chore: move error codes to apierrors package (#1973)

This change will allow moving code out of the api into smaller packages
without creating cyclic dependencies.

---------

Co-authored-by: Chris Stockton <[email protected]>

Author: cstockton

internal/api/admin.go

@@ -10,6 +10,7 @@ import (
 	"github.com/gofrs/uuid"
 	"github.com/pkg/errors"
 	"github.com/sethvargo/go-password/password"
+	"github.com/supabase/auth/internal/api/apierrors"
 	"github.com/supabase/auth/internal/api/provider"
 	"github.com/supabase/auth/internal/models"
 	"github.com/supabase/auth/internal/observability"
@@ -53,15 +54,15 @@ func (a *API) loadUser(w http.ResponseWriter, r *http.Request) (context.Context,
 
 	userID, err := uuid.FromString(chi.URLParam(r, "user_id"))
 	if err != nil {
-		return nil, notFoundError(ErrorCodeValidationFailed, "user_id must be an UUID")
+		return nil, notFoundError(apierrors.ErrorCodeValidationFailed, "user_id must be an UUID")
 	}
 
 	observability.LogEntrySetField(r, "user_id", userID)
 
 	u, err := models.FindUserByID(db, userID)
 	if err != nil {
 		if models.IsNotFoundError(err) {
-			return nil, notFoundError(ErrorCodeUserNotFound, "User not found")
+			return nil, notFoundError(apierrors.ErrorCodeUserNotFound, "User not found")
 		}
 		return nil, internalServerError("Database error loading user").WithInternalError(err)
 	}
@@ -76,15 +77,15 @@ func (a *API) loadFactor(w http.ResponseWriter, r *http.Request) (context.Contex
 	user := getUser(ctx)
 	factorID, err := uuid.FromString(chi.URLParam(r, "factor_id"))
 	if err != nil {
-		return nil, notFoundError(ErrorCodeValidationFailed, "factor_id must be an UUID")
+		return nil, notFoundError(apierrors.ErrorCodeValidationFailed, "factor_id must be an UUID")
 	}
 
 	observability.LogEntrySetField(r, "factor_id", factorID)
 
 	factor, err := user.FindOwnedFactorByID(db, factorID)
 	if err != nil {
 		if models.IsNotFoundError(err) {
-			return nil, notFoundError(ErrorCodeMFAFactorNotFound, "Factor not found")
+			return nil, notFoundError(apierrors.ErrorCodeMFAFactorNotFound, "Factor not found")
 		}
 		return nil, internalServerError("Database error loading factor").WithInternalError(err)
 	}
@@ -108,12 +109,12 @@ func (a *API) adminUsers(w http.ResponseWriter, r *http.Request) error {
 
 	pageParams, err := paginate(r)
 	if err != nil {
-		return badRequestError(ErrorCodeValidationFailed, "Bad Pagination Parameters: %v", err).WithInternalError(err)
+		return badRequestError(apierrors.ErrorCodeValidationFailed, "Bad Pagination Parameters: %v", err).WithInternalError(err)
 	}
 
 	sortParams, err := sort(r, map[string]bool{models.CreatedAt: true}, []models.SortField{{Name: models.CreatedAt, Dir: models.Descending}})
 	if err != nil {
-		return badRequestError(ErrorCodeValidationFailed, "Bad Sort Parameters: %v", err)
+		return badRequestError(apierrors.ErrorCodeValidationFailed, "Bad Sort Parameters: %v", err)
 	}
 
 	filter := r.URL.Query().Get("filter")
@@ -169,7 +170,7 @@ func (a *API) adminUserUpdate(w http.ResponseWriter, r *http.Request) error {
 		if params.BanDuration != "none" {
 			duration, err = time.ParseDuration(params.BanDuration)
 			if err != nil {
-				return badRequestError(ErrorCodeValidationFailed, "invalid format for ban duration: %v", err)
+				return badRequestError(apierrors.ErrorCodeValidationFailed, "invalid format for ban duration: %v", err)
 			}
 		}
 		banDuration = &duration
@@ -338,7 +339,7 @@ func (a *API) adminUserCreate(w http.ResponseWriter, r *http.Request) error {
 	}
 
 	if params.Email == "" && params.Phone == "" {
-		return badRequestError(ErrorCodeValidationFailed, "Cannot create a user without either an email or phone")
+		return badRequestError(apierrors.ErrorCodeValidationFailed, "Cannot create a user without either an email or phone")
 	}
 
 	var providers []string
@@ -350,7 +351,7 @@ func (a *API) adminUserCreate(w http.ResponseWriter, r *http.Request) error {
 		if user, err := models.IsDuplicatedEmail(db, params.Email, aud, nil); err != nil {
 			return internalServerError("Database error checking email").WithInternalError(err)
 		} else if user != nil {
-			return unprocessableEntityError(ErrorCodeEmailExists, DuplicateEmailMsg)
+			return unprocessableEntityError(apierrors.ErrorCodeEmailExists, DuplicateEmailMsg)
 		}
 		providers = append(providers, "email")
 	}
@@ -363,13 +364,13 @@ func (a *API) adminUserCreate(w http.ResponseWriter, r *http.Request) error {
 		if exists, err := models.IsDuplicatedPhone(db, params.Phone, aud); err != nil {
 			return internalServerError("Database error checking phone").WithInternalError(err)
 		} else if exists {
-			return unprocessableEntityError(ErrorCodePhoneExists, "Phone number already registered by another user")
+			return unprocessableEntityError(apierrors.ErrorCodePhoneExists, "Phone number already registered by another user")
 		}
 		providers = append(providers, "phone")
 	}
 
