From 4c741a59906ac6800dd03fd9e3ee4de92e76dfbc Mon Sep 17 00:00:00 2001
From: Stavros <steveiliop56@gmail.com>
Date: Fri, 15 May 2026 18:12:15 +0300
Subject: [PATCH] fix: use 401 errors instead of 403 for nginx responses

---
 internal/controller/proxy_controller.go      | 12 ++++++------
 internal/controller/proxy_controller_test.go |  2 +-
 internal/controller/resources_controller.go  |  2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/internal/controller/proxy_controller.go b/internal/controller/proxy_controller.go
index 40969b83..26975fab 100644
--- a/internal/controller/proxy_controller.go
+++ b/internal/controller/proxy_controller.go
@@ -190,9 +190,9 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 
 			if !controller.useBrowserResponse(proxyCtx) {
 				c.Header("x-tinyauth-location", redirectURL)
-				c.JSON(403, gin.H{
-					"status":  403,
-					"message": "Forbidden",
+				c.JSON(401, gin.H{
+					"status":  401,
+					"message": "Unauthorized",
 				})
 				return
 			}
@@ -234,9 +234,9 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
 
 				if !controller.useBrowserResponse(proxyCtx) {
 					c.Header("x-tinyauth-location", redirectURL)
-					c.JSON(403, gin.H{
-						"status":  403,
-						"message": "Forbidden",
+					c.JSON(401, gin.H{
+						"status":  401,
+						"message": "Unauthorized",
 					})
 					return
 				}
diff --git a/internal/controller/proxy_controller_test.go b/internal/controller/proxy_controller_test.go
index 12c3c9f1..cdcc3ac1 100644
--- a/internal/controller/proxy_controller_test.go
+++ b/internal/controller/proxy_controller_test.go
@@ -371,7 +371,7 @@ func TestProxyController(t *testing.T) {
 				req.Header.Set("x-forwarded-proto", "https")
 				req.Header.Set("x-forwarded-uri", "/")
 				router.ServeHTTP(recorder, req)
-				assert.Equal(t, 403, recorder.Code)
+				assert.Equal(t, 401, recorder.Code)
 				assert.Equal(t, "", recorder.Header().Get("remote-user"))
 				assert.Equal(t, "", recorder.Header().Get("remote-name"))
 				assert.Equal(t, "", recorder.Header().Get("remote-email"))
diff --git a/internal/controller/resources_controller.go b/internal/controller/resources_controller.go
index 54af733d..1849810d 100644
--- a/internal/controller/resources_controller.go
+++ b/internal/controller/resources_controller.go
@@ -32,7 +32,7 @@ func (controller *ResourcesController) resourcesHandler(c *gin.Context) {
 	if controller.config.Resources.Path == "" {
 		c.JSON(404, gin.H{
 			"status":  404,
-			"message": "Resources not found",
+			"message": "Resource not found",
 		})
 		return
 	}