Commit 2f146082 authored by ale's avatar ale
Browse files

Properly serve error 403 instead of 401

parent 02a427d8
...@@ -201,7 +201,7 @@ func errToStatus(err error) int { ...@@ -201,7 +201,7 @@ func errToStatus(err error) int {
case err == as.ErrUserNotFound, err == as.ErrResourceNotFound: case err == as.ErrUserNotFound, err == as.ErrResourceNotFound:
return http.StatusNotFound return http.StatusNotFound
case as.IsAuthError(err): case as.IsAuthError(err):
return http.StatusUnauthorized return http.StatusForbidden
case as.IsRequestError(err): case as.IsRequestError(err):
return http.StatusBadRequest return http.StatusBadRequest
default: default:
......
...@@ -115,8 +115,9 @@ func Serve(h http.Handler, config *ServerConfig, addr string) error { ...@@ -115,8 +115,9 @@ func Serve(h http.Handler, config *ServerConfig, addr string) error {
signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM) signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM)
// Notify systemd that we are ready to serve. // Notify systemd that we are ready to serve. This call is
daemon.SdNotify(false, "READY=1") // allowed to fail (in case there is no systemd).
daemon.SdNotify(false, "READY=1") // nolint
err = srv.Serve(l) err = srv.Serve(l)
if err != http.ErrServerClosed { if err != http.ErrServerClosed {
...@@ -132,7 +133,7 @@ func defaultHandler(h http.Handler) http.Handler { ...@@ -132,7 +133,7 @@ func defaultHandler(h http.Handler) http.Handler {
// Add an endpoint for HTTP health checking probes. // Add an endpoint for HTTP health checking probes.
root.Handle("/health", http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { root.Handle("/health", http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
io.WriteString(w, "OK") io.WriteString(w, "OK") // nolint
})) }))
// Add an endpoint to serve Prometheus metrics. // Add an endpoint to serve Prometheus metrics.
......
...@@ -2,6 +2,8 @@ package serverutil ...@@ -2,6 +2,8 @@ package serverutil
import ( import (
"crypto/tls" "crypto/tls"
"fmt"
"log"
"net/http" "net/http"
"regexp" "regexp"
...@@ -119,6 +121,13 @@ func (c *TLSServerConfig) TLSAuthWrapper(h http.Handler) (http.Handler, error) { ...@@ -119,6 +121,13 @@ func (c *TLSServerConfig) TLSAuthWrapper(h http.Handler) (http.Handler, error) {
h.ServeHTTP(w, r) h.ServeHTTP(w, r)
return return
} }
http.Error(w, "Unauthorized", http.StatusUnauthorized)
// Log the failed access, useful for debugging.
var tlsmsg string
if r.TLS != nil && len(r.TLS.PeerCertificates) > 0 {
tlsmsg = fmt.Sprintf(" TLS client '%s' at", r.TLS.PeerCertificates[0].Subject.CommonName)
}
log.Printf("unauthorized access to %s from %s%s", r.URL.Path, tlsmsg, r.RemoteAddr)
http.Error(w, "Forbidden", http.StatusForbidden)
}), nil }), nil
} }
...@@ -5,32 +5,32 @@ ...@@ -5,32 +5,32 @@
{ {
"checksumSHA1": "pLvPnUablirQucyALgrso9hLG4E=", "checksumSHA1": "pLvPnUablirQucyALgrso9hLG4E=",
"path": "git.autistici.org/ai3/go-common", "path": "git.autistici.org/ai3/go-common",
"revision": "b5271f0caf05207e352c14bcf69e5c172e9e37cc", "revision": "6916834dec86e761a3091c9628cbff9b6c389867",
"revisionTime": "2018-10-29T06:42:37Z" "revisionTime": "2018-10-29T11:03:54Z"
}, },
{ {
"checksumSHA1": "kQbBWZqrXc95wodlrOKEshQVaBo=", "checksumSHA1": "kQbBWZqrXc95wodlrOKEshQVaBo=",
"path": "git.autistici.org/ai3/go-common/ldap", "path": "git.autistici.org/ai3/go-common/ldap",
"revision": "b5271f0caf05207e352c14bcf69e5c172e9e37cc", "revision": "6916834dec86e761a3091c9628cbff9b6c389867",
"revisionTime": "2018-10-29T06:42:37Z" "revisionTime": "2018-10-29T11:03:54Z"
}, },
{ {
"checksumSHA1": "mfFIqmwojDqQdJvjLI3y7YCQ+2c=", "checksumSHA1": "mfFIqmwojDqQdJvjLI3y7YCQ+2c=",
"path": "git.autistici.org/ai3/go-common/pwhash", "path": "git.autistici.org/ai3/go-common/pwhash",
"revision": "b5271f0caf05207e352c14bcf69e5c172e9e37cc", "revision": "6916834dec86e761a3091c9628cbff9b6c389867",
"revisionTime": "2018-10-29T06:42:37Z" "revisionTime": "2018-10-29T11:03:54Z"
}, },
{ {
"checksumSHA1": "7VBLbwaK1m/jwsk8sLsh4iD9T/s=", "checksumSHA1": "RyFydcBJvLBevfsriijLqHtZ0hs=",
"path": "git.autistici.org/ai3/go-common/serverutil", "path": "git.autistici.org/ai3/go-common/serverutil",
"revision": "b5271f0caf05207e352c14bcf69e5c172e9e37cc", "revision": "6916834dec86e761a3091c9628cbff9b6c389867",
"revisionTime": "2018-10-29T06:42:37Z" "revisionTime": "2018-10-29T11:03:54Z"
}, },
{ {
"checksumSHA1": "witSYnNsDhNaoA85UYilt17H+ng=", "checksumSHA1": "witSYnNsDhNaoA85UYilt17H+ng=",
"path": "git.autistici.org/ai3/go-common/userenckey", "path": "git.autistici.org/ai3/go-common/userenckey",
"revision": "b5271f0caf05207e352c14bcf69e5c172e9e37cc", "revision": "6916834dec86e761a3091c9628cbff9b6c389867",
"revisionTime": "2018-10-29T06:42:37Z" "revisionTime": "2018-10-29T11:03:54Z"
}, },
{ {
"checksumSHA1": "SFxqNnYqTQDH4goNZ7v8KevTNzg=", "checksumSHA1": "SFxqNnYqTQDH4goNZ7v8KevTNzg=",
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment