Improve error handling

main
Elnu 2 years ago
parent 1253539efa
commit f68f2155c3

@ -5,7 +5,7 @@ pub use comment::*;
mod database;
pub use database::Database;
use actix_web::{get, post, web, App, HttpRequest, HttpResponse, HttpServer, Responder};
use actix_web::{get, post, web, App, HttpRequest, HttpResponse, HttpServer};
use clap::Parser;
use sanitize_html::{errors::SanitizeError, rules::predefined::DEFAULT, sanitize_str};
use scraper::{Html, Selector};
@ -19,69 +19,68 @@ struct AppState {
arguments: Arguments,
}
// TODO: Make error handling system not bad.
// Currently, it's a horrible mix of custom error types a direct HttpResponses,
// due to not being able to pass HttpResponse out of web::block...
// Well, it works, at least.
enum DatabaseAccessError {
BadOrigin,
AccessError,
DatabaseError,
}
enum CommentCreationError {
DatabaseAccessError(DatabaseAccessError),
BadParent,
}
impl DatabaseAccessError {
fn to_http_response(&self) -> HttpResponse {
match self {
Self::BadOrigin => HttpResponse::BadRequest().reason("bad origin").finish(),
Self::AccessError => HttpResponse::InternalServerError()
.reason("database access error")
.finish(), // e.g. PoisonError
Self::DatabaseError => HttpResponse::InternalServerError()
.reason("database error")
.finish(),
}
}
enum Error {
InvalidOrigin,
InvalidBody,
InvalidUrl,
InvalidFields,
InvalidContentId,
InvalidParent,
EmailRequired,
NameRequired,
DatabaseAccessError,
DatabaseInternalError,
SanitizationError,
PageFetchError,
}
impl CommentCreationError {
impl Error {
fn to_http_response(&self) -> HttpResponse {
match self {
Self::DatabaseAccessError(error) => error.to_http_response(),
Self::BadParent => HttpResponse::BadRequest()
.reason("invalid comment parent")
.finish(),
}
Self::InvalidOrigin |
Self::InvalidBody |
Self::InvalidUrl |
Self::InvalidFields |
Self::InvalidContentId |
Self::InvalidParent |
Self::EmailRequired |
Self::NameRequired => HttpResponse::BadRequest(),
Self::DatabaseAccessError |
Self::DatabaseInternalError |
Self::SanitizationError |
Self::PageFetchError => HttpResponse::InternalServerError(),
}.reason(match self {
Self::InvalidOrigin => "invalid request origin",
Self::InvalidBody => "invalid request body",
Self::InvalidUrl => "invalid request url",
Self::InvalidFields => "invalid request field",
Self::InvalidContentId => "invalid request content id",
Self::InvalidParent => "invalid comment parent",
Self::EmailRequired => "comment email required",
Self::NameRequired => "comment name required",
Self::DatabaseAccessError => "database access error",
Self::DatabaseInternalError => "database internal error",
Self::SanitizationError => "comment sanitization error",
Self::PageFetchError => "page fetch error",
}).finish()
}
}
impl AppState {
fn get_db<'a>(
&'a self,
request: &HttpRequest,
) -> Result<MutexGuard<'a, Database>, DatabaseAccessError> {
self.get_db_with_origin(get_request_origin(request))
}
fn get_db_with_origin<'a>(
&'a self,
origin: Option<String>,
) -> Result<MutexGuard<'a, Database>, DatabaseAccessError> {
) -> Result<MutexGuard<'a, Database>, Error> {
let origin = match origin {
Some(origin) => origin,
None => return Err(DatabaseAccessError::BadOrigin),
None => return Err(Error::InvalidOrigin),
};
match self.databases.get(&origin) {
Some(database) => Ok(match database.lock() {
Ok(database) => database,
Err(_) => return Err(DatabaseAccessError::AccessError),
Err(_) => return Err(Error::DatabaseAccessError),
}),
None => return Err(DatabaseAccessError::AccessError),
None => return Err(Error::InvalidOrigin),
}
}
}
@ -124,35 +123,40 @@ struct Arguments {
email_required: bool,
}
#[get("/{content_id}")]
async fn get_comments(
async fn _get_comments(
data: web::Data<AppState>,
request: HttpRequest,
content_id: web::Path<String>,
) -> impl Responder {
) -> Result<Vec<Comment>, Error> {
let origin = get_request_origin(&request);
let comments = match web::block(move || {
match web::block(move || {
Ok(
match match data.get_db_with_origin(origin) {
match match data.get_db(origin) {
Ok(database) => database,
Err(err) => return Err(err),
}
.get_comments(&content_id)
{
Ok(comments) => comments,
Err(_) => return Err(DatabaseAccessError::DatabaseError),
Err(_) => return Err(Error::DatabaseInternalError),
},
)
})
.await
{
Ok(comments) => match comments {
