-
Notifications
You must be signed in to change notification settings - Fork 14
/
errors.go
57 lines (46 loc) · 1.4 KB
/
errors.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
package jwtauth
import (
"fmt"
"net/http"
)
// AuthError is a protocol agnostic error.
//
// Codes can be translated into actual protocol error codes.
type AuthError struct {
Code int
Cause error
}
func (e *AuthError) Error() string {
return fmt.Sprintf("jwtauth err %d: %v", e.Code, e.Cause)
}
// Unwrap implements the unwrap interface in errors.
func (e *AuthError) Unwrap() error {
return e.Cause
}
// HTTPStatus returns an http status code corresponding to the AuthError code.
func (e *AuthError) HTTPStatus() int {
code, ok := errHTTPCodeMap[e.Code]
if !ok {
return http.StatusInternalServerError
}
return code
}
// Authorization error codes.
const (
AuthErrCodeUnknown = iota
AuthErrCodeInvalidJWT
AuthErrCodeUntrustedSource
AuthErrCodeBadSignature
AuthErrCodeInsufficientPermissions
)
var errHTTPCodeMap = map[int]int{
AuthErrCodeUnknown: http.StatusInternalServerError,
// Request has no jwt or jwt is invalid.
AuthErrCodeInvalidJWT: http.StatusUnauthorized,
// Request has credentials but we don't trust where request or got them from.
AuthErrCodeUntrustedSource: http.StatusForbidden,
// Request credentials cannot be verified, either public key is bad or jwt is not from the source it claims to be.
AuthErrCodeBadSignature: http.StatusForbidden,
// Request is authenticated but does not have sufficient permissions to execute.
AuthErrCodeInsufficientPermissions: http.StatusForbidden,
}