-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathops.go
More file actions
45 lines (41 loc) · 1.61 KB
/
Copy pathops.go
File metadata and controls
45 lines (41 loc) · 1.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
package app
import (
"context"
"github.com/nixrajput/siphon/internal/audit"
"github.com/nixrajput/siphon/internal/jobs"
)
// guardedOp is the single interception point wrapping every destructive verb.
// It (1) runs the authorization Gate (2FA / confirmation) before the operation
// and (2) opens an audit record. It returns a done(err) the caller defers to
// finalize the audit outcome. If the Gate blocks, it returns a non-nil error and
// a no-op done — the caller must not run the operation.
//
// Layering all destructive concerns here means each verb gains one guard call
// at entry and one deferred done(err); audit, 2FA gating, and (later) telemetry
// hook in here rather than each re-wrapping every verb.
func guardedOp(ctx context.Context, d Deps, op audit.Op, profile, target string) (done func(error), err error) {
if d.Gate != nil {
if gErr := d.Gate.Authorize(ctx, op, profile); gErr != nil {
return func(error) {}, gErr
}
}
rec := audit.Record(ctx, d.Auditor, audit.Event{
Op: op,
Profile: profile,
Target: target,
Actor: d.Actor,
})
return rec, nil
}
// launchGuarded runs a job whose Func already defers done(retErr) on completion,
// and finalizes the audit record if the launch ITSELF fails synchronously
// (Runner.Run cannot today, but the signature allows it, and an open record must
// not leak). On a launch error it calls done and returns the error.
func launchGuarded(r *jobs.Runner, parent context.Context, done func(error), j jobs.Job) (<-chan jobs.Event, string, error) {
ch, id, err := r.Run(parent, j)
if err != nil {
done(err)
return nil, "", err
}
return ch, id, nil
}