feat(api tokens): better error message for invalid tokens

2023-09-01 10:27:56 +02:00 · 2023-09-01 10:27:56 +02:00 · 8f3d18a809
commit 8f3d18a809
parent e295d75e6e
1 changed files with 7 additions and 2 deletions
--- a/pkg/routes/api_tokens.go
+++ b/pkg/routes/api_tokens.go
@ -23,7 +23,6 @@ import (

 	"code.vikunja.io/api/pkg/config"
 	"code.vikunja.io/api/pkg/db"
-	"code.vikunja.io/api/pkg/log"
 	"code.vikunja.io/api/pkg/models"

 	echojwt "github.com/labstack/echo-jwt/v4"
@ -43,7 +42,6 @@ func SetupTokenMiddleware() echo.MiddlewareFunc {
 				if strings.HasPrefix(s, "Bearer "+models.APITokenPrefix) {
 					err := checkAPITokenAndPutItInContext(s, c)
 					if err != nil {
-						log.Errorf("Could not check api token: %v", err)
 						return false
 					}
 					return true
@ -52,6 +50,13 @@ func SetupTokenMiddleware() echo.MiddlewareFunc {

 			return false
 		},
+		ErrorHandler: func(c echo.Context, err error) error {
+			if err != nil {
+				return echo.NewHTTPError(http.StatusUnauthorized, "missing, malformed, expired or otherwise invalid token provided").SetInternal(err)
+			}
+
+			return nil
+		},
 	})
 }