Distinguish between forbidden & unauthorized
This commit is contained in:
parent
d5409eefbc
commit
7ee9714846
|
@ -7,7 +7,10 @@ pub enum Error {
|
|||
InvalidOnionRequest,
|
||||
/// Usually this means the endpoint or HTTP method specified in the RPC call was malformed.
|
||||
InvalidRpcCall,
|
||||
/// The requesting user didn't provide an auth token for a route that requires one.
|
||||
NoAuthToken,
|
||||
NoSuchRoom,
|
||||
/// The requesting user provided a valid auth token, but they don't have a high enough permission level.
|
||||
Unauthorized,
|
||||
ValidationFailed,
|
||||
}
|
||||
|
@ -19,6 +22,7 @@ pub fn into_response(e: Rejection) -> Result<Response, Rejection> {
|
|||
match error {
|
||||
Error::DecryptionFailed | Error::InvalidOnionRequest | Error::InvalidRpcCall
|
||||
| Error::NoSuchRoom | Error::ValidationFailed => return Ok(StatusCode::BAD_REQUEST.into_response()),
|
||||
Error::NoAuthToken => return Ok(StatusCode::UNAUTHORIZED.into_response()),
|
||||
Error::Unauthorized => return Ok(StatusCode::FORBIDDEN.into_response()),
|
||||
Error::DatabaseFailedInternally => {
|
||||
return Ok(StatusCode::INTERNAL_SERVER_ERROR.into_response())
|
||||
|
|
|
@ -816,7 +816,7 @@ async fn has_authorization_level(
|
|||
) -> Result<(bool, String), Rejection> {
|
||||
// Check that we have a public key associated with the given auth token
|
||||
let public_key_option = get_public_key_for_auth_token(auth_token, pool).await?;
|
||||
let public_key = public_key_option.ok_or(warp::reject::custom(Error::Unauthorized))?;
|
||||
let public_key = public_key_option.ok_or(warp::reject::custom(Error::NoAuthToken))?;
|
||||
// Check that the given public key isn't banned
|
||||
if is_banned(&public_key, pool).await? {
|
||||
return Err(warp::reject::custom(Error::Unauthorized));
|
||||
|
|
|
@ -85,7 +85,7 @@ async fn handle_get_request(
|
|||
}
|
||||
}
|
||||
// Check that the auth token is present
|
||||
let auth_token = auth_token.ok_or(warp::reject::custom(Error::Unauthorized))?;
|
||||
let auth_token = auth_token.ok_or(warp::reject::custom(Error::NoAuthToken))?;
|
||||
// Switch on the path
|
||||
let pool = get_pool_for_room(&rpc_call)?;
|
||||
if path.starts_with("files") {
|
||||
|
@ -129,7 +129,7 @@ async fn handle_post_request(
|
|||
pool: &storage::DatabaseConnectionPool,
|
||||
) -> Result<Response, Rejection> {
|
||||
// Check that the auth token is present
|
||||
let auth_token = auth_token.ok_or(warp::reject::custom(Error::Unauthorized))?;
|
||||
let auth_token = auth_token.ok_or(warp::reject::custom(Error::NoAuthToken))?;
|
||||
// Switch on the path
|
||||
match path {
|
||||
"messages" => {
|
||||
|
@ -196,7 +196,7 @@ async fn handle_delete_request(
|
|||
pool: &storage::DatabaseConnectionPool,
|
||||
) -> Result<Response, Rejection> {
|
||||
// Check that the auth token is present
|
||||
let auth_token = auth_token.ok_or(warp::reject::custom(Error::Unauthorized))?;
|
||||
let auth_token = auth_token.ok_or(warp::reject::custom(Error::NoAuthToken))?;
|
||||
// DELETE /messages/:server_id
|
||||
if path.starts_with("messages") {
|
||||
let components: Vec<&str> = path.split("/").collect(); // Split on subsequent slashes
|
||||
|
|
Loading…
Reference in New Issue