From bdba88c11f21cef8185e6eebf34be2343d748799 Mon Sep 17 00:00:00 2001
From: Conrad Ludgate <conradludgate@gmail.com>
Date: Tue, 26 Sep 2023 14:44:56 +0100
Subject: better sync error messages (#1254)

---
 atuin-server/src/router.rs | 44 ++++++++++++++++++++++++++++++++------------
 1 file changed, 32 insertions(+), 12 deletions(-)

(limited to 'atuin-server/src/router.rs')

diff --git a/atuin-server/src/router.rs b/atuin-server/src/router.rs
index e5b756b8..7cfcdad1 100644
--- a/atuin-server/src/router.rs
+++ b/atuin-server/src/router.rs
@@ -1,4 +1,5 @@
 use async_trait::async_trait;
+use atuin_common::api::ErrorResponse;
 use axum::{
     extract::FromRequestParts,
     response::IntoResponse,
@@ -11,8 +12,11 @@ use tower::ServiceBuilder;
 use tower_http::trace::TraceLayer;
 
 use super::handlers;
-use crate::settings::Settings;
-use atuin_server_database::{models::User, Database};
+use crate::{
+    handlers::{ErrorResponseStatus, RespExt},
+    settings::Settings,
+};
+use atuin_server_database::{models::User, Database, DbError};
 
 pub struct UserAuth(pub User);
 
@@ -21,7 +25,7 @@ impl<DB: Send + Sync> FromRequestParts<AppState<DB>> for UserAuth
 where
     DB: Database,
 {
-    type Rejection = http::StatusCode;
+    type Rejection = ErrorResponseStatus<'static>;
 
     async fn from_request_parts(
         req: &mut Parts,
@@ -30,23 +34,39 @@ where
         let auth_header = req
             .headers
             .get(http::header::AUTHORIZATION)
-            .ok_or(http::StatusCode::FORBIDDEN)?;
-        let auth_header = auth_header
-            .to_str()
-            .map_err(|_| http::StatusCode::FORBIDDEN)?;
-        let (typ, token) = auth_header
-            .split_once(' ')
-            .ok_or(http::StatusCode::FORBIDDEN)?;
+            .ok_or_else(|| {
+                ErrorResponse::reply("missing authorization header")
+                    .with_status(http::StatusCode::BAD_REQUEST)
+            })?;
+        let auth_header = auth_header.to_str().map_err(|_| {
+            ErrorResponse::reply("invalid authorization header encoding")
+                .with_status(http::StatusCode::BAD_REQUEST)
+        })?;
+        let (typ, token) = auth_header.split_once(' ').ok_or_else(|| {
+            ErrorResponse::reply("invalid authorization header encoding")
+                .with_status(http::StatusCode::BAD_REQUEST)
+        })?;
 
         if typ != "Token" {
-            return Err(http::StatusCode::FORBIDDEN);
+            return Err(
+                ErrorResponse::reply("invalid authorization header encoding")
+                    .with_status(http::StatusCode::BAD_REQUEST),
+            );
         }
 
         let user = state
             .database
             .get_session_user(token)
             .await
-            .map_err(|_| http::StatusCode::FORBIDDEN)?;
+            .map_err(|e| match e {
+                DbError::NotFound => ErrorResponse::reply("session not found")
+                    .with_status(http::StatusCode::FORBIDDEN),
+                DbError::Other(e) => {
+                    tracing::error!(error = ?e, "could not query user session");
+                    ErrorResponse::reply("could not query user session")
+                        .with_status(http::StatusCode::INTERNAL_SERVER_ERROR)
+                }
+            })?;
 
         Ok(UserAuth(user))
     }
-- 
cgit v1.3.1