Improve error handling in AutoSigninFilter

2025-07-03 12:30:19 +08:00 · 2023-10-15 12:43:36 +08:00
parent 1c296e9b6f
commit 1055d7781b
5 changed files with 27 additions and 16 deletions
--- a/routers/authz_filter.go
+++ b/routers/authz_filter.go
@ -35,14 +35,14 @@ type Object struct {
 func getUsername(ctx *context.Context) (username string) {
 	defer func() {
 		if r := recover(); r != nil {
-			username = getUsernameByClientIdSecret(ctx)
+			username, _ = getUsernameByClientIdSecret(ctx)
 		}
 	}()

 	username = ctx.Input.Session("username").(string)

 	if username == "" {
-		username = getUsernameByClientIdSecret(ctx)
+		username, _ = getUsernameByClientIdSecret(ctx)
 	}

 	if username == "" {
--- a/routers/auto_signin_filter.go
+++ b/routers/auto_signin_filter.go
@ -45,19 +45,21 @@ func AutoSigninFilter(ctx *context.Context) {
 		}

 		if token == nil {
-			responseError(ctx, "Access token doesn't exist")
+			responseError(ctx, "Access token doesn't exist in database")
 			return
 		}

-		if util.IsTokenExpired(token.CreatedTime, token.ExpiresIn) {
-			responseError(ctx, "Access token has expired")
+		isExpired, expireTime := util.IsTokenExpired(token.CreatedTime, token.ExpiresIn)
+		if isExpired {
+			responseError(ctx, fmt.Sprintf("Access token has expired, expireTime = %s", expireTime))
 			return
 		}

 		userId := util.GetId(token.Organization, token.User)
 		application, err := object.GetApplicationByUserId(fmt.Sprintf("app/%s", token.Application))
 		if err != nil {
-			panic(err)
+			responseError(ctx, err.Error())
+			return
 		}

 		setSessionUser(ctx, userId)
@ -66,7 +68,11 @@ func AutoSigninFilter(ctx *context.Context) {
 	}

 	// "/page?clientId=123&clientSecret=456"
-	userId := getUsernameByClientIdSecret(ctx)
+	userId, err := getUsernameByClientIdSecret(ctx)
+	if err != nil {
+		responseError(ctx, err.Error())
+		return
+	}
 	if userId != "" {
 		setSessionUser(ctx, userId)
 		return
--- a/routers/base.go
+++ b/routers/base.go
@ -66,7 +66,7 @@ func denyRequest(ctx *context.Context) {
 	responseError(ctx, T(ctx, "auth:Unauthorized operation"))
 }

-func getUsernameByClientIdSecret(ctx *context.Context) string {
+func getUsernameByClientIdSecret(ctx *context.Context) (string, error) {
 	clientId, clientSecret, ok := ctx.Request.BasicAuth()
 	if !ok {
 		clientId = ctx.Input.Query("clientId")
@ -74,19 +74,22 @@ func getUsernameByClientIdSecret(ctx *context.Context) string {
 	}

 	if clientId == "" || clientSecret == "" {
-		return ""
+		return "", nil
 	}

 	application, err := object.GetApplicationByClientId(clientId)
 	if err != nil {
-		panic(err)
+		return "", err
+	}
+	if application == nil {
+		return "", fmt.Errorf("Application not found for client ID: %s", clientId)
 	}

-	if application == nil || application.ClientSecret != clientSecret {
-		return ""
+	if application.ClientSecret != clientSecret {
+		return "", fmt.Errorf("Incorrect client secret for application: %s", application.Name)
 	}

-	return fmt.Sprintf("app/%s", application.Name)
+	return fmt.Sprintf("app/%s", application.Name), nil
 }

 func getUsernameByKeys(ctx *context.Context) string {