fix(auth): diagnose non-JSON device authorization failures#1852
fix(auth): diagnose non-JSON device authorization failures#1852xu91102 wants to merge 2 commits into
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (2)
📝 WalkthroughWalkthroughNon-JSON device authorization failures now include HTTP status, content type, gateway log ID, preserved parsing causes, and scope guidance for qualifying 403 responses. A unit test verifies the structured error and diagnostics. ChangesDevice authorization diagnostics
Estimated code review effort: 3 (Moderate) | ~20 minutes Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
internal/auth/device_flow.go (1)
142-155: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winNew error handling should use typed
errs.*errors with cause preservation; test should assert typed metadata. The shared root cause is thatdeviceAuthorizationNonJSONErrorreturns a bareerrors.Newinstead of a typederrs.*error, which also prevents the test from asserting typed metadata.
internal/auth/device_flow.go#L142-L155: Replaceerrors.New(message)with a typed error (e.g.,errs.NewNetworkError(errs.SubtypeNetworkTransport, message)) per the coding guidelines for network/transport failures. Pass thejson.Unmarshalerror from the call site and preserve it with.WithCause(err).internal/auth/device_flow_test.go#L136-L145: Once the production code returns a typed error, replace thestrings.Containssubstring checks witherrs.ProblemOfassertions forcategory/subtypeand verify cause preservation viaerrors.Is/errors.Unwrap.As per coding guidelines: "Command-facing failures must use typed
errs.*errors, never legacyoutput.Err*helpers or barefmt.Errorf" and "Error-path tests must assert typed metadata viaerrs.ProblemOf(category/subtype/param`) and cause preservation, not message substrings alone".🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@internal/auth/device_flow.go` around lines 142 - 155, Update internal/auth/device_flow.go lines 142-155 in deviceAuthorizationNonJSONError to return the appropriate typed errs network/transport error and accept the json.Unmarshal cause from its call site, preserving it with WithCause(err). Update internal/auth/device_flow_test.go lines 136-145 to replace substring checks with errs.ProblemOf assertions for category and subtype, and verify the preserved cause using errors.Is or errors.Unwrap.Source: Coding guidelines
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@internal/auth/device_flow.go`:
- Around line 142-155: Update internal/auth/device_flow.go lines 142-155 in
deviceAuthorizationNonJSONError to return the appropriate typed errs
network/transport error and accept the json.Unmarshal cause from its call site,
preserving it with WithCause(err). Update internal/auth/device_flow_test.go
lines 136-145 to replace substring checks with errs.ProblemOf assertions for
category and subtype, and verify the preserved cause using errors.Is or
errors.Unwrap.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 6eb4efe9-1a05-44a8-90b6-bdaa86509bb6
📒 Files selected for processing (2)
internal/auth/device_flow.gointernal/auth/device_flow_test.go
|
@coderabbitai 已处理该建议:非 JSON 设备授权失败现在返回 |
|
Tip For best results, initiate chat on the files or code changes. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
fd device_flow.go internal/auth
echo "---"
sed -n '1,80p' internal/auth/device_flow.go
echo "---TEST---"
sed -n '1,80p' internal/auth/device_flow_test.goLength of output: 4947 🏁 Script executed: #!/bin/bash
rg -n "deviceAuthorizationNonJSONError|NewNetworkError|WithCause|ProblemOf" internal/auth/device_flow.go internal/auth/device_flow_test.go
echo "---"
rg -n "TestRequestDeviceAuthorization_NonJSONForbidden" -A 60 internal/auth/device_flow_test.goLength of output: 2905 Confirmed — the update looks solid. (=^・ω・^=)ヘ good work! If you found this review helpful, would you consider giving us a shout-out on X? Thank you for using CodeRabbit! |
Fixes #1846
背景
设备授权端点返回非 JSON 的 403 时,现有错误只显示状态码,无法定位网关拒绝或向维护方提供请求标识。
核心改动
X-Tt-Logid。验证
go test ./internal/auth -count=1go build -o ./lark-cli .风险与回滚
只增强非 JSON 失败信息,不改变设备授权请求、成功响应或重试逻辑。回滚本提交即可恢复原行为。
Summary by CodeRabbit
403 Forbiddenwith a requested scope, added guidance to retry with a simpler/smaller scope.403error message contents and error classification.