 	if params.Password != nil && params.PasswordHash != "" {
-		return badRequestError(ErrorCodeValidationFailed, "Only a password or a password hash should be provided")
+		return badRequestError(apierrors.ErrorCodeValidationFailed, "Only a password or a password hash should be provided")
 	}
 
 	if (params.Password == nil || *params.Password == "") && params.PasswordHash == "" {
@@ -389,18 +390,18 @@ func (a *API) adminUserCreate(w http.ResponseWriter, r *http.Request) error {
 
 	if err != nil {
 		if errors.Is(err, bcrypt.ErrPasswordTooLong) {
-			return badRequestError(ErrorCodeValidationFailed, err.Error())
+			return badRequestError(apierrors.ErrorCodeValidationFailed, err.Error())
 		}
 		return internalServerError("Error creating user").WithInternalError(err)
 	}
 
 	if params.Id != "" {
 		customId, err := uuid.FromString(params.Id)
 		if err != nil {
-			return badRequestError(ErrorCodeValidationFailed, "ID must conform to the uuid v4 format")
+			return badRequestError(apierrors.ErrorCodeValidationFailed, "ID must conform to the uuid v4 format")
 		}
 		if customId == uuid.Nil {
-			return badRequestError(ErrorCodeValidationFailed, "ID cannot be a nil uuid")
+			return badRequestError(apierrors.ErrorCodeValidationFailed, "ID cannot be a nil uuid")
 		}
 		user.ID = customId
 	}
@@ -418,7 +419,7 @@ func (a *API) adminUserCreate(w http.ResponseWriter, r *http.Request) error {
 		if params.BanDuration != "none" {
 			duration, err = time.ParseDuration(params.BanDuration)
 			if err != nil {
-				return badRequestError(ErrorCodeValidationFailed, "invalid format for ban duration: %v", err)
+				return badRequestError(apierrors.ErrorCodeValidationFailed, "invalid format for ban duration: %v", err)
 			}
 		}
 		banDuration = &duration
@@ -618,7 +619,7 @@ func (a *API) adminUserUpdateFactor(w http.ResponseWriter, r *http.Request) erro
 		if params.Phone != "" && factor.IsPhoneFactor() {
 			phone, err := validatePhone(params.Phone)
 			if err != nil {
-				return badRequestError(ErrorCodeValidationFailed, "Invalid phone number format (E.164 required)")
+				return badRequestError(apierrors.ErrorCodeValidationFailed, "Invalid phone number format (E.164 required)")
 			}
 			if terr := factor.UpdatePhone(tx, phone); terr != nil {
 				return terr

internal/api/admin_test.go

@@ -15,6 +15,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/stretchr/testify/suite"
+	"github.com/supabase/auth/internal/api/apierrors"
 	"github.com/supabase/auth/internal/conf"
 	"github.com/supabase/auth/internal/models"
 )
@@ -908,7 +909,7 @@ func (ts *AdminTestSuite) TestAdminUserCreateValidationErrors() {
 
 			data := map[string]interface{}{}
 			require.NoError(ts.T(), json.NewDecoder(w.Body).Decode(&data))
-			require.Equal(ts.T(), data["error_code"], ErrorCodeValidationFailed)
+			require.Equal(ts.T(), data["error_code"], apierrors.ErrorCodeValidationFailed)
 		})
 
 	}

internal/api/anonymous.go

@@ -3,6 +3,7 @@ package api
 import (
 	"net/http"
 
+	"github.com/supabase/auth/internal/api/apierrors"
 	"github.com/supabase/auth/internal/metering"
 	"github.com/supabase/auth/internal/models"
 	"github.com/supabase/auth/internal/storage"
@@ -15,7 +16,7 @@ func (a *API) SignupAnonymously(w http.ResponseWriter, r *http.Request) error {
 	aud := a.requestAud(ctx, r)
 
 	if config.DisableSignup {
-		return unprocessableEntityError(ErrorCodeSignupDisabled, "Signups not allowed for this instance")
+		return unprocessableEntityError(apierrors.ErrorCodeSignupDisabled, "Signups not allowed for this instance")
 	}
 
