From 2674a71f3022eb54add83e4b867ea88beb322a0b Mon Sep 17 00:00:00 2001
From: Daniel Ponte <amigan@gmail.com>
Date: Thu, 13 Feb 2025 20:12:16 -0500
Subject: [PATCH] Check for auth, better errors

---
 pkg/auth/jwt.go      | 1 +
 pkg/server/routes.go | 8 ++++----
 pkg/users/store.go   | 9 +++++++++
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/pkg/auth/jwt.go b/pkg/auth/jwt.go
index a798a63..46a45a7 100644
--- a/pkg/auth/jwt.go
+++ b/pkg/auth/jwt.go
@@ -116,6 +116,7 @@ func (a *Auth) SubjectMiddleware(requireToken bool) func(http.Handler) http.Hand
 
 				sub, err := users.FromCtx(ctx).GetUser(ctx, username)
 				if err != nil {
+					log.Error().Str("username", username).Err(err).Msg("subject middleware get subject")
 					http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 					return
 				}
diff --git a/pkg/server/routes.go b/pkg/server/routes.go
index e0fbfff..fcc8c15 100644
--- a/pkg/server/routes.go
+++ b/pkg/server/routes.go
@@ -32,7 +32,7 @@ func (s *Server) setupRoutes() {
 	r.Use(s.auth.VerifyMiddleware())
 
 	r.Group(func(r chi.Router) {
-		r.Use(s.auth.SubjectMiddleware(true))
+		r.Use(s.auth.AuthorizedSubjectMiddleware())
 		// authenticated routes
 		s.nex.PrivateRoutes(r)
 		s.auth.PrivateRoutes(r)
@@ -42,7 +42,7 @@ func (s *Server) setupRoutes() {
 
 	r.Group(func(r chi.Router) {
 		s.rateLimit(r)
-		r.Use(s.auth.SubjectMiddleware(false))
+		r.Use(s.auth.PublicSubjectMiddleware())
 		r.Use(render.SetContentType(render.ContentTypeJSON))
 		// public routes
 		s.sources.PublicRoutes(r)
@@ -51,7 +51,7 @@ func (s *Server) setupRoutes() {
 	r.Group(func(r chi.Router) {
 		// auth/share routes get rate-limited heavily, but not using middleware
 		s.rateLimit(r)
-		r.Use(s.auth.SubjectMiddleware(false))
+		r.Use(s.auth.PublicSubjectMiddleware())
 		r.Use(render.SetContentType(render.ContentTypeJSON))
 		s.auth.PublicRoutes(r)
 		r.Mount("/share", s.rest.ShareRouter())
@@ -60,7 +60,7 @@ func (s *Server) setupRoutes() {
 	r.Group(func(r chi.Router) {
 		s.rateLimit(r)
 		// optional auth routes
-		r.Use(s.auth.SubjectMiddleware(false))
+		r.Use(s.auth.PublicSubjectMiddleware())
 
 		s.clientRoute(r, clientRoot)
 	})
diff --git a/pkg/users/store.go b/pkg/users/store.go
index 0129181..5722ab2 100644
--- a/pkg/users/store.go
+++ b/pkg/users/store.go
@@ -2,11 +2,16 @@ package users
 
 import (
 	"context"
+	"errors"
 
 	"dynatron.me/x/stillbox/internal/cache"
 	"dynatron.me/x/stillbox/pkg/database"
 )
 
+var (
+	ErrNoSuchUser = errors.New("no such user")
+)
+
 type Store interface {
 	// GetUser gets a user by UID.
 	GetUser(ctx context.Context, username string) (*User, error)
@@ -84,6 +89,10 @@ func (s *postgresStore) GetUser(ctx context.Context, username string) (*User, er
 
 	dbu, err := s.db.GetUserByUsername(ctx, username)
 	if err != nil {
+		if database.IsNoRows(err) {
+			return nil, ErrNoSuchUser
+		}
+
 		return nil, err
 	}