fix: return error if Authorization header is supplied but is invalid

This commit is contained in:
Sam 2022-05-14 21:55:44 +02:00
parent 6fdf23eb1a
commit 79eefb1ccf
2 changed files with 11 additions and 1 deletions

View File

@ -2,6 +2,7 @@ package server
import ( import (
"context" "context"
"fmt"
"net/http" "net/http"
"codeberg.org/u1f320/pronouns.cc/backend/server/auth" "codeberg.org/u1f320/pronouns.cc/backend/server/auth"
@ -19,7 +20,13 @@ func (s *Server) maybeAuth(next http.Handler) http.Handler {
claims, err := s.Auth.Claims(token) claims, err := s.Auth.Claims(token)
if err != nil { if err != nil {
// if we get here, a token was supplied but it's invalid--return an error fmt.Printf("%q: %q\n", "Authorization", token)
render.Status(r, errCodeStatuses[ErrForbidden])
render.JSON(w, r, APIError{
Code: ErrForbidden,
Message: errCodeMessages[ErrForbidden],
})
return
} }
ctx := context.WithValue(r.Context(), ctxKeyClaims, claims) ctx := context.WithValue(r.Context(), ctxKeyClaims, claims)

View File

@ -69,6 +69,7 @@ const (
// Login/authorize error codes // Login/authorize error codes
ErrInvalidState = 1001 ErrInvalidState = 1001
ErrInvalidOAuthCode = 1002 ErrInvalidOAuthCode = 1002
ErrInvalidToken = 1003 // a token was supplied, but it is invalid
// User-related error codes // User-related error codes
ErrUserNotFound = 2001 ErrUserNotFound = 2001
@ -81,6 +82,7 @@ var errCodeMessages = map[int]string{
ErrInvalidState: "Invalid OAuth state", ErrInvalidState: "Invalid OAuth state",
ErrInvalidOAuthCode: "Invalid OAuth code", ErrInvalidOAuthCode: "Invalid OAuth code",
ErrInvalidToken: "Supplied token was invalid",
ErrUserNotFound: "User not found", ErrUserNotFound: "User not found",
} }
@ -92,6 +94,7 @@ var errCodeStatuses = map[int]int{
ErrInvalidState: http.StatusBadRequest, ErrInvalidState: http.StatusBadRequest,
ErrInvalidOAuthCode: http.StatusForbidden, ErrInvalidOAuthCode: http.StatusForbidden,
ErrInvalidToken: http.StatusUnauthorized,
ErrUserNotFound: http.StatusNotFound, ErrUserNotFound: http.StatusNotFound,
} }