mirror of
https://github.com/notherealmarco/WASAPhoto.git
synced 2025-03-14 14:16:15 +01:00
Add auth error description
This commit is contained in:
parent
038730da3b
commit
44eb1e1fa6
7 changed files with 17 additions and 16 deletions
|
@ -4,8 +4,10 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/notherealmarco/WASAPhoto/service/api/helpers"
|
||||||
"github.com/notherealmarco/WASAPhoto/service/api/reqcontext"
|
"github.com/notherealmarco/WASAPhoto/service/api/reqcontext"
|
||||||
"github.com/notherealmarco/WASAPhoto/service/database"
|
"github.com/notherealmarco/WASAPhoto/service/database"
|
||||||
|
"github.com/sirupsen/logrus"
|
||||||
)
|
)
|
||||||
|
|
||||||
func BuildAuth(header string) (reqcontext.Authorization, error) {
|
func BuildAuth(header string) (reqcontext.Authorization, error) {
|
||||||
|
@ -19,24 +21,23 @@ func BuildAuth(header string) (reqcontext.Authorization, error) {
|
||||||
return auth, nil
|
return auth, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func SendAuthorizationError(f func(db database.AppDatabase, uid string) (reqcontext.AuthStatus, error), uid string, db database.AppDatabase, w http.ResponseWriter, notFoundStatus int) bool {
|
func SendAuthorizationError(f func(db database.AppDatabase, uid string) (reqcontext.AuthStatus, error), uid string, db database.AppDatabase, w http.ResponseWriter, l logrus.FieldLogger, notFoundStatus int) bool {
|
||||||
auth, err := f(db, uid)
|
auth, err := f(db, uid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
w.WriteHeader(http.StatusInternalServerError)
|
helpers.SendInternalError(err, "Authorization error", w, l)
|
||||||
// todo: log error and write it to the response
|
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
if auth == reqcontext.UNAUTHORIZED {
|
if auth == reqcontext.UNAUTHORIZED {
|
||||||
w.WriteHeader(http.StatusUnauthorized)
|
helpers.SendStatus(http.StatusUnauthorized, w, "Unauthorized", l)
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
if auth == reqcontext.FORBIDDEN {
|
if auth == reqcontext.FORBIDDEN {
|
||||||
w.WriteHeader(http.StatusForbidden)
|
helpers.SendStatus(http.StatusForbidden, w, "Forbidden", l)
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
// requested user is not found -> 404 as the resource is not found
|
// requested user is not found -> 404 as the resource is not found
|
||||||
if auth == reqcontext.USER_NOT_FOUND {
|
if auth == reqcontext.USER_NOT_FOUND {
|
||||||
w.WriteHeader(notFoundStatus)
|
helpers.SendStatus(notFoundStatus, w, "Resource not found", l)
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
return true
|
return true
|
||||||
|
|
|
@ -16,7 +16,7 @@ func (rt *_router) PutBan(w http.ResponseWriter, r *http.Request, ps httprouter.
|
||||||
banned := ps.ByName("ban_uid")
|
banned := ps.ByName("ban_uid")
|
||||||
|
|
||||||
// send error if the user has no permission to perform this action
|
// send error if the user has no permission to perform this action
|
||||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) {
|
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -50,7 +50,7 @@ func (rt *_router) DeleteBan(w http.ResponseWriter, r *http.Request, ps httprout
|
||||||
banned := ps.ByName("ban_uid")
|
banned := ps.ByName("ban_uid")
|
||||||
|
|
||||||
// send error if the user has no permission to perform this action
|
// send error if the user has no permission to perform this action
|
||||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) {
|
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -72,7 +72,7 @@ func (rt *_router) PostComment(w http.ResponseWriter, r *http.Request, ps httpro
|
||||||
}
|
}
|
||||||
|
|
||||||
// check if the user is authorized to post a comment
|
// check if the user is authorized to post a comment
|
||||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, request_body.UID, rt.db, w, http.StatusBadRequest) {
|
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, request_body.UID, rt.db, w, rt.baseLogger, http.StatusBadRequest) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -142,7 +142,7 @@ func (rt *_router) DeleteComment(w http.ResponseWriter, r *http.Request, ps http
|
||||||
// Authorized user is not the owner of the comment
|
// Authorized user is not the owner of the comment
|
||||||
// let's check if it's the owner of the photo
|
// let's check if it's the owner of the photo
|
||||||
|
|
||||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusForbidden) {
|
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusForbidden) {
|
||||||
// The authorized user is not the owner of the photo, so we sent an error
|
// The authorized user is not the owner of the photo, so we sent an error
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -63,7 +63,7 @@ func (rt *_router) PutFollow(w http.ResponseWriter, r *http.Request, ps httprout
|
||||||
followed := ps.ByName("follower_uid")
|
followed := ps.ByName("follower_uid")
|
||||||
|
|
||||||
// send error if the user has no permission to perform this action
|
// send error if the user has no permission to perform this action
|
||||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) {
|
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -93,7 +93,7 @@ func (rt *_router) DeleteFollow(w http.ResponseWriter, r *http.Request, ps httpr
|
||||||
followed := ps.ByName("follower_uid")
|
followed := ps.ByName("follower_uid")
|
||||||
|
|
||||||
// send error if the user has no permission to perform this action
|
// send error if the user has no permission to perform this action
|
||||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) {
|
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -62,7 +62,7 @@ func (rt *_router) PutDeleteLike(w http.ResponseWriter, r *http.Request, ps http
|
||||||
|
|
||||||
liker_uid := ps.ByName("liker_uid")
|
liker_uid := ps.ByName("liker_uid")
|
||||||
|
|
||||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, liker_uid, rt.db, w, http.StatusBadRequest) {
|
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, liker_uid, rt.db, w, rt.baseLogger, http.StatusBadRequest) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -20,7 +20,7 @@ func (rt *_router) PostPhoto(w http.ResponseWriter, r *http.Request, ps httprout
|
||||||
uid := ps.ByName("user_id")
|
uid := ps.ByName("user_id")
|
||||||
|
|
||||||
// send error if the user has no permission to perform this action
|
// send error if the user has no permission to perform this action
|
||||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) {
|
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -105,7 +105,7 @@ func (rt *_router) DeletePhoto(w http.ResponseWriter, r *http.Request, ps httpro
|
||||||
}
|
}
|
||||||
|
|
||||||
// send error if the user has no permission to perform this action (only the author can delete a photo)
|
// send error if the user has no permission to perform this action (only the author can delete a photo)
|
||||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) {
|
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ import (
|
||||||
func (rt *_router) UpdateUsername(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) {
|
func (rt *_router) UpdateUsername(w http.ResponseWriter, r *http.Request, ps httprouter.Params, ctx reqcontext.RequestContext) {
|
||||||
|
|
||||||
uid := ps.ByName("user_id")
|
uid := ps.ByName("user_id")
|
||||||
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, http.StatusNotFound) {
|
if !authorization.SendAuthorizationError(ctx.Auth.UserAuthorized, uid, rt.db, w, rt.baseLogger, http.StatusNotFound) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
var req structures.UserDetails
|
var req structures.UserDetails
|
||||||
|
|
Loading…
Reference in a new issue