Return HTTP 401 status code for invalid tokens (#1988)

Closes https://github.com/firezone/product/issues/651
2026-01-27 10:18:54 +00:00 · 2023-09-12 16:50:22 -06:00
parent 2b1092699d
commit b911bd16dd
3 changed files with 11 additions and 5 deletions
--- a/elixir/apps/api/lib/api/gateway/socket.ex
+++ b/elixir/apps/api/lib/api/gateway/socket.ex
@@ -33,6 +33,9 @@ defmodule API.Gateway.Socket do

      {:ok, socket}
    else
+      {:error, :invalid_token} ->
+        {:error, :invalid_token}
+
      {:error, reason} ->
        Logger.debug("Error connecting gateway websocket: #{inspect(reason)}")
        {:error, reason}
--- a/elixir/apps/api/lib/api/relay/socket.ex
+++ b/elixir/apps/api/lib/api/relay/socket.ex
@@ -33,6 +33,9 @@ defmodule API.Relay.Socket do

      {:ok, socket}
    else
+      {:error, :invalid_token} ->
+        {:error, :invalid_token}
+
      {:error, reason} ->
        Logger.debug("Error connecting relay websocket: #{inspect(reason)}")
        {:error, reason}
--- a/elixir/apps/api/lib/api/sockets.ex
+++ b/elixir/apps/api/lib/api/sockets.ex
@@ -16,18 +16,18 @@ defmodule API.Sockets do
    ]
  end

+  def handle_error(conn, :invalid_token),
+    do: Plug.Conn.send_resp(conn, 401, "Invalid token")
+
  def handle_error(conn, :unauthenticated),
    do: Plug.Conn.send_resp(conn, 403, "Forbidden")

-  def handle_error(conn, :invalid_token),
-    do: Plug.Conn.send_resp(conn, 422, "Unprocessable Entity")
+  def handle_error(conn, %Ecto.Changeset{}),
+    do: Plug.Conn.send_resp(conn, 422, "Invalid or missing connection parameters")

  def handle_error(conn, :rate_limit),
    do: Plug.Conn.send_resp(conn, 429, "Too many requests")

-  def handle_error(conn, %Ecto.Changeset{}),
-    do: Plug.Conn.send_resp(conn, 422, "Invalid or missing connection parameters")
-
  def real_ip(x_headers, peer_data) do
    real_ip =
      if is_list(x_headers) and length(x_headers) > 0 do