From 44eb1e1fa604526443b1ff33de720ed018773a70 Mon Sep 17 00:00:00 2001 From: Marco Realacci Date: Sun, 20 Nov 2022 19:53:24 +0100 Subject: [PATCH] Add auth error description --- service/api/authorization/auth-manager.go | 13 +++++++------ service/api/bans.go | 4 ++-- service/api/comments.go | 4 ++-- service/api/followers.go | 4 ++-- service/api/likes.go | 2 +- service/api/photos.go | 4 ++-- service/api/put-updateusername.go | 2 +- 7 files changed, 17 insertions(+), 16 deletions(-) diff --git a/service/api/authorization/auth-manager.go b/service/api/authorization/auth-manager.go index dbe1d30..19e1568 100644 --- a/service/api/authorization/auth-manager.go +++ b/service/api/authorization/auth-manager.go @@ -4,8 +4,10 @@ import ( "errors" "net/http" + "github.com/notherealmarco/WASAPhoto/service/api/helpers" "github.com/notherealmarco/WASAPhoto/service/api/reqcontext" "github.com/notherealmarco/WASAPhoto/service/database" + "github.com/sirupsen/logrus" ) func BuildAuth(header string) (reqcontext.Authorization, error) { @@ -19,24 +21,23 @@ func BuildAuth(header string) (reqcontext.Authorization, error) { return auth, nil } -func SendAuthorizationError(f func(db database.AppDatabase, uid string) (reqcontext.AuthStatus, error), uid string, db database.AppDatabase, w http.ResponseWriter, notFoundStatus int) bool { +func SendAuthorizationError(f func(db database.AppDatabase, uid string) (reqcontext.AuthStatus, error), uid string, db database.AppDatabase, w http.ResponseWriter, l logrus.FieldLogger, notFoundStatus int) bool { auth, err := f(db, uid) if err != nil { - w.WriteHeader(http.StatusInternalServerError) - // todo: log error and write it to the response + helpers.SendInternalError(err, "Authorization error", w, l) return false } if auth == reqcontext.UNAUTHORIZED { - w.WriteHeader(http.StatusUnauthorized) + helpers.SendStatus(http.StatusUnauthorized, w, "Unauthorized", l) return false } if auth == reqcontext.FORBIDDEN { - w.WriteHeader(http.StatusForbidden) + helpers.SendStatus(http.StatusForbidden, w, "Forbidden", l) return false } // requested user is not found -> 404 as the resource is not found if auth == reqcontext.USER_NOT_FOUND { - w.WriteHeader(notFoundStatus) + helpers.SendStatus(notFoundStatus, w, "Resource not found", l) return false } return true diff --git a/service/api/bans.go b/service/api/bans.go index 95745e2..6bc8d11 100644 --- a/service/api/bans.go +++ b/service/api/bans.go @@ -16,7 +16,7 @@ func (rt *_router) PutBan(w http.ResponseWriter, r *http.Request, ps httprouter. banned := ps.ByName("ban_uid") // send error if the user has no permission to perform this action - if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) { + if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) { return } @@ -50,7 +50,7 @@ func (rt *_router) DeleteBan(w http.ResponseWriter, r *http.Request, ps httprout banned := ps.ByName("ban_uid") // send error if the user has no permission to perform this action - if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) { + if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) { return } diff --git a/service/api/comments.go b/service/api/comments.go index 5a701d6..f3eb39c 100644 --- a/service/api/comments.go +++ b/service/api/comments.go @@ -72,7 +72,7 @@ func (rt *_router) PostComment(w http.ResponseWriter, r *http.Request, ps httpro } // check if the user is authorized to post a comment - if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, request_body.UID, rt.db, w, http.StatusBadRequest) { + if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, request_body.UID, rt.db, w, rt.baseLogger, http.StatusBadRequest) { return } @@ -142,7 +142,7 @@ func (rt *_router) DeleteComment(w http.ResponseWriter, r *http.Request, ps http // Authorized user is not the owner of the comment // let's check if it's the owner of the photo - if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusForbidden) { + if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusForbidden) { // The authorized user is not the owner of the photo, so we sent an error return } diff --git a/service/api/followers.go b/service/api/followers.go index d54b40b..36a46c2 100644 --- a/service/api/followers.go +++ b/service/api/followers.go @@ -63,7 +63,7 @@ func (rt *_router) PutFollow(w http.ResponseWriter, r *http.Request, ps httprout followed := ps.ByName("follower_uid") // send error if the user has no permission to perform this action - if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) { + if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) { return } @@ -93,7 +93,7 @@ func (rt *_router) DeleteFollow(w http.ResponseWriter, r *http.Request, ps httpr followed := ps.ByName("follower_uid") // send error if the user has no permission to perform this action - if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) { + if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) { return } diff --git a/service/api/likes.go b/service/api/likes.go index ad50a2a..697e67a 100644 --- a/service/api/likes.go +++ b/service/api/likes.go @@ -62,7 +62,7 @@ func (rt *_router) PutDeleteLike(w http.ResponseWriter, r *http.Request, ps http liker_uid := ps.ByName("liker_uid") - if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, liker_uid, rt.db, w, http.StatusBadRequest) { + if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, liker_uid, rt.db, w, rt.baseLogger, http.StatusBadRequest) { return } diff --git a/service/api/photos.go b/service/api/photos.go index 9f7ff9d..c8a835b 100644 --- a/service/api/photos.go +++ b/service/api/photos.go @@ -20,7 +20,7 @@ func (rt *_router) PostPhoto(w http.ResponseWriter, r *http.Request, ps httprout uid := ps.ByName("user_id") // send error if the user has no permission to perform this action - if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) { + if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) { return } @@ -105,7 +105,7 @@ func (rt *_router) DeletePhoto(w http.ResponseWriter, r *http.Request, ps httpro } // send error if the user has no permission to perform this action (only the author can delete a photo) - if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) { + if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) { return } diff --git a/service/api/put-updateusername.go b/service/api/put-updateusername.go index 9a1a644..4d267aa 100644 --- a/service/api/put-updateusername.go +++ b/service/api/put-updateusername.go @@ -13,7 +13,7 @@ import ( func (rt *_router) UpdateUsername(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) { uid := ps.ByName("user_id") - if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) { + if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) { return } var req structures.UserDetails