Ok(comments) => comments,
Err(err) => return err.to_http_response(),
},
Err(_) => return DatabaseAccessError::AccessError.to_http_response(),
};
HttpResponse::Ok().json(comments)
}).await {
Ok(result) => result,
Err(_) => Err(Error::DatabaseAccessError),
}
}
#[get("/{content_id}")]
async fn get_comments(
data: web::Data<AppState>,
request: HttpRequest,
content_id: web::Path<String>,
) -> HttpResponse {
match _get_comments(data, request, content_id).await {
Ok(comments) => HttpResponse::Ok().json(comments),
Err(err) => err.to_http_response(),
}
}
#[derive(Deserialize)]
@ -161,12 +165,11 @@ struct PostCommentsRequest {
comment: Comment,
}
#[post("/")]
async fn post_comment(
async fn _post_comment(
data: web::Data<AppState>,
request: HttpRequest,
bytes: web::Bytes,
) -> impl Responder {
) -> Result<(), Error> {
match String::from_utf8(bytes.to_vec()) {
Ok(text) => {
let PostCommentsRequest { url, comment } =
@ -181,32 +184,26 @@ async fn post_comment(
Ok(())
};
if let Err(_) = sanitize_req() {
return HttpResponse::InternalServerError()
.reason("failed to sanitize request")
.finish();
return Err(Error::SanitizationError);
}
req
}
Err(_) => {
return HttpResponse::BadRequest()
.reason("invalid request body")
.finish()
return Err(Error::InvalidBody);
}
};
if comment.validate().is_err() {
return HttpResponse::BadRequest()
.reason("invalid comment field(s)")
.finish();
return Err(Error::InvalidFields);
}
if comment.author.is_none() && data.arguments.name_required {
return HttpResponse::BadRequest().reason("name required").finish();
return Err(Error::NameRequired);
}
if comment.email.is_none() && data.arguments.email_required {
return HttpResponse::BadRequest().reason("email required").finish();
return Err(Error::EmailRequired);
}
let origin = match get_request_origin(&request) {
Some(origin) => origin,
None => return HttpResponse::BadRequest().reason("bad origin").finish(),
None => return Err(Error::InvalidOrigin),
};
// Check to see if provided URL is in scope.
// This is to prevent malicious requests that try to get server to fetch external websites.
@ -218,31 +215,25 @@ async fn post_comment(
break 'outer;
}
}
return HttpResponse::BadRequest()
.reason("url out of scope")
.finish();
return Err(Error::InvalidUrl);
}
match get_page_data(&url).await {
Ok(page_data_option) => match page_data_option {
Some(page_data) => {
if page_data.content_id != comment.content_id {
return HttpResponse::BadRequest()
.reason("content ids don't match")
.finish();
return Err(Error::InvalidContentId)
}
}
None => return HttpResponse::BadRequest().reason("url invalid").finish(), // e.g. 404
None => return Err(Error::InvalidUrl), // e.g. 404
},
Err(_) => {
return HttpResponse::InternalServerError()
.reason("failed to get page data")
.finish()
return Err(Error::PageFetchError);
}
};
match web::block(move || {
let database = match data.get_db_with_origin(Some(origin)) {
let database = match data.get_db(Some(origin)) {
Ok(database) => database,
Err(err) => return Err(CommentCreationError::DatabaseAccessError(err)),
Err(err) => return Err(err),
};
if let Some(parent) = comment.parent {
'outer2: loop {
@ -256,35 +247,38 @@ async fn post_comment(
break;
}
}
}
},
Err(_) => {
return Err(CommentCreationError::DatabaseAccessError(
DatabaseAccessError::DatabaseError,
))
return Err(Error::DatabaseInternalError);
}
};
return Err(CommentCreationError::BadParent);
return Err(Error::InvalidParent);
}
}
if let Err(_) = database.create_comment(&comment) {
return Err(CommentCreationError::DatabaseAccessError(
DatabaseAccessError::DatabaseError,
));
return Err(Error::DatabaseInternalError);
}
Ok(())
})
.await
{
Ok(result) => match result {
Ok(_) => HttpResponse::Ok().into(),
Err(error) => error.to_http_response(),
},
Err(_) => DatabaseAccessError::AccessError.to_http_response(),
Ok(result) => result,
Err(_) => Err(Error::DatabaseAccessError),
}
}
Err(_) => HttpResponse::BadRequest()
.reason("failed to parse request body")
.finish(),
Err(_) => Err(Error::InvalidBody),
}
}
#[post("/")]
async fn post_comment(
data: web::Data<AppState>,
request: HttpRequest,
bytes: web::Bytes,
) -> HttpResponse {
match _post_comment(data, request, bytes).await {
Ok(_) => HttpResponse::Ok().finish(),
Err(err) => err.to_http_response(),
}
}

Loading…
Cancel
Save