Add auth error description

This commit is contained in:
Marco Realacci 2022-11-20 19:53:24 +01:00
parent 038730da3b
commit 44eb1e1fa6
7 changed files with 17 additions and 16 deletions

View file

@ -4,8 +4,10 @@ import (
"errors" "errors"
"net/http" "net/http"
"github.com/notherealmarco/WASAPhoto/service/api/helpers"
"github.com/notherealmarco/WASAPhoto/service/api/reqcontext" "github.com/notherealmarco/WASAPhoto/service/api/reqcontext"
"github.com/notherealmarco/WASAPhoto/service/database" "github.com/notherealmarco/WASAPhoto/service/database"
"github.com/sirupsen/logrus"
) )
func BuildAuth(header string) (reqcontext.Authorization, error) { func BuildAuth(header string) (reqcontext.Authorization, error) {
@ -19,24 +21,23 @@ func BuildAuth(header string) (reqcontext.Authorization, error) {
return auth, nil return auth, nil
} }
func SendAuthorizationError(f func(db database.AppDatabase, uid string) (reqcontext.AuthStatus, error), uid string, db database.AppDatabase, w http.ResponseWriter, notFoundStatus int) bool { func SendAuthorizationError(f func(db database.AppDatabase, uid string) (reqcontext.AuthStatus, error), uid string, db database.AppDatabase, w http.ResponseWriter, l logrus.FieldLogger, notFoundStatus int) bool {
auth, err := f(db, uid) auth, err := f(db, uid)
if err != nil { if err != nil {
w.WriteHeader(http.StatusInternalServerError) helpers.SendInternalError(err, "Authorization error", w, l)
// todo: log error and write it to the response
return false return false
} }
if auth == reqcontext.UNAUTHORIZED { if auth == reqcontext.UNAUTHORIZED {
w.WriteHeader(http.StatusUnauthorized) helpers.SendStatus(http.StatusUnauthorized, w, "Unauthorized", l)
return false return false
} }
if auth == reqcontext.FORBIDDEN { if auth == reqcontext.FORBIDDEN {
w.WriteHeader(http.StatusForbidden) helpers.SendStatus(http.StatusForbidden, w, "Forbidden", l)
return false return false
} }
// requested user is not found -> 404 as the resource is not found // requested user is not found -> 404 as the resource is not found
if auth == reqcontext.USER_NOT_FOUND { if auth == reqcontext.USER_NOT_FOUND {
w.WriteHeader(notFoundStatus) helpers.SendStatus(notFoundStatus, w, "Resource not found", l)
return false return false
} }
return true return true

View file

@ -16,7 +16,7 @@ func (rt *_router) PutBan(w http.ResponseWriter, r *http.Request, ps httprouter.
banned := ps.ByName("ban_uid") banned := ps.ByName("ban_uid")
// send error if the user has no permission to perform this action // send error if the user has no permission to perform this action
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) { if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
return return
} }
@ -50,7 +50,7 @@ func (rt *_router) DeleteBan(w http.ResponseWriter, r *http.Request, ps httprout
banned := ps.ByName("ban_uid") banned := ps.ByName("ban_uid")
// send error if the user has no permission to perform this action // send error if the user has no permission to perform this action
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) { if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
return return
} }

View file

@ -72,7 +72,7 @@ func (rt *_router) PostComment(w http.ResponseWriter, r *http.Request, ps httpro
} }
// check if the user is authorized to post a comment // check if the user is authorized to post a comment
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, request_body.UID, rt.db, w, http.StatusBadRequest) { if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, request_body.UID, rt.db, w, rt.baseLogger, http.StatusBadRequest) {
return return
} }
@ -142,7 +142,7 @@ func (rt *_router) DeleteComment(w http.ResponseWriter, r *http.Request, ps http
// Authorized user is not the owner of the comment // Authorized user is not the owner of the comment
// let's check if it's the owner of the photo // let's check if it's the owner of the photo
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusForbidden) { if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusForbidden) {
// The authorized user is not the owner of the photo, so we sent an error // The authorized user is not the owner of the photo, so we sent an error
return return
} }

View file

@ -63,7 +63,7 @@ func (rt *_router) PutFollow(w http.ResponseWriter, r *http.Request, ps httprout
followed := ps.ByName("follower_uid") followed := ps.ByName("follower_uid")
// send error if the user has no permission to perform this action // send error if the user has no permission to perform this action
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) { if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
return return
} }
@ -93,7 +93,7 @@ func (rt *_router) DeleteFollow(w http.ResponseWriter, r *http.Request, ps httpr
followed := ps.ByName("follower_uid") followed := ps.ByName("follower_uid")
// send error if the user has no permission to perform this action // send error if the user has no permission to perform this action
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) { if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
return return
} }

View file

@ -62,7 +62,7 @@ func (rt *_router) PutDeleteLike(w http.ResponseWriter, r *http.Request, ps http
liker_uid := ps.ByName("liker_uid") liker_uid := ps.ByName("liker_uid")
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, liker_uid, rt.db, w, http.StatusBadRequest) { if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, liker_uid, rt.db, w, rt.baseLogger, http.StatusBadRequest) {
return return
} }

View file

@ -20,7 +20,7 @@ func (rt *_router) PostPhoto(w http.ResponseWriter, r *http.Request, ps httprout
uid := ps.ByName("user_id") uid := ps.ByName("user_id")
// send error if the user has no permission to perform this action // send error if the user has no permission to perform this action
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) { if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
return return
} }
@ -105,7 +105,7 @@ func (rt *_router) DeletePhoto(w http.ResponseWriter, r *http.Request, ps httpro
} }
// send error if the user has no permission to perform this action (only the author can delete a photo) // send error if the user has no permission to perform this action (only the author can delete a photo)
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) { if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
return return
} }

View file

@ -13,7 +13,7 @@ import (
func (rt *_router) UpdateUsername(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) { func (rt *_router) UpdateUsername(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) {
uid := ps.ByName("user_id") uid := ps.ByName("user_id")
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) { if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
return return
} }
var req structures.UserDetails var req structures.UserDetails