Extract repository authorization checking into utils

Author: Urgau

src/gh_changes_since.rs

@@ -7,7 +7,11 @@ use axum::{
 };
 use hyper::StatusCode;
 
-use crate::{github, handlers::Context, utils::AppError};
+use crate::{
+    github,
+    handlers::Context,
+    utils::{AppError, is_repo_autorized},
+};
 
 /// Redirects to either `/gh-range-diff` (when the base changed) or to GitHub's compare
 /// page (when the base is the same).
@@ -25,26 +29,10 @@ pub async fn gh_changes_since(
             .into_response());
     };
 
-    let repos = ctx
-        .team
-        .repos()
-        .await
-        .context("unable to retrieve team repos")?;
-
-    // Verify that the request org is part of the Rust project
-    let Some(repos) = repos.repos.get(&owner) else {
+    if !is_repo_autorized(&ctx, &owner, &repo).await? {
         return Ok((
-            StatusCode::BAD_REQUEST,
-            format!("organization `{owner}` is not part of the Rust Project team repos"),
-        )
-            .into_response());
-    };
-
-    // Verify that the request repo is part of the Rust project
-    if !repos.iter().any(|r| r.name == repo) {
-        return Ok((
-            StatusCode::BAD_REQUEST,
-            format!("repository `{owner}` is not part of the Rust Project team repos"),
+            StatusCode::UNAUTHORIZED,
+            format!("repository `{owner}/{repo}` is not part of the Rust Project team repos"),
         )
             .into_response());
     }

src/gh_range_diff.rs

@@ -21,6 +21,7 @@ use pulldown_cmark_escape::FmtWriter;
 use regex::Regex;
 
 use crate::github::GithubCompare;
+use crate::utils::is_repo_autorized;
 use crate::{github, handlers::Context, utils::AppError};
 
 static MARKER_RE: LazyLock<Regex> =
@@ -42,27 +43,11 @@ pub async fn gh_range_diff(
         ));
     };
 
-    let repos = ctx
-        .team
-        .repos()
-        .await
-        .context("unable to retrieve team repos")?;
-
-    // Verify that the request org is part of the Rust project
-    let Some(repos) = repos.repos.get(&owner) else {
-        return Ok((
-            StatusCode::BAD_REQUEST,
-            HeaderMap::new(),
-            format!("organization `{owner}` is not part of the Rust Project team repos"),
-        ));
-    };
-
-    // Verify that the request repo is part of the Rust project
-    if !repos.iter().any(|r| r.name == repo) {
+    if !is_repo_autorized(&ctx, &owner, &repo).await? {
         return Ok((
-            StatusCode::BAD_REQUEST,
+            StatusCode::UNAUTHORIZED,
             HeaderMap::new(),
-            format!("repository `{owner}` is not part of the Rust Project team repos"),
+            format!("repository `{owner}/{repo}` is not part of the Rust Project team repos"),
         ));
     }
 
@@ -166,27 +151,11 @@ pub async fn gh_ranges_diff(
         ));
     };
 
-    let repos = ctx
-        .team
-        .repos()
-        .await
-        .context("unable to retrieve team repos")?;
-
-    // Verify that the request org is part of the Rust project
-    let Some(repos) = repos.repos.get(&owner) else {
-        return Ok((
-            StatusCode::BAD_REQUEST,
-            HeaderMap::new(),
-            format!("organization `{owner}` is not part of the Rust Project team repos"),
-        ));
-    };
-
-    // Verify that the request repo is part of the Rust project
-    if !repos.iter().any(|r| r.name == repo) {
+    if !is_repo_autorized(&ctx, &owner, &repo).await? {
         return Ok((
-            StatusCode::BAD_REQUEST,
+            StatusCode::UNAUTHORIZED,
             HeaderMap::new(),
-            format!("repository `{owner}` is not part of the Rust Project team repos"),
+            format!("repository `{owner}/{repo}` is not part of the Rust Project team repos"),
         ));
     }
 

src/gha_logs.rs

@@ -1,7 +1,7 @@
 use crate::github::{self, WorkflowRunJob};
 use crate::handlers::Context;
 use crate::interactions::REPORT_TO;
-use crate::utils::AppError;
+use crate::utils::{AppError, is_repo_autorized};
 use anyhow::Context as _;
 use axum::extract::{Path, State};
 use axum::http::HeaderValue;
@@ -71,25 +71,11 @@ pub async fn gha_logs(
     Path((owner, repo, log_id)): Path<(String, String, u128)>,
     State(ctx): State<Arc<Context>>,
 ) -> axum::response::Result<impl IntoResponse, AppError> {
-    let repos = ctx
-        .team
-        .repos()
-        .await
-        .context("unable to retrieve team repos")?;
-
-    let Some(repos) = repos.repos.get(&owner) else {
-        return Ok((
-            StatusCode::BAD_REQUEST,
-            HeaderMap::new(),
-            format!("organization `{owner}` is not part of the Rust Project team repos"),
-        ));
-    };
-
-    if !repos.iter().any(|r| r.name == repo) {
+    if !is_repo_autorized(&ctx, &owner, &repo).await? {
         return Ok((
-            StatusCode::BAD_REQUEST,
+            StatusCode::UNAUTHORIZED,
             HeaderMap::new(),
-            format!("repository `{owner}` is not part of the Rust Project team repos"),
+            format!("repository `{owner}/{repo}` is not part of the Rust Project team repos"),
         ));
     }
 

src/utils.rs

@@ -1,5 +1,6 @@
-use crate::interactions::REPORT_TO;
+use crate::{handlers::Context, interactions::REPORT_TO};
 
+use anyhow::Context as _;
 use axum::{
     http::StatusCode,
     response::{IntoResponse, Response},
@@ -36,3 +37,27 @@ where
         AppError(err.into())
     }
 }
+
+pub(crate) async fn is_repo_autorized(
+    ctx: &Context,
+    owner: &str,
+    repo: &str,
+) -> anyhow::Result<bool> {
+    let repos = ctx
+        .team
+        .repos()
+        .await
+        .context("unable to retrieve team repos")?;
+
+    // Verify that the request org is part of the Rust project
+    let Some(repos) = repos.repos.get(owner) else {
+        return Ok(false);
+    };
+
+    // Verify that the request repo is part of the Rust project
+    if !repos.iter().any(|r| r.name == repo) {
+        return Ok(false);
+    }
+
+    Ok(true)
+}