diff --git a/pkg/permissions/errors.go b/pkg/permissions/errors.go index 0e974c6b..06a08d11 100644 --- a/pkg/permissions/errors.go +++ b/pkg/permissions/errors.go @@ -1,20 +1,34 @@ package permissions -import "errors" +import ( + "errors" + "fmt" + + "github.com/labstack/echo/v4" +) var ( + // Error is the root error for all permissions related errors. + Error = errors.New("permissions error") + + // AuthError is the root error all auth related errors stem from. + AuthError = fmt.Errorf("%w: auth", Error) //nolint:revive,stylecheck // not returned directly, but used as a root error. + // ErrNoAuthToken is the error returned when there is no auth token provided for the API request - ErrNoAuthToken = errors.New("no auth token provided for client") + ErrNoAuthToken = echo.ErrBadRequest.WithInternal(fmt.Errorf("%w: no auth token provided for client", AuthError)) // ErrInvalidAuthToken is the error returned when the auth token is not the expected value - ErrInvalidAuthToken = errors.New("invalid auth token") + ErrInvalidAuthToken = echo.ErrBadRequest.WithInternal(fmt.Errorf("%w: invalid auth token", AuthError)) // ErrPermissionDenied is the error returned when permission is denied to a call - ErrPermissionDenied = errors.New("subject doesn't have access") + ErrPermissionDenied = echo.ErrUnauthorized.WithInternal(fmt.Errorf("%w: subject doesn't have access", AuthError)) // ErrBadResponse is the error returned when we receive a bad response from the server - ErrBadResponse = errors.New("bad response from server") + ErrBadResponse = fmt.Errorf("%w: bad response from server", Error) // ErrCheckerNotFound is the error returned when CheckAccess does not find the appropriate checker context - ErrCheckerNotFound = errors.New("no checker found in context") + ErrCheckerNotFound = fmt.Errorf("%w: no checker found in context", Error) + + // ErrPermissionsMiddlewareMissing is returned when a permissions method has been called but the middleware is missing. + ErrPermissionsMiddlewareMissing = fmt.Errorf("%w: permissions middleware missing", Error) ) diff --git a/pkg/permissions/permissions.go b/pkg/permissions/permissions.go index b4b815db..3b6a5a16 100644 --- a/pkg/permissions/permissions.go +++ b/pkg/permissions/permissions.go @@ -39,9 +39,6 @@ var ( } tracer = otel.GetTracerProvider().Tracer("go.infratographer.com/permissions-api/pkg/permissions") - - // ErrPermissionsMiddlewareMissing is returned when a permissions method has been called but the middleware is missing. - ErrPermissionsMiddlewareMissing = errors.New("permissions middleware missing") ) // Permissions handles supporting authorization checks @@ -71,17 +68,17 @@ func (p *Permissions) Middleware() echo.MiddlewareFunc { actor := echojwtx.Actor(c) if actor == "" { - return echo.ErrUnauthorized.WithInternal(ErrNoAuthToken) + return ErrNoAuthToken } authHeader := strings.TrimSpace(c.Request().Header.Get(echo.HeaderAuthorization)) if len(authHeader) <= len(bearerPrefix) { - return echo.ErrUnauthorized.WithInternal(ErrInvalidAuthToken) + return ErrInvalidAuthToken } if !strings.EqualFold(authHeader[:len(bearerPrefix)], bearerPrefix) { - return echo.ErrUnauthorized.WithInternal(ErrInvalidAuthToken) + return ErrInvalidAuthToken } token := authHeader[len(bearerPrefix):]