fix: middleware didn't return

author: Max Resnick <max@ofmax.li> 2024-02-24 23:03:45 -0800
committer: Max Resnick <max@ofmax.li> 2024-02-24 23:03:45 -0800
commit: 9fe8f31ae379d4b30823f3c4f19842bf32aae034 (patch)
tree: fb8b180d2e05bf6520b636d3207e2506e0e860cf /internal/authz/middleware.go
parent: 794445b230ddad08480f35d58f4694023e5f7006 (diff)
download: go-git-server-9fe8f31ae379d4b30823f3c4f19842bf32aae034.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/internal/authz/middleware.go b/internal/authz/middleware.go
index 6763323..abebcdb 100644
--- a/internal/authz/middleware.go
+++ b/internal/authz/middleware.go
@@ -54,6 +54,7 @@ func Authorization(adminSvc *admin.Servicer, next http.Handler) http.Handler {
 		urn, ok := ctx.Value(AuthzUrnKey).(string)
 		if !ok || urn == "" {
 			http.Error(rw, "Bad Request", http.StatusBadRequest)
+			return
 		}
 		repo := req.URL.Path
 		action := req.Method
@@ -61,10 +62,12 @@ func Authorization(adminSvc *admin.Servicer, next http.Handler) http.Handler {
 		if err != nil {
 			log.Printf("error running enforce %s", err)
 			http.Error(rw, "Bad Request", http.StatusBadRequest)
+			return
 		}
 		if !ok {
-			log.Printf("Access denied")
+			log.Printf("Not Authorized - attempted access %s", urn)
 			http.Error(rw, "Access denied", http.StatusForbidden)
+			return
 		}
 		log.Printf("Method %s Url %s", action, repo)
 		next.ServeHTTP(rw, req.WithContext(ctx))
author	Max Resnick <max@ofmax.li>	2024-02-24 23:03:45 -0800
committer	Max Resnick <max@ofmax.li>	2024-02-24 23:03:45 -0800
commit	9fe8f31ae379d4b30823f3c4f19842bf32aae034 (patch)
tree	fb8b180d2e05bf6520b636d3207e2506e0e860cf /internal/authz/middleware.go
parent	794445b230ddad08480f35d58f4694023e5f7006 (diff)
download	go-git-server-9fe8f31ae379d4b30823f3c4f19842bf32aae034.tar.gz