oppi.li / indigo
fork of indigo with slightly nicer lexgen
fork atom

use atproto JSON error responses

bnewbold.net 9cd13558 f3a0794d

options
unified split
Changed files
+26 -8
atproto
auth
http.go
+26 -8
atproto/auth/http.go
··· 3 import ( 4 "context" 5 "crypto/subtle" 6 "net/http" 7 "strings" 8 ··· 26 } 27 } 28 w.Header().Set("WWW-Authenticate", `Basic realm="admin", charset="UTF-8"`) 29 - // TODO: XRPC error body? 30 - http.Error(w, "Unauthorized", http.StatusUnauthorized) 31 } 32 } 33 ··· 40 if hdr := r.Header.Get("Authorization"); hdr != "" { 41 parts := strings.Split(hdr, " ") 42 if parts[0] != "Bearer" || len(parts) != 2 { 43 - // TODO: XRPC error body? 44 w.Header().Set("WWW-Authenticate", "Bearer") 45 - http.Error(w, "Unauthorized", http.StatusUnauthorized) 46 return 47 } 48 ··· 59 did, err := v.Validate(r.Context(), parts[1], lxm) 60 if err != nil { 61 w.Header().Set("WWW-Authenticate", "Bearer") 62 - http.Error(w, "Unauthorized", http.StatusUnauthorized) 63 - // TODO: XRPC error body? 64 return 65 } 66 ctx := context.WithValue(r.Context(), "did", did) ··· 69 } 70 71 if mandatory { 72 - // TODO: XRPC error body? 73 w.Header().Set("WWW-Authenticate", "Bearer") 74 - http.Error(w, "Unauthorized", http.StatusUnauthorized) 75 return 76 } 77 handler(w, r)
··· 3 import ( 4 "context" 5 "crypto/subtle" 6 + "encoding/json" 7 + "fmt" 8 "net/http" 9 "strings" 10 ··· 28 } 29 } 30 w.Header().Set("WWW-Authenticate", `Basic realm="admin", charset="UTF-8"`) 31 + w.Header().Set("Content-Type", "application/json") 32 + w.WriteHeader(http.StatusUnauthorized) 33 + json.NewEncoder(w).Encode(map[string]string{ 34 + "error": "Unauthorized", 35 + "message": "atproto admin auth required, but missing or incorrect password", 36 + }) 37 } 38 } 39 ··· 46 if hdr := r.Header.Get("Authorization"); hdr != "" { 47 parts := strings.Split(hdr, " ") 48 if parts[0] != "Bearer" || len(parts) != 2 { 49 w.Header().Set("WWW-Authenticate", "Bearer") 50 + w.Header().Set("Content-Type", "application/json") 51 + w.WriteHeader(http.StatusUnauthorized) 52 + json.NewEncoder(w).Encode(map[string]string{ 53 + "error": "Unauthorized", 54 + "message": "atproto service auth required, but missing or incorrect formatting", 55 + }) 56 return 57 } 58 ··· 69 did, err := v.Validate(r.Context(), parts[1], lxm) 70 if err != nil { 71 w.Header().Set("WWW-Authenticate", "Bearer") 72 + w.Header().Set("Content-Type", "application/json") 73 + w.WriteHeader(http.StatusUnauthorized) 74 + json.NewEncoder(w).Encode(map[string]string{ 75 + "error": "Unauthorized", 76 + "message": fmt.Sprintf("invalid service auth: %s", err), 77 + }) 78 return 79 } 80 ctx := context.WithValue(r.Context(), "did", did) ··· 83 } 84 85 if mandatory { 86 w.Header().Set("WWW-Authenticate", "Bearer") 87 + w.Header().Set("Content-Type", "application/json") 88 + w.WriteHeader(http.StatusUnauthorized) 89 + json.NewEncoder(w).Encode(map[string]string{ 90 + "error": "Unauthorized", 91 + "message": "atproto service auth required", 92 + }) 93 return 94 } 95 handler(w, r)