From ca51ac5e27b2c6219d68743abe019029a8da4748 Mon Sep 17 00:00:00 2001
From: Jan Bader <jan@javil.eu>
Date: Sun, 20 Feb 2022 20:42:57 +0000
Subject: [PATCH] Use AbortWithStatusJSON instead of AbortWithError

---
 server/budgeting.go   |  7 +++----
 server/http.go        |  4 ++++
 server/session.go     | 25 +++++++++++++++----------
 server/ynab-import.go |  3 +--
 4 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/server/budgeting.go b/server/budgeting.go
index ec07791..48ff479 100644
--- a/server/budgeting.go
+++ b/server/budgeting.go
@@ -55,7 +55,7 @@ func (h *Handler) budgetingForMonth(c *gin.Context) {
 	budgetID := c.Param("budgetid")
 	budgetUUID, err := uuid.Parse(budgetID)
 	if err != nil {
-		c.AbortWithError(http.StatusBadRequest, fmt.Errorf("budgetid missing from URL"))
+		c.AbortWithStatusJSON(http.StatusBadRequest, ErrorResponse{"budgetid missing from URL"})
 		return
 	}
 
@@ -80,7 +80,7 @@ func (h *Handler) budgetingForMonth(c *gin.Context) {
 	firstOfNextMonth := firstOfMonth.AddDate(0, 1, 0)
 	cumultativeBalances, err := h.Service.GetCumultativeBalances(c.Request.Context(), budgetUUID)
 	if err != nil {
-		c.AbortWithError(http.StatusInternalServerError, fmt.Errorf("load balances: %w", err))
+		c.AbortWithStatusJSON(http.StatusInternalServerError, ErrorResponse{fmt.Sprintf("error loading balances: %s", err)})
 		return
 	}
 
@@ -115,14 +115,13 @@ func (h *Handler) budgetingForMonth(c *gin.Context) {
 		AvailableBalance postgres.Numeric
 	}{categoriesWithBalance, availableBalance}
 	c.JSON(http.StatusOK, data)
-
 }
 
 func (h *Handler) budgeting(c *gin.Context) {
 	budgetID := c.Param("budgetid")
 	budgetUUID, err := uuid.Parse(budgetID)
 	if err != nil {
-		c.AbortWithError(http.StatusBadRequest, fmt.Errorf("budgetid missing from URL"))
+		c.AbortWithStatusJSON(http.StatusBadRequest, ErrorResponse{"budgetid missing from URL"})
 		return
 	}
 
diff --git a/server/http.go b/server/http.go
index 6495d56..09e1f09 100644
--- a/server/http.go
+++ b/server/http.go
@@ -33,6 +33,10 @@ func (h *Handler) Serve() {
 	}
 }
 
+type ErrorResponse struct {
+	Message string
+}
+
 // LoadRoutes initializes all the routes.
 func (h *Handler) LoadRoutes(router *gin.Engine) {
 	router.Use(enableCachingForStaticFiles())
diff --git a/server/session.go b/server/session.go
index 7f56281..49139c8 100644
--- a/server/session.go
+++ b/server/session.go
@@ -11,16 +11,21 @@ import (
 	"github.com/google/uuid"
 )
 
-func (h *Handler) verifyLogin(c *gin.Context) (budgeteer.Token, error) {
-	tokenString := c.GetHeader("Authorization")
-	if len(tokenString) < 8 {
-		return nil, fmt.Errorf("no authorization header supplied")
+const (
+	HeaderName = "Authorization"
+	Bearer     = "Bearer "
+)
+
+func (h *Handler) verifyLogin(c *gin.Context) (budgeteer.Token, *ErrorResponse) { //nolint:ireturn
+	tokenString := c.GetHeader(HeaderName)
+	if len(tokenString) <= len(Bearer) {
+		return nil, &ErrorResponse{"no authorization header supplied"}
 	}
 
 	tokenString = tokenString[7:]
 	token, err := h.TokenVerifier.VerifyToken(tokenString)
 	if err != nil {
-		return nil, fmt.Errorf("verify token '%s': %w", tokenString, err)
+		return nil, &ErrorResponse{fmt.Sprintf("verify token '%s': %s", tokenString, err)}
 	}
 
 	return token, nil
@@ -29,8 +34,8 @@ func (h *Handler) verifyLogin(c *gin.Context) (budgeteer.Token, error) {
 func (h *Handler) verifyLoginWithForbidden(c *gin.Context) {
 	token, err := h.verifyLogin(c)
 	if err != nil {
-		//c.Header("WWW-Authenticate", "Bearer")
-		c.AbortWithError(http.StatusForbidden, err)
+		// c.Header("WWW-Authenticate", "Bearer")
+		c.AbortWithStatusJSON(http.StatusForbidden, err)
 		return
 	}
 
@@ -104,18 +109,18 @@ func (h *Handler) registerPost(c *gin.Context) {
 	var register registerInformation
 	err := c.BindJSON(&register)
 	if err != nil {
-		c.AbortWithError(http.StatusBadRequest, fmt.Errorf("parse body: %w", err))
+		c.AbortWithStatusJSON(http.StatusBadRequest, ErrorResponse{"error parsing body"})
 		return
 	}
 
 	if register.Email == "" || register.Password == "" || register.Name == "" {
-		c.AbortWithError(http.StatusBadRequest, fmt.Errorf("e-mail, password and name are required"))
+		c.AbortWithStatusJSON(http.StatusBadRequest, ErrorResponse{"e-mail, password and name are required"})
 		return
 	}
 
 	_, err = h.Service.GetUserByUsername(c.Request.Context(), register.Email)
 	if err == nil {
-		c.AbortWithError(http.StatusBadRequest, fmt.Errorf("email is already taken"))
+		c.AbortWithStatusJSON(http.StatusBadRequest, ErrorResponse{"email is already taken"})
 		return
 	}
 
diff --git a/server/ynab-import.go b/server/ynab-import.go
index e6cf0f3..349449e 100644
--- a/server/ynab-import.go
+++ b/server/ynab-import.go
@@ -1,7 +1,6 @@
 package server
 
 import (
-	"fmt"
 	"net/http"
 
 	"git.javil.eu/jacob1123/budgeteer/postgres"
@@ -12,7 +11,7 @@ import (
 func (h *Handler) importYNAB(c *gin.Context) {
 	budgetID, succ := c.Params.Get("budgetid")
 	if !succ {
-		c.AbortWithError(http.StatusBadRequest, fmt.Errorf("no budget_id specified"))
+		c.AbortWithStatusJSON(http.StatusBadRequest, ErrorResponse{"no budget_id specified"})
 		return
 	}