@@ -624,10 +624,18 @@ class TaskBackend {
624624 InvalidInputException .checkPackageName (package);
625625 version = InvalidInputException .checkSemanticVersion (version);
626626
627+ final token = _extractBearerToken (request);
628+ if (token == null ) {
629+ throw AuthenticationException .authenticationRequired ();
630+ }
631+
627632 final key = PackageState .createKey (_db, runtimeVersion, package);
628633 final state = await _db.lookupOrNull <PackageState >(key);
634+ if (state == null ) {
635+ throw NotFoundException .resource ('$package /$version ' );
636+ }
629637 final versionState =
630- _extractAndVerifyVersionState (package, version, state, request );
638+ _authorizeWorkerCallback (package, version, state, token );
631639
632640 // Set expiration of signed URLs to remaining execution time + 5 min to
633641 // allow for clock skew.
@@ -674,6 +682,11 @@ class TaskBackend {
674682 InvalidInputException .checkPackageName (package);
675683 version = InvalidInputException .checkSemanticVersion (version);
676684
685+ final token = _extractBearerToken (request);
686+ if (token == null ) {
687+ throw AuthenticationException .authenticationRequired ();
688+ }
689+
677690 String ? zone, instance;
678691 bool isInstanceDone = false ;
679692 final index = await _loadTaskResultIndex (
@@ -690,13 +703,16 @@ class TaskBackend {
690703 await withRetryTransaction (_db, (tx) async {
691704 final key = PackageState .createKey (_db, runtimeVersion, package);
692705 final state = await tx.lookupOrNull <PackageState >(key);
706+ if (state == null ) {
707+ throw NotFoundException .resource ('$package /$version ' );
708+ }
693709 final versionState =
694- _extractAndVerifyVersionState (package, version, state, request );
710+ _authorizeWorkerCallback (package, version, state, token );
695711
696712 // Update dependencies, if pana summary has dependencies
697713 if (summary != null && summary.allDependencies != null ) {
698714 final updatedDependencies = _updatedDependencies (
699- state! .dependencies,
715+ state.dependencies,
700716 summary.allDependencies,
701717 // for logging only
702718 package: package,
@@ -714,7 +730,7 @@ class TaskBackend {
714730 instance = versionState.instance! ;
715731
716732 // Remove instanceName, zone, secretToken, and set attempts = 0
717- state! .versions! [version] = PackageVersionStateInfo (
733+ state.versions! [version] = PackageVersionStateInfo (
718734 scheduled: versionState.scheduled,
719735 docs: hasDocIndexHtml,
720736 pana: summary != null ,
@@ -1164,19 +1180,16 @@ String? _extractBearerToken(shelf.Request request) {
11641180 return parts.last.trim ();
11651181}
11661182
1167- PackageVersionStateInfo _extractAndVerifyVersionState (
1183+ /// Authorize a worker callback for [package] / [version] .
1184+ ///
1185+ /// Returns the [PackageVersionStateInfo] that the worker is authenticated for.
1186+ /// Or throw [ResponseException] if authorization is not possible.
1187+ PackageVersionStateInfo _authorizeWorkerCallback (
11681188 String package,
11691189 String version,
1170- PackageState ? state,
1171- shelf. Request request ,
1190+ PackageState state,
1191+ String token ,
11721192) {
1173- final token = _extractBearerToken (request);
1174- if (token == null ) {
1175- throw AuthenticationException .authenticationRequired ();
1176- }
1177- if (state == null ) {
1178- throw NotFoundException .resource ('$package /$version ' );
1179- }
11801193 final versionState = state.versions! [version];
11811194 if (versionState == null ) {
11821195 // check if the task was aborted
0 commit comments