fix missing status code

Author: bootjp

path_auth.go

@@ -31,19 +31,7 @@ var (
 )
 
 // ErrKeyAuthMissing is error type when PathAuth middleware is unable to extract value from lookups
-type ErrKeyAuthMissing struct {
-	Err error
-}
-
-// Error returns errors text
-func (e *ErrKeyAuthMissing) Error() string {
-	return e.Err.Error()
-}
-
-// Unwrap unwraps error
-func (e *ErrKeyAuthMissing) Unwrap() error {
-	return e.Err
-}
+var ErrKeyAuthMissing = echo.NewHTTPError(http.StatusBadRequest, "Missing key in the request")
 
 // PathAuth returns an PathAuth middleware.
 //
@@ -74,20 +62,35 @@ func PathAuthWithConfig(config PathAuthConfig) echo.MiddlewareFunc {
 			if config.Skipper(c) {
 				return next(c)
 			}
-			valid, err := config.Validator(c.Param(config.Param), c)
-			if err != nil {
+
+			if !extract(config.Param, c.ParamNames()) {
 				return &echo.HTTPError{
-					Code:     http.StatusUnauthorized,
-					Message:  "Unauthorized",
-					Internal: err,
+					Code:     http.StatusBadRequest,
+					Message:  http.StatusText(http.StatusBadRequest),
+					Internal: ErrKeyAuthMissing,
 				}
 			}
 
-			if valid {
+			valid, err := config.Validator(c.Param(config.Param), c)
+			if err == nil && valid {
 				return next(c)
 			}
 
-			return echo.NewHTTPError(http.StatusBadRequest)
+			return &echo.HTTPError{
+				Code:     http.StatusUnauthorized,
+				Message:  http.StatusText(http.StatusUnauthorized),
+				Internal: err,
+			}
 		}
 	}
 }
+
+func extract(cParam string, params []string) bool {
+	for _, param := range params {
+		if cParam == param {
+			return true
+		}
+	}
+
+	return false
+}

path_auth_test.go

@@ -63,9 +63,53 @@ func TestKeyAuth(t *testing.T) {
 		err := middlewareChain(c)
 
 		assert.Error(t, err)
+		assert.EqualError(t, err, "code=401, message=Unauthorized, internal=some user defined error")
 		assert.False(t, handlerCalled)
 	})
+	t.Run("auth no error failed", func(t *testing.T) {
+		handlerCalled := false
+		handler := func(c echo.Context) error {
+			handlerCalled = true
+			return c.String(http.StatusOK, "test")
+		}
+		middlewareChain := PathAuth("apikey", testKeyValidator)(handler)
 
+		e := echo.New()
+		e.GET("/:apikey", middlewareChain)
+
+		req := httptest.NewRequest(http.MethodGet, "/", nil)
+		rec := httptest.NewRecorder()
+
+		c := e.NewContext(req, rec)
+		e.Router().Find(http.MethodGet, "/no-error", c)
+		err := middlewareChain(c)
+
+		assert.Error(t, err)
+		assert.EqualError(t, err, "code=401, message=Unauthorized")
+		assert.False(t, handlerCalled)
+	})
+	t.Run("auth nokey", func(t *testing.T) {
+		handlerCalled := false
+		handler := func(c echo.Context) error {
+			handlerCalled = true
+			return c.String(http.StatusOK, "test")
+		}
+		middlewareChain := PathAuth("undef", testKeyValidator)(handler)
+
+		e := echo.New()
+		e.GET("/:apikey", middlewareChain)
+
+		req := httptest.NewRequest(http.MethodGet, "/", nil)
+		rec := httptest.NewRecorder()
+
+		c := e.NewContext(req, rec)
+		e.Router().Find(http.MethodGet, "/error-key", c)
+		err := middlewareChain(c)
+
+		assert.Error(t, err)
+		assert.EqualError(t, err, "code=400, message=Bad Request, internal=code=400, message=Missing key in the request")
+		assert.False(t, handlerCalled)
+	})
 }
 
 func TestPathAuthWithConfig(t *testing.T) {
@@ -103,7 +147,7 @@ func TestPathAuthWithConfig(t *testing.T) {
 				return req
 			},
 			expectHandlerCalled: false,
-			expectError:         "code=400, message=Bad Request",
+			expectError:         "code=401, message=Unauthorized",
 		},
 	}