Skip to content
This repository was archived by the owner on Jan 2, 2025. It is now read-only.

Commit 506aa4d

Browse files
calyptobaicalyptobai
authored
Use better log messages for authorization errors (#359)
1 parent bfa1ace commit 506aa4d

File tree

1 file changed

+23
-12
lines changed
  • server/bleep/src/webserver

1 file changed

+23
-12
lines changed

server/bleep/src/webserver/aaa.rs

Lines changed: 23 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,6 @@ use axum::{
1616
TypedHeader,
1717
};
1818
use axum_extra::extract::cookie::{Cookie, PrivateCookieJar, SameSite};
19-
use futures::future;
2019
use octocrab::Octocrab;
2120
use rand::{distributions::Alphanumeric, Rng};
2221
use secrecy::{ExposeSecret, SecretString};
@@ -243,22 +242,34 @@ async fn authenticate_authorize_reissue<B>(
243242
request: Request<B>,
244243
next: Next<B>,
245244
) -> impl IntoResponse {
246-
let unauthorized = || StatusCode::UNAUTHORIZED.into_response();
247-
248-
let user_fut = user_auth(jar, &app, &auth_layer.client);
249-
let bearer_fut = bot_auth(auth_header, &app);
245+
// For better logging, we use some heuristics here to determine what the request type is. We
246+
// know that user requests authorize through a cookie, and bot requests authorize with the
247+
// `Authorization` header.
248+
let result = if jar.get(AuthCookie::COOKIE_NAME).is_some() {
249+
user_auth(jar, &app, &auth_layer.client)
250+
.await
251+
.context("failed to authenticate user request")
252+
} else if auth_header.is_some() {
253+
bot_auth(auth_header, &app)
254+
.await
255+
.context("failed to authenticate bot request")
256+
.map(|()| jar)
257+
} else {
258+
Err(anyhow::anyhow!(
259+
"request had no auth cookie or `Authorization` header"
260+
))
261+
};
250262

251-
let new_cookies = match future::join(user_fut, bearer_fut).await {
252-
(Ok(new_cookies), _) => Some(new_cookies),
253-
(_, Ok(_)) => None,
254-
(Err(e1), Err(e2)) => {
255-
error!(?e1, ?e2, "failed to authenticate request");
256-
return unauthorized();
263+
let jar = match result {
264+
Ok(new_cookies) => new_cookies,
265+
Err(e) => {
266+
error!("{}", e);
267+
return StatusCode::UNAUTHORIZED.into_response();
257268
}
258269
};
259270

260271
let body = next.run(request).await;
261-
(new_cookies, body).into_response()
272+
(jar, body).into_response()
262273
}
263274

264275
async fn user_auth(

0 commit comments

Comments
 (0)