From 17b17fc8bb690d1f6344e5af1c62b3b37166bc48 Mon Sep 17 00:00:00 2001
From: Niall Sheridan <nsheridan@gmail.com>
Date: Sun, 15 Jan 2017 21:50:38 +0000
Subject: Add more context to errors

---
 cmd/cashierd/main.go | 38 +++++++++++++++++++++-----------------
 1 file changed, 21 insertions(+), 17 deletions(-)

(limited to 'cmd/cashierd')

diff --git a/cmd/cashierd/main.go b/cmd/cashierd/main.go
index 83627ad..fc03171 100644
--- a/cmd/cashierd/main.go
+++ b/cmd/cashierd/main.go
@@ -5,7 +5,6 @@ import (
 	"crypto/tls"
 	"encoding/hex"
 	"encoding/json"
-	"errors"
 	"flag"
 	"fmt"
 	"html/template"
@@ -17,6 +16,8 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/pkg/errors"
+
 	"go4.org/wkfs"
 	"golang.org/x/crypto/acme/autocert"
 	"golang.org/x/oauth2"
@@ -125,7 +126,7 @@ func (a *appContext) login(w http.ResponseWriter, r *http.Request) (int, error)
 }
 
 // parseKey retrieves and unmarshals the signing request.
-func parseKey(r *http.Request) (*lib.SignRequest, error) {
+func extractKey(r *http.Request) (*lib.SignRequest, error) {
 	var s lib.SignRequest
 	if err := json.NewDecoder(r.Body).Decode(&s); err != nil {
 		return nil, err
@@ -154,23 +155,25 @@ func signHandler(a *appContext, w http.ResponseWriter, r *http.Request) (int, er
 	}
 
 	// Sign the pubkey and issue the cert.
-	req, err := parseKey(r)
+	req, err := extractKey(r)
 	if err != nil {
-		return http.StatusInternalServerError, err
+		return http.StatusBadRequest, errors.Wrap(err, "unable to extract key from request")
 	}
 	username := a.authprovider.Username(token)
 	a.authprovider.Revoke(token) // We don't need this anymore.
 	cert, err := a.sshKeySigner.SignUserKey(req, username)
 	if err != nil {
-		return http.StatusInternalServerError, err
+		return http.StatusInternalServerError, errors.Wrap(err, "error signing key")
 	}
 	if err := a.certstore.SetCert(cert); err != nil {
 		log.Printf("Error recording cert: %v", err)
 	}
-	json.NewEncoder(w).Encode(&lib.SignResponse{
+	if err := json.NewEncoder(w).Encode(&lib.SignResponse{
 		Status:   "ok",
 		Response: lib.GetPublicKey(cert),
-	})
+	}); err != nil {
+		return http.StatusInternalServerError, errors.Wrap(err, "error encoding response")
+	}
 	return http.StatusOK, nil
 }
 
@@ -219,7 +222,7 @@ func listRevokedCertsHandler(a *appContext, w http.ResponseWriter, r *http.Reque
 	}
 	rl, err := a.sshKeySigner.GenerateRevocationList(revoked)
 	if err != nil {
-		return http.StatusInternalServerError, err
+		return http.StatusInternalServerError, errors.Wrap(err, "unable to generate KRL")
 	}
 	w.Header().Set("Content-Type", "application/octet-stream")
 	w.Write(rl)
@@ -258,7 +261,7 @@ func revokeCertHandler(a *appContext, w http.ResponseWriter, r *http.Request) (i
 	r.ParseForm()
 	for _, id := range r.Form["cert_id"] {
 		if err := a.certstore.Revoke(id); err != nil {
-			return http.StatusInternalServerError, err
+			return http.StatusInternalServerError, errors.Wrap(err, "unable to revoke")
 		}
 	}
 	http.Redirect(w, r, "/admin/certs", http.StatusSeeOther)
@@ -292,7 +295,7 @@ func newState() string {
 func readConfig(filename string) (*config.Config, error) {
 	f, err := os.Open(filename)
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, "failed to parse config file")
 	}
 	defer f.Close()
 	return config.ReadConfig(f)
@@ -301,11 +304,11 @@ func readConfig(filename string) (*config.Config, error) {
 func loadCerts(certFile, keyFile string) (tls.Certificate, error) {
 	key, err := wkfs.ReadFile(keyFile)
 	if err != nil {
-		return tls.Certificate{}, err
+		return tls.Certificate{}, errors.Wrap(err, "error reading TLS private key")
 	}
 	cert, err := wkfs.ReadFile(certFile)
 	if err != nil {
-		return tls.Certificate{}, err
+		return tls.Certificate{}, errors.Wrap(err, "error reading TLS certificate")
 	}
 	return tls.X509KeyPair(cert, key)
 }
@@ -338,14 +341,15 @@ func main() {
 	if conf.Server.HTTPLogFile != "" {
 		logfile, err = os.OpenFile(conf.Server.HTTPLogFile, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0640)
 		if err != nil {
-			log.Fatal(err)
+			log.Printf("unable to open %s for writing. logging to stdout", conf.Server.HTTPLogFile)
+			logfile = os.Stderr
 		}
 	}
 
 	laddr := fmt.Sprintf("%s:%d", conf.Server.Addr, conf.Server.Port)
 	l, err := net.Listen("tcp", laddr)
 	if err != nil {
-		log.Fatal(err)
+		log.Fatal(errors.Wrapf(err, "unable to listen on %s:%d", conf.Server.Addr, conf.Server.Port))
 	}
 
 	tlsConfig := &tls.Config{}
@@ -364,7 +368,7 @@ func main() {
 			tlsConfig.Certificates = make([]tls.Certificate, 1)
 			tlsConfig.Certificates[0], err = loadCerts(conf.Server.TLSCert, conf.Server.TLSKey)
 			if err != nil {
-				log.Fatal(err)
+				log.Fatal(errors.Wrap(err, "unable to create TLS listener"))
 			}
 		}
 		l = tls.NewListener(l, tlsConfig)
@@ -373,7 +377,7 @@ func main() {
 	if conf.Server.User != "" {
 		log.Print("Dropping privileges...")
 		if err := drop.DropPrivileges(conf.Server.User); err != nil {
-			log.Fatal(err)
+			log.Fatal(errors.Wrap(err, "unable to drop privileges"))
 		}
 	}
 
@@ -388,7 +392,7 @@ func main() {
 		log.Fatalf("Unknown provider %s\n", conf.Auth.Provider)
 	}
 	if err != nil {
-		log.Fatal(err)
+		log.Fatal(errors.Wrapf(err, "unable to use provider '%s'", conf.Auth.Provider))
 	}
 
 	certstore, err := store.New(conf.Server.Database)
-- 
cgit v1.2.3