Skip to content

Auth error handling with status codes #841

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Sep 14, 2025
Merged

Auth error handling with status codes #841

Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
dfbf006
Refactor authentication error handling to use serror::Result and stat…
MP-Tool Sep 11, 2025
b7b9580
Refactor error messages
MP-Tool Sep 12, 2025
6dd9048
Refactor authentication error handling to include status codes and im…
MP-Tool Sep 14, 2025
81ca3ee
clean up
MP-Tool Sep 14, 2025
100acb8
clean
MP-Tool Sep 14, 2025
2295660
fmt
MP-Tool Sep 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 17 additions & 11 deletions bin/core/src/auth/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ use database::mungos::mongodb::bson::doc;
use komodo_client::entities::{komodo_timestamp, user::User};
use reqwest::StatusCode;
use serde::Deserialize;
use serror::AddStatusCode;
use serror::AddStatusCodeError;

use crate::{
helpers::query::get_user,
Expand Down Expand Up @@ -37,17 +37,15 @@ pub async fn auth_request(
mut req: Request,
next: Next,
) -> serror::Result<Response> {
let user = authenticate_check_enabled(&headers)
.await
.status_code(StatusCode::UNAUTHORIZED)?;
let user = authenticate_check_enabled(&headers).await?;
req.extensions_mut().insert(user);
Ok(next.run(req).await)
}

#[instrument(level = "debug")]
pub async fn get_user_id_from_headers(
headers: &HeaderMap,
) -> anyhow::Result<String> {
) -> serror::Result<String> {
match (
headers.get("authorization"),
headers.get("x-api-key"),
Expand All @@ -59,6 +57,7 @@ pub async fn get_user_id_from_headers(
auth_jwt_get_user_id(jwt)
.await
.context("failed to authenticate jwt")
.map_err(|e| e.status_code(StatusCode::UNAUTHORIZED))
Copy link
Member

@mbecker20 mbecker20 Sep 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can .status_code() directly after .context()

Copy link
Contributor Author

@MP-Tool MP-Tool Sep 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, I didn't think so, sure

}
(None, Some(key), Some(secret)) => {
// USE API KEY / SECRET
Expand All @@ -67,26 +66,33 @@ pub async fn get_user_id_from_headers(
auth_api_key_get_user_id(key, secret)
.await
.context("failed to authenticate api key")
.map_err(|e| e.status_code(StatusCode::UNAUTHORIZED))
Copy link
Member

@mbecker20 mbecker20 Sep 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here

}
_ => {
// AUTH FAIL
Err(anyhow!(
"must attach either AUTHORIZATION header with jwt OR pass X-API-KEY and X-API-SECRET"
))
Err(
anyhow!("must attach either AUTHORIZATION header with jwt OR pass X-API-KEY and X-API-SECRET")
.status_code(StatusCode::BAD_REQUEST)
)
}
}
}

#[instrument(level = "debug")]
pub async fn authenticate_check_enabled(
headers: &HeaderMap,
) -> anyhow::Result<User> {
) -> serror::Result<User> {
let user_id = get_user_id_from_headers(headers).await?;
let user = get_user(&user_id).await?;
let user = get_user(&user_id).await.map_err(serror::Error::from)?;
if user.enabled {
Ok(user)
} else {
Err(anyhow!("user not enabled"))
Err(
serror::Error::from(
anyhow!("user not enabled")
.status_code(StatusCode::FORBIDDEN)
)
Copy link
Member

@mbecker20 mbecker20 Sep 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This one is not consistent with the rest

Copy link
Contributor Author

@MP-Tool MP-Tool Sep 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll adjust the others too so that it's consistent. I just left them as they were at first because the adjustment caused errors in the websocket file.

)
}
}

Expand Down