From 88824c7483a51e4272209082c16bb772496a79f5 Mon Sep 17 00:00:00 2001 From: "takahiro.tominaga" Date: Sat, 26 Nov 2022 23:10:27 +0900 Subject: [PATCH] fix: status code related to api key (#37) --- api/blogs.go | 11 ++++++++--- api/formations.go | 13 ++++++++----- api/members.go | 12 ++++++++---- api/positions.go | 13 +++++++++---- api/songs.go | 13 ++++++++----- api/validations.go | 10 +++++++--- 6 files changed, 48 insertions(+), 24 deletions(-) diff --git a/api/blogs.go b/api/blogs.go index bc7c18d..d7654b3 100644 --- a/api/blogs.go +++ b/api/blogs.go @@ -17,9 +17,14 @@ func (server *Server) getAllBlogs(w http.ResponseWriter, r *http.Request) { key := r.FormValue("key") - if !server.isApiKeyValid(key) { - w.WriteHeader(http.StatusForbidden) - fmt.Fprint(w, ErrorJson("No valid api key")) + if err := server.isApiKeyValid(key); err != nil { + if err == sql.ErrNoRows { + w.WriteHeader(http.StatusUnauthorized) + fmt.Fprint(w, ErrorJson("No valid api key")) + return + } + w.WriteHeader(http.StatusInternalServerError) + fmt.Fprint(w, ErrorJson("Error while reading api key from DB")) return } diff --git a/api/formations.go b/api/formations.go index 8d55e27..1add363 100644 --- a/api/formations.go +++ b/api/formations.go @@ -15,11 +15,14 @@ func (server *Server) getAllFormations(w http.ResponseWriter, r *http.Request) { key := r.FormValue("key") - if !server.isApiKeyValid(key) { - fmt.Printf("getAllFormations: access with invalid api key") - // return error message - w.WriteHeader(http.StatusForbidden) - fmt.Fprint(w, ErrorJson("No valid api key")) + if err := server.isApiKeyValid(key); err != nil { + if err == sql.ErrNoRows { + w.WriteHeader(http.StatusUnauthorized) + fmt.Fprint(w, ErrorJson("No valid api key")) + return + } + w.WriteHeader(http.StatusInternalServerError) + fmt.Fprint(w, ErrorJson("Error while reading api key from DB")) return } diff --git a/api/members.go b/api/members.go index 5b5d27a..11c6d84 100644 --- a/api/members.go +++ b/api/members.go @@ -25,10 +25,14 @@ func (server *Server) getAllMembers(w http.ResponseWriter, r *http.Request) { key := r.FormValue("key") - if !server.isApiKeyValid(key) { - // return error message - w.WriteHeader(http.StatusUnauthorized) - fmt.Fprint(w, ErrorJson("No valid api key")) + if err := server.isApiKeyValid(key); err != nil { + if err == sql.ErrNoRows { + w.WriteHeader(http.StatusUnauthorized) + fmt.Fprint(w, ErrorJson("No valid api key")) + return + } + w.WriteHeader(http.StatusInternalServerError) + fmt.Fprint(w, ErrorJson("Error while reading api key from DB")) return } diff --git a/api/positions.go b/api/positions.go index 6f7cb8d..e96843f 100644 --- a/api/positions.go +++ b/api/positions.go @@ -1,6 +1,7 @@ package api import ( + "database/sql" "encoding/json" "fmt" "net/http" @@ -15,10 +16,14 @@ func (server *Server) getPositions(w http.ResponseWriter, r *http.Request) { key := r.FormValue("key") - if !server.isApiKeyValid(key) { - // return error message - w.WriteHeader(http.StatusForbidden) - fmt.Fprint(w, ErrorJson("No valid api key")) + if err := server.isApiKeyValid(key); err != nil { + if err == sql.ErrNoRows { + w.WriteHeader(http.StatusUnauthorized) + fmt.Fprint(w, ErrorJson("No valid api key")) + return + } + w.WriteHeader(http.StatusInternalServerError) + fmt.Fprint(w, ErrorJson("Error while reading api key from DB")) return } diff --git a/api/songs.go b/api/songs.go index d14af8e..48c65c5 100644 --- a/api/songs.go +++ b/api/songs.go @@ -14,11 +14,14 @@ func (server *Server) getAllSongs(w http.ResponseWriter, r *http.Request) { key := r.FormValue("key") - if !server.isApiKeyValid(key) { - fmt.Printf("getAllSongs: access with invalid api key") - // return error message - w.WriteHeader(http.StatusForbidden) - fmt.Fprint(w, ErrorJson("No valid api key")) + if err := server.isApiKeyValid(key); err != nil { + if err == sql.ErrNoRows { + w.WriteHeader(http.StatusUnauthorized) + fmt.Fprint(w, ErrorJson("No valid api key")) + return + } + w.WriteHeader(http.StatusInternalServerError) + fmt.Fprint(w, ErrorJson("Error while reading api key from DB")) return } diff --git a/api/validations.go b/api/validations.go index cd36431..a9c9280 100644 --- a/api/validations.go +++ b/api/validations.go @@ -1,9 +1,13 @@ package api -func (server *Server) isApiKeyValid(key string) bool { +import ( + "errors" +) + +func (server *Server) isApiKeyValid(key string) error { if key == "" { - return false + return errors.New("API key is empty") } _, err := server.querier.FindApiKeyByName(key) - return err == nil + return err }