Compare revisions

Jan Moritz Mertens · Jan Moritz Mertens · Jan Moritz Mertens · 021e913c · 021e913c · 021e913c
--- a/.env
+++ b/.env
-JWT_SECRET=jhdvfkjlkjfjhefzgjhufenjkfhbfrdiuhhiufrdhb
+JWT_SECRET=jhdvfkjlkjfjhefzgjhufenjkfhbfrdiuhhiufrdhbe
 CLIENT_IDS=GHEGZIAHOIWHDOWFHUIEAIHUFEUIAS214389WHJ,
\ No newline at end of file
--- a/api/oauth2/token.go
+++ b/api/oauth2/token.go
@@ -61,18 +61,20 @@ func POSTOauth2Token(c *gin.Context) {
 				return []byte(JwtSecret), nil
 			})
 			if errPRT != nil {
-				c.JSON(http.StatusInternalServerError, gin.H{"error_parsing_refresh_token": errPRT})
+				c.JSON(http.StatusUnauthorized, gin.H{"error_parsing_refresh_token": errPRT})
 			} else if claims, ok := parsedRefreshToken.Claims.(*JWTPayload); ok {
 				accessTokenString, errAT := generateAccessToken(claims.UserUid, []string{}, iat)
 				refreshTokenString, errRT := generateRefreshToken(claims.UserUid, []string{}, iat)
 				if errRT != nil || errAT != nil {
-					c.JSON(http.StatusInternalServerError, gin.H{"error_access_token": errAT, "error_refresh_token": errRT})
+					c.JSON(http.StatusUnauthorized, gin.H{"error_access_token": errAT, "error_refresh_token": errRT})
 				} else {
 					c.JSON(http.StatusOK, gin.H{"access_token": accessTokenString, "token_type": "Bearer", "expires_in": 10, "refresh_token": refreshTokenString})
 				}
+			} else {
+				c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "refresh_token invalid"})
 			}
 		} else {
-			c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "wrong grant type"})
+			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "wrong grant type"})
 		}
 	}

--- a/api/router.go
+++ b/api/router.go
@@ -82,7 +82,9 @@ func rateLimit(maxRequests int, timeout time.Duration) gin.HandlerFunc {
 		if errPRT != nil {
 			c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"error_parsing_access_token": errPRT})
 		} else if claims, ok := parsedAccessToken.Claims.(*oauth2.JWTPayload); ok && parsedAccessToken.Valid {
-			if val, ok := rateLimits[claims.UserUid]; ok {
+			if slices.Contains(claims.Scopes, "admin") {
+				c.Next()
+			} else if val, ok := rateLimits[claims.UserUid]; ok {
 				if val < maxRequests {
 					rateLimits[claims.UserUid] += 1
 					time.AfterFunc(timeout, func() {
No results found