From c02044d381e66814e5b008df2dff0057ee6d5236 Mon Sep 17 00:00:00 2001
From: Philip Laine <philip.laine@xenit.se>
Date: Tue, 24 Aug 2021 16:31:35 +0200
Subject: [PATCH] Refactor error messages to include more detail

---
 pkg/auth/auth.go | 30 ++++++++++++++++++++----------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
index c0efe8a..deb6004 100644
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@@ -75,6 +75,7 @@ func NewAuthorization(cfg *config.Configuration) (Authorization, error) {
 	return authz, nil
 }
 
+// GetEndpoints returns all endpoints.
 func (a *Authorization) GetEndpoints() map[string]*Endpoint {
 	return a.endpoints
 }
@@ -91,18 +92,18 @@ func (a *Authorization) LookupEndpoint(domain, org, proj, repo string) (*Endpoin
 
 // PatForToken returns the pat associated with the token.
 func (a *Authorization) GetPatForToken(token string) (string, error) {
-	e, ok := a.endpoints[token]
-	if !ok {
-		return "", errors.New("invalid token")
+	e, err := a.GetEndpointForToken(token)
+	if err != nil {
+		return "", err
 	}
 	return e.Pat, nil
 }
 
 // TargetForToken returns the target url which matches the given token.
 func (a *Authorization) GetTargetForToken(token string) (*url.URL, error) {
-	e, ok := a.endpoints[token]
-	if !ok {
-		return nil, errors.New("invalid token")
+	e, err := a.GetEndpointForToken(token)
+	if err != nil {
+		return nil, err
 	}
 	target, err := url.Parse(fmt.Sprintf("%s://%s", e.Scheme, e.Domain))
 	if err != nil {
@@ -113,16 +114,25 @@ func (a *Authorization) GetTargetForToken(token string) (*url.URL, error) {
 
 // IsPermitted checks if a specific token is permitted to access a path.
 func (a *Authorization) IsPermitted(path string, token string) error {
-	e, ok := a.endpoints[token]
-	if !ok {
-		return errors.New("invalid token")
+	e, err := a.GetEndpointForToken(token)
+	if err != nil {
+		return err
 	}
 	for _, r := range e.regexes {
 		if r.MatchString(path) {
 			return nil
 		}
 	}
-	return fmt.Errorf("invalid token")
+	return fmt.Errorf("token not permitted for path %s", path)
+}
+
+// GetEndpointForToken returns an endpoint for the specified token.
+func (a *Authorization) GetEndpointForToken(token string) (*Endpoint, error) {
+	e, ok := a.endpoints[token]
+	if !ok {
+		return nil, errors.New("endpoint not found for token")
+	}
+	return e, nil
 }
 
 func randomSecureToken() (string, error) {