sparrowtek.com / atproto-auth-proxy
Stateless auth proxy that converts AT Protocol native apps from public to confidential OAuth clients. Deploy once, get 180-day refresh tokens instead of 24-hour ones.
fork atom
atproto-auth-proxy / errors.go
at main 52 lines 1.2 kB view raw
radmakr.com Harden auth proxy with issuer metadata validation, safe key rotation, and SSRF-safe outbound requests
09135150
1package main 2 3import ( 4 "encoding/json" 5 "net/http" 6) 7 8const authProxyKeyIDHeader = "Auth-Proxy-Key-ID" 9 10type apiError struct { 11 Status int 12 Code string 13 Description string 14} 15 16func (e *apiError) Error() string { 17 return e.Description 18} 19 20func invalidRequestError(description string) *apiError { 21 return &apiError{ 22 Status: http.StatusBadRequest, 23 Code: "invalid_request", 24 Description: description, 25 } 26} 27 28func upstreamRequestError(description string) *apiError { 29 return &apiError{ 30 Status: http.StatusBadGateway, 31 Code: "server_error", 32 Description: description, 33 } 34} 35 36func writeAPIError(w http.ResponseWriter, err error) { 37 if apiErr, ok := err.(*apiError); ok { 38 writeJSONError(w, apiErr.Status, apiErr.Code, apiErr.Description) 39 return 40 } 41 42 writeJSONError(w, http.StatusInternalServerError, "server_error", "internal server error") 43} 44 45func writeJSONError(w http.ResponseWriter, status int, code string, description string) { 46 w.Header().Set("Content-Type", "application/json") 47 w.WriteHeader(status) 48 _ = json.NewEncoder(w).Encode(map[string]string{ 49 "error": code, 50 "error_description": description, 51 }) 52}