Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing Authorization header is reported as 400 instead of 401 #3235

Open
notxcain opened this issue Dec 5, 2024 · 5 comments
Open

Missing Authorization header is reported as 400 instead of 401 #3235

notxcain opened this issue Dec 5, 2024 · 5 comments
Labels
bug Something isn't working

Comments

@notxcain
Copy link

notxcain commented Dec 5, 2024

A missing Authorization header is reported with 400 instead of 401 status code when served by a route created using the declarative endpoint syntax.

To Reproduce

  1. Create a simple endpoint using Endpoint(PathCodec.Get).header(HeaderCodec.authorization).
  2. Send a request without Authorization header.
  3. Get a response with 400 status code.

Expected Behaviour

According to the RFC, in such case a response should have 401 Unauthorized code:

The 401 (Unauthorized) status code indicates that the request has not
been applied because it lacks valid authentication credentials for
the target resource.
@notxcain notxcain added the bug Something isn't working label Dec 5, 2024
@weili96
Copy link

weili96 commented Dec 12, 2024

image
I also meet this bug !

@weili96
Copy link

weili96 commented Dec 18, 2024

image
content-type is also error!

@987Nabil
Copy link
Contributor

@weili96 without the endpoint definition, Idk what the issue is. Also, if you find a new bug, please open a new issue

@weili96
Copy link

weili96 commented Dec 18, 2024 

private val editorViewArticleEndpoint =
  Endpoint((RoutePattern.POST / "article" / "editorView") ?? Doc.p("文章编辑页面-查看文章详情"))
    .auth(AuthType.Bearer)
    .header(HeaderCodec.authorization)
    .in[ArticleId]
    .out[ArticleInfo]
    .outErrors[ServerError](
      HttpCodec.error[BadRequestError](Status.BadRequest),
      HttpCodec.error[DbError](Status.InternalServerError)
    )
    .tag("Article")
private val editorViewArticleRoute = editorViewArticleEndpoint.implement(
  (authHeader: Authorization, input: ArticleId) =>
    ZIO.serviceWithZIO[ArticleApiHandler](_.editorViewArticle(input, Authorization.render(authHeader)))
)

@987Nabil when i send , without header of authorization

@weili96
Copy link

weili96 commented Dec 18, 2024 

private val uploadImageEndpoint =
    Endpoint((RoutePattern.POST / "upload" / "image") ?? Doc.p("上传图片"))
      .auth(AuthType.Bearer)
      .header(HeaderCodec.authorization)
      .header(HeaderCodec.contentType)
      .inCodec(HttpCodec.binaryStream(MediaType.multipart.`form-data`))
      .out[ImageUrl]
      .outErrors[ServerError](
        HttpCodec.error[BadRequestError](Status.BadRequest),
        HttpCodec.error[DbError](Status.InternalServerError)
      )
      .tag("Tool")
  private val uploadImageRoute = uploadImageEndpoint.implement(
    (_, bytes) => {
      for
        _ <- ZIO.logInfo(bytes.toString)
        form <- Body.fromStreamChunked(bytes).asMultipartForm.mapError(e => BadRequestError(s"请求转换异常; ${e.toString}"))
        _ <- ZIO.logInfo(form.formData(1).name)
        res <- ZIO.serviceWithZIO[ToolApiHandler](_.uploadImage(form))
      yield res
    }
  )

this is also without contentType

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@notxcain @987Nabil @weili96