From 237accf0a1313ff5d73fe18096dd7229e0f8ba62 Mon Sep 17 00:00:00 2001
From: Jesse Morgan <jesse@jesterpm.net>
Date: Sun, 20 Mar 2022 17:39:10 -0700
Subject: Initial commit

---
 src/error.rs | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 src/error.rs

(limited to 'src/error.rs')

diff --git a/src/error.rs b/src/error.rs
new file mode 100644
index 0000000..271dc91
--- /dev/null
+++ b/src/error.rs
@@ -0,0 +1,53 @@
+use actix_web::http::{header, StatusCode};
+use actix_web::{HttpResponse, ResponseError};
+use std::fmt::{Display, Formatter};
+
+#[derive(Debug, Copy, Clone)]
+pub enum Error {
+    MissingToken,
+    InvalidToken,
+    ConfigurationError,
+    IntrospectionServerError,
+    AccessDenied,
+}
+
+impl Display for Error {
+    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+        f.write_str(match self {
+            Error::AccessDenied => "Access denied",
+            Error::MissingToken => "Missing authorization token",
+            Error::InvalidToken => "Invalid access token",
+            Error::ConfigurationError => "OAuth2 client configuration error",
+            Error::IntrospectionServerError => "Introspection endpoint returned an error",
+        })
+    }
+}
+
+impl ResponseError for Error {
+    fn status_code(&self) -> StatusCode {
+        match self {
+            Error::AccessDenied => StatusCode::FORBIDDEN,
+            Error::MissingToken => StatusCode::UNAUTHORIZED,
+            Error::InvalidToken => StatusCode::UNAUTHORIZED,
+            Error::ConfigurationError => StatusCode::INTERNAL_SERVER_ERROR,
+            Error::IntrospectionServerError => StatusCode::SERVICE_UNAVAILABLE,
+        }
+    }
+
+    fn error_response(&self) -> HttpResponse {
+        let mut resp = HttpResponse::build(self.status_code());
+        match self {
+            Error::AccessDenied => {
+                resp.insert_header((header::WWW_AUTHENTICATE, "Bearer"));
+                resp.body("{\"error\": \"insufficient_scope\"}")
+            }
+            Error::MissingToken => resp.finish(),
+            Error::InvalidToken => {
+                resp.insert_header((header::WWW_AUTHENTICATE, "Bearer"));
+                resp.body("{\"error\": \"invalid_token\"}")
+            }
+            Error::ConfigurationError => resp.finish(),
+            Error::IntrospectionServerError => resp.finish(),
+        }
+    }
+}
-- 
cgit v1.2.3