oxen-io
/
session-open-group-server
mirror of https://github.com/oxen-io/session-open-group-server.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Distinguish between forbidden & unauthorized

This commit is contained in:
Niels Andriesse 2021-03-26 13:49:38 +11:00
parent d5409eefbc
commit 7ee9714846
3 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/errors.rs
View File

@ -7,7 +7,10 @@ pub enum Error {
InvalidOnionRequest,
/// Usually this means the endpoint or HTTP method specified in the RPC call was malformed.
InvalidRpcCall,
/// The requesting user didn't provide an auth token for a route that requires one.
NoAuthToken,
NoSuchRoom,
/// The requesting user provided a valid auth token, but they don't have a high enough permission level.
Unauthorized,
ValidationFailed,
}
@ -19,6 +22,7 @@ pub fn into_response(e: Rejection) -> Result<Response, Rejection> {
match error {
Error::DecryptionFailed | Error::InvalidOnionRequest | Error::InvalidRpcCall
| Error::NoSuchRoom | Error::ValidationFailed => return Ok(StatusCode::BAD_REQUEST.into_response()),
Error::NoAuthToken => return Ok(StatusCode::UNAUTHORIZED.into_response()),
Error::Unauthorized => return Ok(StatusCode::FORBIDDEN.into_response()),
Error::DatabaseFailedInternally => {
return Ok(StatusCode::INTERNAL_SERVER_ERROR.into_response())

2
src/handlers.rs
View File

@ -816,7 +816,7 @@ async fn has_authorization_level(
) -> Result<(bool, String), Rejection> {
// Check that we have a public key associated with the given auth token
let public_key_option = get_public_key_for_auth_token(auth_token, pool).await?;
let public_key = public_key_option.ok_or(warp::reject::custom(Error::Unauthorized))?;
let public_key = public_key_option.ok_or(warp::reject::custom(Error::NoAuthToken))?;
// Check that the given public key isn't banned
if is_banned(&public_key, pool).await? {
return Err(warp::reject::custom(Error::Unauthorized));

6
src/rpc.rs
View File

@ -85,7 +85,7 @@ async fn handle_get_request(
}
}
// Check that the auth token is present
let auth_token = auth_token.ok_or(warp::reject::custom(Error::Unauthorized))?;
let auth_token = auth_token.ok_or(warp::reject::custom(Error::NoAuthToken))?;
// Switch on the path
let pool = get_pool_for_room(&rpc_call)?;
if path.starts_with("files") {
@ -129,7 +129,7 @@ async fn handle_post_request(
pool: &storage::DatabaseConnectionPool,
) -> Result<Response, Rejection> {
// Check that the auth token is present
let auth_token = auth_token.ok_or(warp::reject::custom(Error::Unauthorized))?;
let auth_token = auth_token.ok_or(warp::reject::custom(Error::NoAuthToken))?;
// Switch on the path
match path {
"messages" => {
@ -196,7 +196,7 @@ async fn handle_delete_request(
pool: &storage::DatabaseConnectionPool,
) -> Result<Response, Rejection> {
// Check that the auth token is present
let auth_token = auth_token.ok_or(warp::reject::custom(Error::Unauthorized))?;
let auth_token = auth_token.ok_or(warp::reject::custom(Error::NoAuthToken))?;
// DELETE /messages/:server_id
if path.starts_with("messages") {
let components: Vec<&str> = path.split("/").collect(); // Split on subsequent slashes