🐛 Bug: V2 API returns wrong status code and message combination on 401 and 403

[woodmin]

Please confirm if bug report does NOT exists already ?

• I confirm there is no existing issue for this

Steps to reproduce ?

I am working on API response status message handling.
When working with personal API tokens, NocoDB returns "403" status code with message "Unauthorized" in both of those cases:

1. When incorrect and non-existent API token is provided,
2. When user has not been granted access rights to the resource (db, table or view).
   In both of those cases response status and message combination is contradicting.
   403 is actually "Forbidden" (not "Unauthorized") and is generally used to indicate that the server recognizes the client's credentials, but those credentials don't grant permission to access the requested resource.
   "Unauthorized" is actually a message for status code "401" (not "403") and is typically used when authentication has failed or hasn't been provided.

Desired Behavior

1. Return "401" with message "Unauthorized" when API is accessed with unknown/non-existent personal API key (currently "403" with message "Unauthorized"),
2. Return "403" with message "Forbidden" when API is accessed with known personal API key of a user, that does not have access rights to the resource (currently also "403" with message "Unauthorized").

Project Details

Docker: true
PackageVersion: 0.202.10
Node: v18.18.2
Arch: x64
Platform: linux
RootDB: pg
Database version : 15.5

Attachments

No response