update response codes + force unlock option

Author: cnuss

src/controllers/ControllerV1.ts

@@ -34,7 +34,7 @@ export class ControllerV1 extends Controller {
   @Get()
   public async getState(
     @Request() request: HttpRequest,
-    @Res() res: TsoaResponse<200 | 400 | 401 | 404, any>,
+    @Res() res: TsoaResponse<200 | 401 | 403 | 404, any>,
   ): Promise<any> {
     try {
       const identity = await this.githubService.getIdentity(request);
@@ -55,7 +55,7 @@ export class ControllerV1 extends Controller {
     @Query('ID') id: string,
     // eslint-disable-next-line @typescript-eslint/explicit-module-boundary-types
     @Body() state: any,
-    @Res() res: TsoaResponse<200 | 400 | 401 | 404 | 409, void>,
+    @Res() res: TsoaResponse<200 | 400 | 401 | 403 | 404 | 409, void>,
   ): Promise<void> {
     try {
       const stateLockRequest = await this.stateService.getRequest(id);
@@ -75,7 +75,7 @@ export class ControllerV1 extends Controller {
   public async lockState(
     @Request() request: HttpRequest,
     @Body() lockRequest: StateLockRequest,
-    @Res() res: TsoaResponse<200 | 400 | 401 | 404 | 409, boolean>,
+    @Res() res: TsoaResponse<200 | 401 | 403 | 404 | 409, boolean>,
   ): Promise<boolean> {
     try {
       const stateLockRequest = await this.stateService.saveRequest(lockRequest);
@@ -95,12 +95,13 @@ export class ControllerV1 extends Controller {
   public async unlockState(
     @Request() request: HttpRequest,
     @Body() lockRequest: StateLockRequest,
-    @Res() res: TsoaResponse<200 | 400 | 401 | 404 | 409, boolean>,
+    @Res() res: TsoaResponse<200 | 401 | 403 | 404 | 409, boolean>,
+    @Query('force') force = false,
   ): Promise<boolean> {
     try {
       const stateLockRequest = await this.stateService.getRequest(lockRequest.ID);
       const identity = await this.githubService.getIdentity(request, stateLockRequest);
-      await this.stateService.unlockState(identity, stateLockRequest);
+      await this.stateService.unlockState(identity, stateLockRequest, force);
       const response = res(200, true);
       return response;
     } catch (e) {

src/services/GithubService.ts

@@ -56,7 +56,7 @@ export class GithubService {
 
     if (!password) {
       console.warn(`Missing password from authorization token`);
-      throw new TerraformError(401);
+      throw new TerraformError(403);
     }
 
     if (username) {
@@ -70,7 +70,7 @@ export class GithubService {
           `Username must be in the format of \`[{owner}/{repository}][@{workspace}]\``,
           username,
         );
-        throw new TerraformError(400);
+        throw new TerraformError(403);
       }
 
       if (repo.indexOf('@') !== -1) {
@@ -89,7 +89,7 @@ export class GithubService {
     } catch (e) {
       if (e instanceof Error) {
         console.warn(`Error inferring identity`, e);
-        throw new TerraformError(401);
+        throw new TerraformError(403);
       }
       throw e;
     }

src/services/StateService.ts

@@ -161,6 +161,7 @@ export class StateService {
   public unlockState = async (
     identity: IdentityWithToken,
     stateLockRequest: StateLockRequest,
+    force: boolean,
   ): Promise<void> => {
     const lockedBy = crypto.createHash('sha256').update(identity.token, 'utf8').digest('base64');
 
@@ -182,7 +183,7 @@ export class StateService {
 
     const [stateLock] = stateLocks.Items;
 
-    if (stateLock.attrs.lockedBy !== lockedBy) {
+    if (stateLock.attrs.lockedBy !== lockedBy && !force) {
       console.warn(
         `State is locked by ${identity.meta.name} for ${identity.owner}/${identity.repo} on workspace ${identity.workspace}.`,
       );