mirror of
https://github.com/notherealmarco/WASAPhoto.git
synced 2025-03-14 06:06:15 +01:00
Add auth error description
This commit is contained in:
parent
038730da3b
commit
44eb1e1fa6
7 changed files with 17 additions and 16 deletions
|
|
@ -4,8 +4,10 @@ import (
|
|||
"errors"
|
||||
"net/http"
|
||||
|
||||
"github.com/notherealmarco/WASAPhoto/service/api/helpers"
|
||||
"github.com/notherealmarco/WASAPhoto/service/api/reqcontext"
|
||||
"github.com/notherealmarco/WASAPhoto/service/database"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
func BuildAuth(header string) (reqcontext.Authorization, error) {
|
||||
|
|
@ -19,24 +21,23 @@ func BuildAuth(header string) (reqcontext.Authorization, error) {
|
|||
return auth, nil
|
||||
}
|
||||
|
||||
func SendAuthorizationError(f func(db database.AppDatabase, uid string) (reqcontext.AuthStatus, error), uid string, db database.AppDatabase, w http.ResponseWriter, notFoundStatus int) bool {
|
||||
func SendAuthorizationError(f func(db database.AppDatabase, uid string) (reqcontext.AuthStatus, error), uid string, db database.AppDatabase, w http.ResponseWriter, l logrus.FieldLogger, notFoundStatus int) bool {
|
||||
auth, err := f(db, uid)
|
||||
if err != nil {
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
// todo: log error and write it to the response
|
||||
helpers.SendInternalError(err, "Authorization error", w, l)
|
||||
return false
|
||||
}
|
||||
if auth == reqcontext.UNAUTHORIZED {
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
helpers.SendStatus(http.StatusUnauthorized, w, "Unauthorized", l)
|
||||
return false
|
||||
}
|
||||
if auth == reqcontext.FORBIDDEN {
|
||||
w.WriteHeader(http.StatusForbidden)
|
||||
helpers.SendStatus(http.StatusForbidden, w, "Forbidden", l)
|
||||
return false
|
||||
}
|
||||
// requested user is not found -> 404 as the resource is not found
|
||||
if auth == reqcontext.USER_NOT_FOUND {
|
||||
w.WriteHeader(notFoundStatus)
|
||||
helpers.SendStatus(notFoundStatus, w, "Resource not found", l)
|
||||
return false
|
||||
}
|
||||
return true
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ func (rt *_router) PutBan(w http.ResponseWriter, r *http.Request, ps httprouter.
|
|||
banned := ps.ByName("ban_uid")
|
||||
|
||||
// send error if the user has no permission to perform this action
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) {
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -50,7 +50,7 @@ func (rt *_router) DeleteBan(w http.ResponseWriter, r *http.Request, ps httprout
|
|||
banned := ps.ByName("ban_uid")
|
||||
|
||||
// send error if the user has no permission to perform this action
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) {
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ func (rt *_router) PostComment(w http.ResponseWriter, r *http.Request, ps httpro
|
|||
}
|
||||
|
||||
// check if the user is authorized to post a comment
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, request_body.UID, rt.db, w, http.StatusBadRequest) {
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, request_body.UID, rt.db, w, rt.baseLogger, http.StatusBadRequest) {
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -142,7 +142,7 @@ func (rt *_router) DeleteComment(w http.ResponseWriter, r *http.Request, ps http
|
|||
// Authorized user is not the owner of the comment
|
||||
// let's check if it's the owner of the photo
|
||||
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusForbidden) {
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusForbidden) {
|
||||
// The authorized user is not the owner of the photo, so we sent an error
|
||||
return
|
||||
}
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ func (rt *_router) PutFollow(w http.ResponseWriter, r *http.Request, ps httprout
|
|||
followed := ps.ByName("follower_uid")
|
||||
|
||||
// send error if the user has no permission to perform this action
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) {
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -93,7 +93,7 @@ func (rt *_router) DeleteFollow(w http.ResponseWriter, r *http.Request, ps httpr
|
|||
followed := ps.ByName("follower_uid")
|
||||
|
||||
// send error if the user has no permission to perform this action
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) {
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@ func (rt *_router) PutDeleteLike(w http.ResponseWriter, r *http.Request, ps http
|
|||
|
||||
liker_uid := ps.ByName("liker_uid")
|
||||
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, liker_uid, rt.db, w, http.StatusBadRequest) {
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, liker_uid, rt.db, w, rt.baseLogger, http.StatusBadRequest) {
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ func (rt *_router) PostPhoto(w http.ResponseWriter, r *http.Request, ps httprout
|
|||
uid := ps.ByName("user_id")
|
||||
|
||||
// send error if the user has no permission to perform this action
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) {
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -105,7 +105,7 @@ func (rt *_router) DeletePhoto(w http.ResponseWriter, r *http.Request, ps httpro
|
|||
}
|
||||
|
||||
// send error if the user has no permission to perform this action (only the author can delete a photo)
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) {
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ import (
|
|||
func (rt *_router) UpdateUsername(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) {
|
||||
|
||||
uid := ps.ByName("user_id")
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) {
|
||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
|
||||
return
|
||||
}
|
||||
var req structures.UserDetails
|
||||
|
|
|
|||
Loading…
Reference in a new issue