fix: return json errors when authorization header is present

2025-10-28 12:45:47 +00:00 · 2025-02-07 20:03:24 +02:00
parent 4e8a2443a6
commit d2ee382f92
2 changed files with 34 additions and 3 deletions
--- a/internal/api/api.go
+++ b/internal/api/api.go
@@ -127,6 +127,14 @@ func (api *API) SetupRoutes() {
 					})
 					return
 				default:
+					if c.GetHeader("Authorization") != "" {
+						log.Error().Err(appAllowedErr).Msg("Failed to check if resource is allowed")
+						c.JSON(501, gin.H{
+							"status":  501,
+							"message": "Internal Server Error",
+						})
+						return
+					}
 					if api.handleError(c, "Failed to check if resource is allowed", appAllowedErr) {
 						return
 					}
@@ -153,6 +161,14 @@ func (api *API) SetupRoutes() {
 						})
 						return
 					default:
+						if c.GetHeader("Authorization") != "" {
+							log.Error().Err(appAllowedErr).Msg("Failed to build query")
+							c.JSON(501, gin.H{
+								"status":  501,
+								"message": "Internal Server Error",
+							})
+							return
+						}
 						if api.handleError(c, "Failed to build query", queryErr) {
 							return
 						}
@@ -167,6 +183,13 @@ func (api *API) SetupRoutes() {
 					})
 					return
 				default:
+					if c.GetHeader("Authorization") != "" {
+						c.JSON(401, gin.H{
+							"status":  401,
+							"message": "Unauthorized",
+						})
+						return
+					}
 					c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", api.Config.AppURL, queries.Encode()))
 					return
 				}
@@ -187,6 +210,14 @@ func (api *API) SetupRoutes() {
 			})
 			return
 		default:
+			if c.GetHeader("Authorization") != "" {
+				c.JSON(401, gin.H{
+					"status":  401,
+					"message": "Unauthorized",
+				})
+				return
+			}
+
 			queries, queryErr := query.Values(types.LoginQuery{
 				RedirectURI: fmt.Sprintf("%s://%s%s", proto, host, uri),
 			})
--- a/internal/hooks/hooks.go
+++ b/internal/hooks/hooks.go
@@ -23,7 +23,7 @@ type Hooks struct {

 func (hooks *Hooks) UseUserContext(c *gin.Context) types.UserContext {
 	cookie := hooks.Auth.GetSessionCookie(c)
-	basic := hooks.Auth.GetBasicAuth(c) // TODO: return json instead of redirect when basic auth
+	basic := hooks.Auth.GetBasicAuth(c)

 	if basic.Username != "" {
 		log.Debug().Msg("Got basic auth")
@@ -33,7 +33,7 @@ func (hooks *Hooks) UseUserContext(c *gin.Context) types.UserContext {
 				Username:   basic.Username,
 				IsLoggedIn: true,
 				OAuth:      false,
-				Provider:   "",
+				Provider:   "basic",
 			}
 		}

@@ -47,7 +47,7 @@ func (hooks *Hooks) UseUserContext(c *gin.Context) types.UserContext {
 				Username:   cookie.Username,
 				IsLoggedIn: true,
 				OAuth:      false,
-				Provider:   "",
+				Provider:   "username",
 			}
 		}
 	}