%v bytes)", rc.req.URL, len(body)) |
| 375 | } |
| 376 | |
| 377 | rc.w.Header().Set("Content-Type", "application/json") |
| 378 | |
| 379 | e := json.NewEncoder(rc.w) |
| 380 | e.SetIndent("", " ") |
| 381 | |
| 382 | var ( |
| 383 | v any |
| 384 | err *apiError |
| 385 | ) |
| 386 | |
| 387 | // process the request while ignoring the cancellation signal |
| 388 | // to ensure all goroutines started by it won't be canceled |
| 389 | // when the request finishes. |
| 390 | ctx = context.WithoutCancel(ctx) |
| 391 | |
| 392 | if isAuthorized(ctx, rc) { |
| 393 | v, err = f(ctx, rc) |
| 394 | } else { |
| 395 | err = accessDeniedError() |
| 396 | } |
| 397 | |
| 398 | if err == nil { |
| 399 | if b, ok := v.([]byte); ok { |
| 400 | if _, err := rc.w.Write(b); err != nil { |
| 401 | userLog(ctx).Errorf("error writing response: %v", err) |
| 402 | } |
| 403 | } else if err := e.Encode(v); err != nil { |
| 404 | userLog(ctx).Errorf("error encoding response: %v", err) |
| 405 | } |
| 406 | |
| 407 | return |
| 408 | } |
| 409 | |
| 410 | rc.w.Header().Set("Content-Type", "text/plain; charset=utf-8") |
| 411 | rc.w.Header().Set("X-Content-Type-Options", "nosniff") |
| 412 | rc.w.WriteHeader(err.httpErrorCode) |
| 413 | |
| 414 | if s.options.LogRequests && err.apiErrorCode == serverapi.ErrorNotConnected { |
| 415 | userLog(ctx).Debugf("%v: error code %v message %v", rc.req.URL, err.apiErrorCode, err.message) |
| 416 | } |
| 417 |
no test coverage detected