fix: return error if Authorization header is supplied but is invalid

2022-05-14 21:55:44 +02:00 · 2022-05-14 21:55:44 +02:00 · 79eefb1ccf
commit 79eefb1ccf
parent 6fdf23eb1a
2 changed files with 11 additions and 1 deletions
--- a/backend/server/auth.go
+++ b/backend/server/auth.go
@ -2,6 +2,7 @@ package server
 import (
 	"context"
 	"fmt"
 	"net/http"
 	"codeberg.org/u1f320/pronouns.cc/backend/server/auth"
@ -19,7 +20,13 @@ func (s *Server) maybeAuth(next http.Handler) http.Handler {
 		claims, err := s.Auth.Claims(token)
 		if err != nil {
-			// if we get here, a token was supplied but it's invalid--return an error
+			fmt.Printf("%q: %q\n", "Authorization", token)
 			render.Status(r, errCodeStatuses[ErrForbidden])
 			render.JSON(w, r, APIError{
 				Code:    ErrForbidden,
 				Message: errCodeMessages[ErrForbidden],
 			})
 			return
 		}
 		ctx := context.WithValue(r.Context(), ctxKeyClaims, claims)
--- a/backend/server/errors.go
+++ b/backend/server/errors.go
@ -69,6 +69,7 @@ const (
 	// Login/authorize error codes
 	ErrInvalidState     = 1001
 	ErrInvalidOAuthCode = 1002
 	ErrInvalidToken     = 1003 // a token was supplied, but it is invalid
 	// User-related error codes
 	ErrUserNotFound = 2001
@ -81,6 +82,7 @@ var errCodeMessages = map[int]string{
 	ErrInvalidState:     "Invalid OAuth state",
 	ErrInvalidOAuthCode: "Invalid OAuth code",
 	ErrInvalidToken:     "Supplied token was invalid",
 	ErrUserNotFound: "User not found",
 }
@ -92,6 +94,7 @@ var errCodeStatuses = map[int]int{
 	ErrInvalidState:     http.StatusBadRequest,
 	ErrInvalidOAuthCode: http.StatusForbidden,
 	ErrInvalidToken:     http.StatusUnauthorized,
 	ErrUserNotFound: http.StatusNotFound,
 }