fix: return error if Authorization header is supplied but is invalid

2022-05-14 21:55:44 +02:00 · 2022-05-14 21:55:44 +02:00 · 79eefb1ccf
commit 79eefb1ccf
parent 6fdf23eb1a
2 changed files with 11 additions and 1 deletions
--- a/backend/server/auth.go
+++ b/backend/server/auth.go
@ -2,6 +2,7 @@ package server

 import (
 	"context"
+	"fmt"
 	"net/http"

 	"codeberg.org/u1f320/pronouns.cc/backend/server/auth"
@ -19,7 +20,13 @@ func (s *Server) maybeAuth(next http.Handler) http.Handler {

 		claims, err := s.Auth.Claims(token)
 		if err != nil {
-			// if we get here, a token was supplied but it's invalid--return an error
+			fmt.Printf("%q: %q\n", "Authorization", token)
+			render.Status(r, errCodeStatuses[ErrForbidden])
+			render.JSON(w, r, APIError{
+				Code:    ErrForbidden,
+				Message: errCodeMessages[ErrForbidden],
+			})
+			return
 		}

 		ctx := context.WithValue(r.Context(), ctxKeyClaims, claims)