Change: prevent status code being set for unauthorized (#153)

auth/middleware.go

@@ -8,7 +8,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"net/http"
 
 	"github.com/gin-gonic/gin"
 )
@@ -28,13 +27,13 @@ func NewGinAuthMiddleware(parseRequestFunc func(ctx context.Context, authorizati
 		}
 
 		if err := ctx.ShouldBindHeader(&header); err != nil {
-			_ = ctx.AbortWithError(http.StatusUnauthorized, fmt.Errorf("could not bind header: %w", err))
+			AbortWithError(ctx, fmt.Errorf("could not bind header: %w", err))
 			return
 		}
 
 		userContext, err := parseRequestFunc(ctx, header.Authorization, header.Origin)
 		if err != nil {
-			_ = ctx.AbortWithError(http.StatusUnauthorized, fmt.Errorf("authorization failed: %w", err))
+			AbortWithError(ctx, fmt.Errorf("authorization failed: %w", err))
 			return
 		}
 
@@ -43,3 +42,8 @@ func NewGinAuthMiddleware(parseRequestFunc func(ctx context.Context, authorizati
 		ctx.Next()
 	}, nil
 }
+
+func AbortWithError(ctx *gin.Context, err error) {
+	_ = ctx.Error(err)
+	ctx.Abort()
+}

auth/middleware_test.go

@@ -43,7 +43,6 @@ func TestGinAuthMiddleware(t *testing.T) {
 		ctx.Request, _ = http.NewRequest("GET", "/", nil)
 		auth(ctx)
 
-		assert.Equal(t, http.StatusUnauthorized, w.Code)
 		require.Len(t, ctx.Errors, 1)
 		assert.ErrorContains(t, ctx.Errors[0], "could not bind header")
 		assert.ErrorContains(t, ctx.Errors[0], "Authorization")
@@ -65,7 +64,6 @@ func TestGinAuthMiddleware(t *testing.T) {
 		ctx.Request.Header.Add("Origin", "origin")
 		auth(ctx)
 
-		assert.Equal(t, http.StatusUnauthorized, w.Code)
 		require.Len(t, ctx.Errors, 1)
 		assert.ErrorContains(t, ctx.Errors[0], "authorization failed")
 		assert.ErrorContains(t, ctx.Errors[0], "test error")