From ac902d0864f0bc0d413632ecceb28772be481c42 Mon Sep 17 00:00:00 2001
From: Lajos Koszti <ajnasz@ajnasz.hu>
Date: Mon, 15 Apr 2024 08:25:30 +0200
Subject: [PATCH] fix: handle expired secrets just like non existing secrets

To avoid leaking information the user should not know why she can't read
a secret because it's expired or has no more remaining reads, so return
404.
---
 internal/views/entryread.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/views/entryread.go b/internal/views/entryread.go
index 066500d..b47420c 100644
--- a/internal/views/entryread.go
+++ b/internal/views/entryread.go
@@ -51,7 +51,7 @@ func (e EntryReadView) Render(w http.ResponseWriter, r *http.Request, response E
 
 func (e EntryReadView) RenderError(w http.ResponseWriter, r *http.Request, err error) {
 	if errors.Is(err, services.ErrEntryExpired) {
-		http.Error(w, "Gone", http.StatusGone)
+		http.Error(w, "Gone", http.StatusNotFound)
 		return
 	}
 
@@ -61,7 +61,7 @@ func (e EntryReadView) RenderError(w http.ResponseWriter, r *http.Request, err e
 	}
 
 	if errors.Is(err, services.ErrEntryNoRemainingReads) {
-		http.Error(w, "Gone", http.StatusGone)
+		http.Error(w, "Gone", http.StatusNotFound)
 		return
 	}