refactor: rename module 'err' to 'gperr' and use gphttp error handling

internal/api/v1/auth/auth.go

@@ -3,9 +3,8 @@ package auth
 import (
 	"net/http"
 
-	U "github.com/yusing/go-proxy/internal/api/v1/utils"
 	"github.com/yusing/go-proxy/internal/common"
-	"github.com/yusing/go-proxy/internal/logging"
+	"github.com/yusing/go-proxy/internal/net/gphttp"
 )
 
 var defaultAuth Provider
@@ -13,7 +12,6 @@ var defaultAuth Provider
 // Initialize sets up authentication providers.
 func Initialize() error {
 	if !IsEnabled() {
-		logging.Warn().Msg("authentication is disabled, please set API_JWT_SECRET or OIDC_* to enable authentication")
 		return nil
 	}
 
@@ -44,7 +42,7 @@ func RequireAuth(next http.HandlerFunc) http.HandlerFunc {
 	if IsEnabled() {
 		return func(w http.ResponseWriter, r *http.Request) {
 			if err := defaultAuth.CheckToken(r); err != nil {
-				U.RespondError(w, err, http.StatusUnauthorized)
+				gphttp.ClientError(w, err, http.StatusUnauthorized)
 			} else {
 				next(w, r)
 			}

internal/api/v1/auth/oidc.go

@@ -12,10 +12,9 @@ import (
 	"time"
 
 	"github.com/coreos/go-oidc/v3/oidc"
-	U "github.com/yusing/go-proxy/internal/api/v1/utils"
 	"github.com/yusing/go-proxy/internal/common"
-	E "github.com/yusing/go-proxy/internal/error"
-	CE "github.com/yusing/go-proxy/internal/utils"
+	"github.com/yusing/go-proxy/internal/net/gphttp"
+	"github.com/yusing/go-proxy/internal/utils"
 	"github.com/yusing/go-proxy/internal/utils/strutils"
 	"golang.org/x/oauth2"
 )
@@ -131,9 +130,9 @@ func (auth *OIDCProvider) CheckToken(r *http.Request) error {
 
 	// Logical AND between allowed users and groups.
 	allowedUser := slices.Contains(auth.allowedUsers, claims.Username)
-	allowedGroup := len(CE.Intersect(claims.Groups, auth.allowedGroups)) > 0
+	allowedGroup := len(utils.Intersect(claims.Groups, auth.allowedGroups)) > 0
 	if !allowedUser && !allowedGroup {
-		return ErrUserNotAllowed.Subject(claims.Username)
+		return ErrUserNotAllowed
 	}
 	return nil
 }
@@ -154,7 +153,7 @@ func generateState() (string, error) {
 func (auth *OIDCProvider) RedirectLoginPage(w http.ResponseWriter, r *http.Request) {
 	state, err := generateState()
 	if err != nil {
-		U.HandleErr(w, r, err, http.StatusInternalServerError)
+		gphttp.ServerError(w, r, err)
 		return
 	}
 	http.SetCookie(w, &http.Cookie{
@@ -171,7 +170,7 @@ func (auth *OIDCProvider) RedirectLoginPage(w http.ResponseWriter, r *http.Reque
 	if auth.isMiddleware {
 		u, err := r.URL.Parse(redirURL)
 		if err != nil {
-			U.HandleErr(w, r, err, http.StatusInternalServerError)
+			gphttp.ServerError(w, r, err)
 			return
 		}
 		q := u.Query()
@@ -201,31 +200,31 @@ func (auth *OIDCProvider) LoginCallbackHandler(w http.ResponseWriter, r *http.Re
 
 	state, err := r.Cookie(CookieOauthState)
 	if err != nil {
-		U.HandleErr(w, r, E.New("missing state cookie"), http.StatusBadRequest)
+		gphttp.BadRequest(w, "missing state cookie")
 		return
 	}
 
 	query := r.URL.Query()
 	if query.Get("state") != state.Value {
-		U.HandleErr(w, r, E.New("invalid oauth state"), http.StatusBadRequest)
+		gphttp.BadRequest(w, "invalid oauth state")
 		return
 	}
 
 	oauth2Token, err := auth.exchange(r)
 	if err != nil {
-		U.HandleErr(w, r, fmt.Errorf("failed to exchange token: %w", err), http.StatusInternalServerError)
+		gphttp.ServerError(w, r, fmt.Errorf("failed to exchange token: %w", err))
 		return
 	}
 
 	rawIDToken, ok := oauth2Token.Extra("id_token").(string)
 	if !ok {
-		U.HandleErr(w, r, E.New("missing id_token"), http.StatusInternalServerError)
+		gphttp.BadRequest(w, "missing id_token")
 		return
 	}
 
 	idToken, err := auth.oidcVerifier.Verify(r.Context(), rawIDToken)
 	if err != nil {
-		U.HandleErr(w, r, fmt.Errorf("failed to verify ID token: %w", err), http.StatusInternalServerError)
+		gphttp.ServerError(w, r, fmt.Errorf("failed to verify ID token: %w", err))
 		return
 	}
 
