Part of duplicate code analysis: #3050
Summary
In internal/proxy/handler.go, httputil.WriteJSONResponse is called with http.StatusForbidden (403) in 3 separate locations. Two of these (lines 155 and 228) use an identical map[string]string{"message": ...} body shape and are separated by only ~75 lines of code. The third (line 71) uses a GraphQL-specific shape. Unlike the internal/server package — which has a writeErrorResponse helper — the proxy package has no equivalent abstraction.
Duplication Details
Pattern: Inline httputil.WriteJSONResponse 403 response in proxy handler
httputil.WriteJSONResponse(w, http.StatusForbidden, map[string]string{
"message": fmt.Sprintf("DIFC policy violation: %s", evalResult.Reason),
})
- Code Sample (lines 227–230, structurally identical):
httputil.WriteJSONResponse(w, http.StatusForbidden, map[string]string{
"message": fmt.Sprintf("DIFC policy violation: %d of %d items not accessible",
filtered.GetFilteredCount(), filtered.TotalCount),
})Impact Analysis
- Maintainability: If the HTTP response shape for DIFC policy violations changes (e.g. adding a
code field), two call sites must be updated.
- Bug Risk: Low — the current impact is cosmetic inconsistency rather than a correctness risk.
- Code Bloat: ~8 lines, minor.
Refactoring Recommendations
-
Add a writeDIFCForbidden helper in internal/proxy/handler.go (or a new http_helpers.go within the proxy package):
func writeDIFCForbidden(w http.ResponseWriter, message string) {
httputil.WriteJSONResponse(w, http.StatusForbidden, map[string]string{
"message": message,
})
}Callers become:
writeDIFCForbidden(w, fmt.Sprintf("DIFC policy violation: %s", evalResult.Reason))
-
Alternative: Move the helper to internal/httputil if it may be needed by other packages.
-
This is a low-priority polish item — consider batching with any future proxy refactoring.
Implementation Checklist
Parent Issue
See parent analysis report: #3050
Related to #3050
Generated by Duplicate Code Detector · ◷
Part of duplicate code analysis: #3050
Summary
In
internal/proxy/handler.go,httputil.WriteJSONResponseis called withhttp.StatusForbidden(403) in 3 separate locations. Two of these (lines 155 and 228) use an identicalmap[string]string{"message": ...}body shape and are separated by only ~75 lines of code. The third (line 71) uses a GraphQL-specific shape. Unlike theinternal/serverpackage — which has awriteErrorResponsehelper — the proxy package has no equivalent abstraction.Duplication Details
Pattern: Inline
httputil.WriteJSONResponse403 response in proxy handlerSeverity: Low
Occurrences: 2 near-identical blocks (+ 1 structurally similar)
Locations:
internal/proxy/handler.goline 71 (GraphQL shape — different body)internal/proxy/handler.golines 155–158 (DIFC write blocked —{"message": "..."})internal/proxy/handler.golines 227–230 (DIFC strict mode —{"message": "..."})Code Sample (lines 155–158):
Impact Analysis
codefield), two call sites must be updated.Refactoring Recommendations
Add a
writeDIFCForbiddenhelper ininternal/proxy/handler.go(or a newhttp_helpers.gowithin the proxy package):Callers become:
Alternative: Move the helper to
internal/httputilif it may be needed by other packages.This is a low-priority polish item — consider batching with any future proxy refactoring.
Implementation Checklist
writeDIFCForbiddenhelper (or equivalent)make agent-finishedto verifyParent Issue
See parent analysis report: #3050
Related to #3050