Check for auth, better errors
This commit is contained in:
parent
e7f96ea58e
commit
2674a71f30
3 changed files with 14 additions and 4 deletions
|
|
@ -116,6 +116,7 @@ func (a *Auth) SubjectMiddleware(requireToken bool) func(http.Handler) http.Hand
|
|||
|
||||
sub, err := users.FromCtx(ctx).GetUser(ctx, username)
|
||||
if err != nil {
|
||||
log.Error().Str("username", username).Err(err).Msg("subject middleware get subject")
|
||||
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ func (s *Server) setupRoutes() {
|
|||
r.Use(s.auth.VerifyMiddleware())
|
||||
|
||||
r.Group(func(r chi.Router) {
|
||||
r.Use(s.auth.SubjectMiddleware(true))
|
||||
r.Use(s.auth.AuthorizedSubjectMiddleware())
|
||||
// authenticated routes
|
||||
s.nex.PrivateRoutes(r)
|
||||
s.auth.PrivateRoutes(r)
|
||||
|
|
@ -42,7 +42,7 @@ func (s *Server) setupRoutes() {
|
|||
|
||||
r.Group(func(r chi.Router) {
|
||||
s.rateLimit(r)
|
||||
r.Use(s.auth.SubjectMiddleware(false))
|
||||
r.Use(s.auth.PublicSubjectMiddleware())
|
||||
r.Use(render.SetContentType(render.ContentTypeJSON))
|
||||
// public routes
|
||||
s.sources.PublicRoutes(r)
|
||||
|
|
@ -51,7 +51,7 @@ func (s *Server) setupRoutes() {
|
|||
r.Group(func(r chi.Router) {
|
||||
// auth/share routes get rate-limited heavily, but not using middleware
|
||||
s.rateLimit(r)
|
||||
r.Use(s.auth.SubjectMiddleware(false))
|
||||
r.Use(s.auth.PublicSubjectMiddleware())
|
||||
r.Use(render.SetContentType(render.ContentTypeJSON))
|
||||
s.auth.PublicRoutes(r)
|
||||
r.Mount("/share", s.rest.ShareRouter())
|
||||
|
|
@ -60,7 +60,7 @@ func (s *Server) setupRoutes() {
|
|||
r.Group(func(r chi.Router) {
|
||||
s.rateLimit(r)
|
||||
// optional auth routes
|
||||
r.Use(s.auth.SubjectMiddleware(false))
|
||||
r.Use(s.auth.PublicSubjectMiddleware())
|
||||
|
||||
s.clientRoute(r, clientRoot)
|
||||
})
|
||||
|
|
|
|||
|
|
@ -2,11 +2,16 @@ package users
|
|||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
|
||||
"dynatron.me/x/stillbox/internal/cache"
|
||||
"dynatron.me/x/stillbox/pkg/database"
|
||||
)
|
||||
|
||||
var (
|
||||
ErrNoSuchUser = errors.New("no such user")
|
||||
)
|
||||
|
||||
type Store interface {
|
||||
// GetUser gets a user by UID.
|
||||
GetUser(ctx context.Context, username string) (*User, error)
|
||||
|
|
@ -84,6 +89,10 @@ func (s *postgresStore) GetUser(ctx context.Context, username string) (*User, er
|
|||
|
||||
dbu, err := s.db.GetUserByUsername(ctx, username)
|
||||
if err != nil {
|
||||
if database.IsNoRows(err) {
|
||||
return nil, ErrNoSuchUser
|
||||
}
|
||||
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue