From 46bd49ce15e78029d931373fd1a770ecc9e2fa31 Mon Sep 17 00:00:00 2001
From: Nikolay Marchuk <nikolay.marchuk@hardcoreeng.com>
Date: Tue, 7 Oct 2025 13:11:10 +0700
Subject: [PATCH] Use consistent error codes for authorization errors from
 transaction

Signed-off-by: Nikolay Marchuk <nikolay.marchuk@hardcoreeng.com>
---
 pods/server/src/rpc.ts         | 4 ++--
 pods/server/src/server_http.ts | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/pods/server/src/rpc.ts b/pods/server/src/rpc.ts
index 2daa64dd7ce..7ccd58f635a 100644
--- a/pods/server/src/rpc.ts
+++ b/pods/server/src/rpc.ts
@@ -163,7 +163,7 @@ export function registerRPC (app: Express, sessions: SessionManager, ctx: Measur
 
       const decodedToken = decodeToken(token)
       if (workspaceId !== decodedToken.workspace) {
-        sendError(res, 401, { message: 'Invalid workspace', workspace: decodedToken.workspace })
+        sendError(res, 403, { message: 'Invalid workspace', workspace: decodedToken.workspace })
         return
       }
 
@@ -173,7 +173,7 @@ export function registerRPC (app: Express, sessions: SessionManager, ctx: Measur
         const cs: ConnectionSocket = createClosingSocket(token, rpcSessions)
         const s = await sessions.addSession(ctx, cs, decodedToken, token, token)
         if (!('session' in s)) {
-          sendError(res, 401, {
+          sendError(res, 403, {
             message: 'Failed to create session',
             mode: 'specialError' in s ? s.specialError ?? '' : 'upgrading'
           })
diff --git a/pods/server/src/server_http.ts b/pods/server/src/server_http.ts
index 43438c34e64..0fab84b3ec6 100644
--- a/pods/server/src/server_http.ts
+++ b/pods/server/src/server_http.ts
@@ -321,7 +321,7 @@ export function startHttpServer (
       try {
         const authHeader = req.headers.authorization
         if (authHeader === undefined) {
-          res.status(403).end(JSON.stringify({ error: 'Unauthorized' }))
+          res.status(401).end(JSON.stringify({ error: 'Unauthorized' }))
           return
         }
 
@@ -329,7 +329,7 @@ export function startHttpServer (
         const wsIds = await getWorkspaceIds(token)
 
         if (wsIds.uuid == null) {
-          res.status(401).end(JSON.stringify({ error: 'No workspace found' }))
+          res.status(403).end(JSON.stringify({ error: 'No workspace found' }))
           return
         }
 
@@ -390,7 +390,7 @@ export function startHttpServer (
       try {
         const authHeader = req.headers.authorization
         if (authHeader === undefined) {
-          res.status(403).send({ error: 'Unauthorized' })
+          res.status(401).send({ error: 'Unauthorized' })
           return
         }
 
@@ -398,7 +398,7 @@ export function startHttpServer (
         const wsIds = await getWorkspaceIds(token)
 
         if (wsIds.uuid == null) {
-          res.status(401).send({ error: 'No workspace found' })
+          res.status(403).send({ error: 'No workspace found' })
         }
 
         const name = req.query.name as string