 	params := &SignupParams{}

internal/api/api.go

@@ -8,6 +8,7 @@ import (
 	"github.com/rs/cors"
 	"github.com/sebest/xff"
 	"github.com/sirupsen/logrus"
+	"github.com/supabase/auth/internal/api/apierrors"
 	"github.com/supabase/auth/internal/conf"
 	"github.com/supabase/auth/internal/mailer"
 	"github.com/supabase/auth/internal/models"
@@ -155,7 +156,7 @@ func NewAPIWithVersion(globalConfig *conf.GlobalConfiguration, db *storage.Conne
 				}
 				if params.Email == "" && params.Phone == "" {
 					if !api.config.External.AnonymousUsers.Enabled {
-						return unprocessableEntityError(ErrorCodeAnonymousProviderDisabled, "Anonymous sign-ins are disabled")
+						return unprocessableEntityError(apierrors.ErrorCodeAnonymousProviderDisabled, "Anonymous sign-ins are disabled")
 					}
 					if _, err := api.limitHandler(limitAnonymousSignIns)(w, r); err != nil {
 						return err

internal/api/apierrors/apierrors.go

@@ -0,0 +1,93 @@
+package apierrors
+
+import (
+	"fmt"
+)
+
+// OAuthError is the JSON handler for OAuth2 error responses
+type OAuthError struct {
+	Err             string `json:"error"`
+	Description     string `json:"error_description,omitempty"`
+	InternalError   error  `json:"-"`
+	InternalMessage string `json:"-"`
+}
+
+func NewOAuthError(err string, description string) *OAuthError {
+	return &OAuthError{Err: err, Description: description}
+}
+
+func (e *OAuthError) Error() string {
+	if e.InternalMessage != "" {
+		return e.InternalMessage
+	}
+	return fmt.Sprintf("%s: %s", e.Err, e.Description)
+}
+
+// WithInternalError adds internal error information to the error
+func (e *OAuthError) WithInternalError(err error) *OAuthError {
+	e.InternalError = err
+	return e
+}
+
+// WithInternalMessage adds internal message information to the error
+func (e *OAuthError) WithInternalMessage(fmtString string, args ...interface{}) *OAuthError {
+	e.InternalMessage = fmt.Sprintf(fmtString, args...)
+	return e
+}
+
+// Cause returns the root cause error
+func (e *OAuthError) Cause() error {
+	if e.InternalError != nil {
+		return e.InternalError
+	}
+	return e
+}
+
+// HTTPError is an error with a message and an HTTP status code.
+type HTTPError struct {
+	HTTPStatus      int    `json:"code"`                 // do not rename the JSON tags!
+	ErrorCode       string `json:"error_code,omitempty"` // do not rename the JSON tags!
+	Message         string `json:"msg"`                  // do not rename the JSON tags!
+	InternalError   error  `json:"-"`
+	InternalMessage string `json:"-"`
+	ErrorID         string `json:"error_id,omitempty"`
+}
+
+func NewHTTPError(httpStatus int, errorCode ErrorCode, fmtString string, args ...interface{}) *HTTPError {
+	return &HTTPError{
+		HTTPStatus: httpStatus,
+		ErrorCode:  errorCode,
+		Message:    fmt.Sprintf(fmtString, args...),
+	}
+}
+
+func (e *HTTPError) Error() string {
+	if e.InternalMessage != "" {
+		return e.InternalMessage
+	}
+	return fmt.Sprintf("%d: %s", e.HTTPStatus, e.Message)
+}
+
+func (e *HTTPError) Is(target error) bool {
+	return e.Error() == target.Error()
+}
+
+// Cause returns the root cause error
+func (e *HTTPError) Cause() error {
+	if e.InternalError != nil {
+		return e.InternalError
+	}
+	return e
+}
+
+// WithInternalError adds internal error information to the error
+func (e *HTTPError) WithInternalError(err error) *HTTPError {
+	e.InternalError = err
+	return e
+}
+
+// WithInternalMessage adds internal message information to the error
+func (e *HTTPError) WithInternalMessage(fmtString string, args ...interface{}) *HTTPError {
+	e.InternalMessage = fmt.Sprintf(fmtString, args...)
+	return e
+}

internal/api/errorcodes.go renamed to internal/api/apierrors/errorcode.go

@@ -1,4 +1,4 @@
-package api
+package apierrors
 
 type ErrorCode = string
 

internal/api/audit.go

@@ -4,6 +4,7 @@ import (
 	"net/http"
 	"strings"
 
+	"github.com/supabase/auth/internal/api/apierrors"
 	"github.com/supabase/auth/internal/models"
 )
 
@@ -20,7 +21,7 @@ func (a *API) adminAuditLog(w http.ResponseWriter, r *http.Request) error {
 	// aud := a.requestAud(ctx, r)
 	pageParams, err := paginate(r)
 	if err != nil {
-		return badRequestError(ErrorCodeValidationFailed, "Bad Pagination Parameters: %v", err)
+		return badRequestError(apierrors.ErrorCodeValidationFailed, "Bad Pagination Parameters: %v", err)
 	}
 
 	var col []string
@@ -31,7 +32,7 @@ func (a *API) adminAuditLog(w http.ResponseWriter, r *http.Request) error {
 		qparts := strings.SplitN(q, ":", 2)
 		col, exists = filterColumnMap[qparts[0]]
 		if !exists || len(qparts) < 2 {
-			return badRequestError(ErrorCodeValidationFailed, "Invalid query scope: %s", q)
+			return badRequestError(apierrors.ErrorCodeValidationFailed, "Invalid query scope: %s", q)
 		}
 		qval = qparts[1]
 	}