diff options
| author | Pierre de Lacroix <pierre@pdelacroix.com> | 2020-06-05 05:33:44 +0200 |
|---|---|---|
| committer | Pierre de Lacroix <pierre@pdelacroix.com> | 2020-06-05 05:33:44 +0200 |
| commit | 8fe389b1e40f295b6a2ca9c3eb5735c0e34338f9 (patch) | |
| tree | 0f19135fbf1fb9c13b96cb3a2dac6a2f218df69f | |
| parent | add state_key in event (diff) | |
fix error responses
| -rw-r--r-- | lib/matrix_app_service/auth_plug.ex | 20 | ||||
| -rw-r--r-- | lib/matrix_app_service_web/views/error_view.ex | 12 |
2 files changed, 21 insertions, 11 deletions
diff --git a/lib/matrix_app_service/auth_plug.ex b/lib/matrix_app_service/auth_plug.ex index 0768caa..529cefd 100644 --- a/lib/matrix_app_service/auth_plug.ex +++ b/lib/matrix_app_service/auth_plug.ex @@ -9,18 +9,26 @@ defmodule MatrixAppService.AuthPlug do end @impl Plug - def call(%Plug.Conn{params: %{"access_token" => hs_token}} = conn, config_hs_token) - when hs_token == config_hs_token do - conn + def call(%Plug.Conn{params: %{"access_token" => hs_token}} = conn, config_hs_token) do + with ^config_hs_token <- hs_token do + conn + else + _ -> + Logger.warn("Received invalid homeserver token") + respond_error(conn, 403) + end end def call(conn, _config_hs_token) do - Logger.warn("Received invalid homeserver token") + Logger.warn("No homeserver token provided") + respond_error(conn, 401) + end + defp respond_error(conn, error_code) do conn - |> put_status(:unauthorized) + |> put_status(error_code) |> Phoenix.Controller.put_view(MatrixAppServiceWeb.ErrorView) - |> Phoenix.Controller.render("401.json") + |> Phoenix.Controller.render("#{error_code}.json") |> halt end end diff --git a/lib/matrix_app_service_web/views/error_view.ex b/lib/matrix_app_service_web/views/error_view.ex index 2358355..ab705e1 100644 --- a/lib/matrix_app_service_web/views/error_view.ex +++ b/lib/matrix_app_service_web/views/error_view.ex @@ -1,11 +1,13 @@ defmodule MatrixAppServiceWeb.ErrorView do use MatrixAppServiceWeb, :view - # If you want to customize a particular status code - # for a certain format, you may uncomment below. - # def render("500.json", _assigns) do - # %{errors: %{detail: "Internal Server Error"}} - # end + def render("401.json", _assigns) do + %{errcode: "EX.MAP.UNAUTHORIZED"} + end + + def render("403.json", _assigns) do + %{errcode: "EX.MAP.FORBIDDEN"} + end # By default, Phoenix returns the status message from # the template name. For example, "404.json" becomes |