@@ -243,7 +242,7 @@ func (auth *OIDCProvider) LogoutCallbackHandler(w http.ResponseWriter, r *http.R
 
 	token, err := r.Cookie(auth.TokenCookieName())
 	if err != nil {
-		U.HandleErr(w, r, E.New("missing token cookie"), http.StatusBadRequest)
+		gphttp.BadRequest(w, "missing token cookie")
 		return
 	}
 	clearTokenCookie(w, r, auth.TokenCookieName())
@@ -258,12 +257,12 @@ func (auth *OIDCProvider) LogoutCallbackHandler(w http.ResponseWriter, r *http.R
 func (auth *OIDCProvider) handleTestCallback(w http.ResponseWriter, r *http.Request) {
 	state, err := r.Cookie(CookieOauthState)
 	if err != nil {
-		U.HandleErr(w, r, E.New("missing state cookie"), http.StatusBadRequest)
+		gphttp.BadRequest(w, "missing state cookie")
 		return
 	}
 
 	if r.URL.Query().Get("state") != state.Value {
-		U.HandleErr(w, r, E.New("invalid oauth state"), http.StatusBadRequest)
+		gphttp.BadRequest(w, "invalid oauth state")
 		return
 	}
 

internal/api/v1/auth/userpass.go

@@ -7,16 +7,16 @@ import (
 	"time"
 
 	"github.com/golang-jwt/jwt/v5"
-	U "github.com/yusing/go-proxy/internal/api/v1/utils"
 	"github.com/yusing/go-proxy/internal/common"
-	E "github.com/yusing/go-proxy/internal/error"
+	"github.com/yusing/go-proxy/internal/gperr"
+	"github.com/yusing/go-proxy/internal/net/gphttp"
 	"github.com/yusing/go-proxy/internal/utils/strutils"
 	"golang.org/x/crypto/bcrypt"
 )
 
 var (
-	ErrInvalidUsername = E.New("invalid username")
-	ErrInvalidPassword = E.New("invalid password")
+	ErrInvalidUsername = gperr.New("invalid username")
+	ErrInvalidPassword = gperr.New("invalid password")
 )
 
 type (
@@ -94,7 +94,7 @@ func (auth *UserPassAuth) CheckToken(r *http.Request) error {
 	case claims.Username != auth.username:
 		return ErrUserNotAllowed.Subject(claims.Username)
 	case claims.ExpiresAt.Before(time.Now()):
-		return E.Errorf("token expired on %s", strutils.FormatTime(claims.ExpiresAt.Time))
+		return gperr.Errorf("token expired on %s", strutils.FormatTime(claims.ExpiresAt.Time))
 	}
 
 	return nil
@@ -111,17 +111,16 @@ func (auth *UserPassAuth) LoginCallbackHandler(w http.ResponseWriter, r *http.Re
 	}
 	err := json.NewDecoder(r.Body).Decode(&creds)
 	if err != nil {
-		U.HandleErr(w, r, err, http.StatusBadRequest)
+		gphttp.Unauthorized(w, "invalid credentials")
 		return
 	}
 	if err := auth.validatePassword(creds.User, creds.Pass); err != nil {
-		U.LogError(r).Err(err).Msg("auth: invalid credentials")
-		U.RespondError(w, E.New("invalid credentials"), http.StatusUnauthorized)
+		gphttp.Unauthorized(w, "invalid credentials")
 		return
 	}
 	token, err := auth.NewToken()
 	if err != nil {
-		U.HandleErr(w, r, err, http.StatusInternalServerError)
+		gphttp.ServerError(w, r, err)
 		return
 	}
 	setTokenCookie(w, r, auth.TokenCookieName(), token, auth.tokenTTL)

internal/api/v1/auth/utils.go

@@ -5,14 +5,14 @@ import (
 	"net/http"
 	"time"
 
-	E "github.com/yusing/go-proxy/internal/error"
+	"github.com/yusing/go-proxy/internal/gperr"
 	"github.com/yusing/go-proxy/internal/utils/strutils"
 )
 
 var (
-	ErrMissingToken   = E.New("missing token")
-	ErrInvalidToken   = E.New("invalid token")
-	ErrUserNotAllowed = E.New("user not allowed")
+	ErrMissingToken   = gperr.New("missing token")
+	ErrInvalidToken   = gperr.New("invalid token")
+	ErrUserNotAllowed = gperr.New("user not allowed")
 )
 
 // cookieFQDN returns the fully qualified domain name of the request host