encryption: Simplify EncryptJSON (#44764)

Instead of needing to pass a value in, we can supply the type we want
and return a new value of that type.

enterprise/internal/authz/bitbucketserver/provider.go

@@ -139,8 +139,8 @@ func (p *Provider) FetchUserPerms(ctx context.Context, account *extsvc.Account,
 			p.codeHost.ServiceID, account.AccountSpec.ServiceID)
 	}
 
-	var user bitbucketserver.User
-	if err := encryption.DecryptJSON(ctx, account.Data, &user); err != nil {
+	user, err := encryption.DecryptJSON[bitbucketserver.User](ctx, account.Data)
+	if err != nil {
 		return nil, errors.Wrap(err, "unmarshaling account data")
 	}
 

internal/encryption/json_encryptable.go

@@ -60,18 +60,20 @@ func (e *JSONEncryptable[T]) Set(value T) error {
 	return nil
 }
 
-// DecryptJSON decrypts the encryptable value and updates the given value. This method may make an external
+// DecryptJSON decrypts the encryptable value. This method may make an external
 // API call to decrypt the underlying encrypted value, but will memoize the result so that subsequent calls
 // will be cheap.
-func DecryptJSON[T any](ctx context.Context, e *JSONEncryptable[any], value T) error {
+func DecryptJSON[T any](ctx context.Context, e *JSONEncryptable[any]) (*T, error) {
+	var value T
+
 	serialized, err := e.Encryptable.Decrypt(ctx)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	if err := json.Unmarshal([]byte(serialized), &value); err != nil {
-		return err
+		return nil, err
 	}
 
-	return nil
+	return &value, nil
 }

internal/extsvc/gerrit/account.go

@@ -20,7 +20,5 @@ func GetExternalAccountData(ctx context.Context, data *extsvc.AccountData) (*Acc
 		return nil, nil
 	}
 
-	var d AccountData
-	err := encryption.DecryptJSON(ctx, data.Data, &d)
-	return &d, err
+	return encryption.DecryptJSON[AccountData](ctx, data.Data)
 }

internal/extsvc/github/common.go

@@ -1893,21 +1893,17 @@ type restTopicsResponse struct {
 
 func GetExternalAccountData(ctx context.Context, data *extsvc.AccountData) (usr *github.User, tok *oauth2.Token, err error) {
 	if data.Data != nil {
-		var u github.User
-		if err := encryption.DecryptJSON(ctx, data.Data, &u); err != nil {
+		usr, err = encryption.DecryptJSON[github.User](ctx, data.Data)
+		if err != nil {
 			return nil, nil, err
 		}
-
-		usr = &u
 	}
 
 	if data.AuthData != nil {
-		var t oauth2.Token
-		if err := encryption.DecryptJSON(ctx, data.AuthData, &t); err != nil {
+		tok, err = encryption.DecryptJSON[oauth2.Token](ctx, data.AuthData)
+		if err != nil {
 			return nil, nil, err
 		}
-
-		tok = &t
 	}
 
 	return usr, tok, nil

internal/extsvc/gitlab/user.go

@@ -14,21 +14,17 @@ import (
 // JSON blob in a typesafe way.
 func GetExternalAccountData(ctx context.Context, data *extsvc.AccountData) (usr *User, tok *oauth2.Token, err error) {
 	if data.Data != nil {
-		var u User
-		if err := encryption.DecryptJSON(ctx, data.Data, &u); err != nil {
+		usr, err = encryption.DecryptJSON[User](ctx, data.Data)
+		if err != nil {
 			return nil, nil, err
 		}
-
-		usr = &u
 	}
 
 	if data.AuthData != nil {
-		var t oauth2.Token
-		if err := encryption.DecryptJSON(ctx, data.AuthData, &t); err != nil {
+		tok, err = encryption.DecryptJSON[oauth2.Token](ctx, data.AuthData)
+		if err != nil {
 			return nil, nil, err
 		}
-
-		tok = &t
 	}
 
 	return usr, tok, nil

internal/extsvc/perforce/account.go

@@ -19,7 +19,5 @@ func GetExternalAccountData(ctx context.Context, data *extsvc.AccountData) (*Acc
 		return nil, nil
 	}
 
-	var d AccountData
-	err := encryption.DecryptJSON(ctx, data.Data, &d)
-	return &d, err
+	return encryption.DecryptJSON[AccountData](ctx, data.Data)
 }