fix: return error if Authorization header is supplied but is invalid
This commit is contained in:
parent
6fdf23eb1a
commit
79eefb1ccf
|
@ -2,6 +2,7 @@ package server
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"codeberg.org/u1f320/pronouns.cc/backend/server/auth"
|
"codeberg.org/u1f320/pronouns.cc/backend/server/auth"
|
||||||
|
@ -19,7 +20,13 @@ func (s *Server) maybeAuth(next http.Handler) http.Handler {
|
||||||
|
|
||||||
claims, err := s.Auth.Claims(token)
|
claims, err := s.Auth.Claims(token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// if we get here, a token was supplied but it's invalid--return an error
|
fmt.Printf("%q: %q\n", "Authorization", token)
|
||||||
|
render.Status(r, errCodeStatuses[ErrForbidden])
|
||||||
|
render.JSON(w, r, APIError{
|
||||||
|
Code: ErrForbidden,
|
||||||
|
Message: errCodeMessages[ErrForbidden],
|
||||||
|
})
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx := context.WithValue(r.Context(), ctxKeyClaims, claims)
|
ctx := context.WithValue(r.Context(), ctxKeyClaims, claims)
|
||||||
|
|
|
@ -69,6 +69,7 @@ const (
|
||||||
// Login/authorize error codes
|
// Login/authorize error codes
|
||||||
ErrInvalidState = 1001
|
ErrInvalidState = 1001
|
||||||
ErrInvalidOAuthCode = 1002
|
ErrInvalidOAuthCode = 1002
|
||||||
|
ErrInvalidToken = 1003 // a token was supplied, but it is invalid
|
||||||
|
|
||||||
// User-related error codes
|
// User-related error codes
|
||||||
ErrUserNotFound = 2001
|
ErrUserNotFound = 2001
|
||||||
|
@ -81,6 +82,7 @@ var errCodeMessages = map[int]string{
|
||||||
|
|
||||||
ErrInvalidState: "Invalid OAuth state",
|
ErrInvalidState: "Invalid OAuth state",
|
||||||
ErrInvalidOAuthCode: "Invalid OAuth code",
|
ErrInvalidOAuthCode: "Invalid OAuth code",
|
||||||
|
ErrInvalidToken: "Supplied token was invalid",
|
||||||
|
|
||||||
ErrUserNotFound: "User not found",
|
ErrUserNotFound: "User not found",
|
||||||
}
|
}
|
||||||
|
@ -92,6 +94,7 @@ var errCodeStatuses = map[int]int{
|
||||||
|
|
||||||
ErrInvalidState: http.StatusBadRequest,
|
ErrInvalidState: http.StatusBadRequest,
|
||||||
ErrInvalidOAuthCode: http.StatusForbidden,
|
ErrInvalidOAuthCode: http.StatusForbidden,
|
||||||
|
ErrInvalidToken: http.StatusUnauthorized,
|
||||||
|
|
||||||
ErrUserNotFound: http.StatusNotFound,
|
ErrUserNotFound: http.StatusNotFound,
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue