Refactor API Identity create endpoint for legibility

internal/hermes-api/service/identity.go

@@ -52,54 +52,65 @@ type Identityer interface {
 		limit int32, appID string) ([]*api.Identity, int32, error)
 }
 
-// CreateIdentity creates an identity.
-func (ai *AppIdentity) CreateIdentity(
-	ctx context.Context, req *api.CreateIdentityRequest,
-) (*api.CreateIdentityResponse, error) {
-	logger := hlog.FromContext(ctx)
-	sess, ok := session.FromContext(ctx)
-	if !ok || sess.Role < api.Role_AUTHENTICATOR {
-		return nil, errPerm(api.Role_AUTHENTICATOR)
-	}
-
-	// Validate notification methods and apply plan limits.
-	switch m := req.Identity.MethodOneof.(type) {
+// validatePlan validates notification methods and apply plan limits.
+func (ai *AppIdentity) validatePlan(
+	ctx context.Context, orgPlan api.Plan, i *api.Identity,
+) error {
+	switch m := i.MethodOneof.(type) {
 	case *api.Identity_SmsMethod:
-		if sess.OrgPlan < api.Plan_PRO {
-			return nil, errPlan(api.Plan_PRO)
+		if orgPlan < api.Plan_PRO {
+			return errPlan(api.Plan_PRO)
 		}
 
 		if !rePhone.MatchString(m.SmsMethod.Phone) {
-			return nil, status.Error(codes.InvalidArgument,
+			return status.Error(codes.InvalidArgument,
 				"invalid E.164 phone number")
 		}
 
 		if err := ai.notify.ValidateSMS(ctx, m.SmsMethod.Phone); err != nil {
-			return nil, errToStatus(err)
+			return errToStatus(err)
 		}
 	case *api.Identity_PushoverMethod:
-		if sess.OrgPlan < api.Plan_PRO {
-			return nil, errPlan(api.Plan_PRO)
+		if orgPlan < api.Plan_PRO {
+			return errPlan(api.Plan_PRO)
 		}
 
 		if err := ai.notify.ValidatePushover(
 			m.PushoverMethod.PushoverKey); err != nil {
-			return nil, errToStatus(err)
+			return errToStatus(err)
 		}
 	case *api.Identity_EmailMethod:
-		if sess.OrgPlan < api.Plan_PRO {
-			return nil, errPlan(api.Plan_PRO)
+		if orgPlan < api.Plan_PRO {
+			return errPlan(api.Plan_PRO)
 		}
 	case *api.Identity_BackupCodesMethod:
-		if sess.OrgPlan < api.Plan_PRO {
-			return nil, errPlan(api.Plan_PRO)
+		if orgPlan < api.Plan_PRO {
+			return errPlan(api.Plan_PRO)
 		}
 	case *api.Identity_SecurityQuestionsMethod:
-		if sess.OrgPlan < api.Plan_PRO {
-			return nil, errPlan(api.Plan_PRO)
+		if orgPlan < api.Plan_PRO {
+			return errPlan(api.Plan_PRO)
 		}
 	}
 
+	return nil
+}
+
+// CreateIdentity creates an identity.
+func (ai *AppIdentity) CreateIdentity(
+	ctx context.Context, req *api.CreateIdentityRequest,
+) (*api.CreateIdentityResponse, error) {
+	logger := hlog.FromContext(ctx)
+	sess, ok := session.FromContext(ctx)
+	if !ok || sess.Role < api.Role_AUTHENTICATOR {
+		return nil, errPerm(api.Role_AUTHENTICATOR)
+	}
+
+	// Validate notification methods and apply plan limits.
+	if err := ai.validatePlan(ctx, sess.OrgPlan, req.Identity); err != nil {
+		return nil, err
+	}
+
 	req.Identity.OrgId = sess.OrgID
 
 	identity, otp, retSecret, err := ai.identDAO.Create(ctx, req.Identity)