From 9fe8f31ae379d4b30823f3c4f19842bf32aae034 Mon Sep 17 00:00:00 2001
From: Max Resnick <max@ofmax.li>
Date: Sat, 24 Feb 2024 23:03:45 -0800
Subject: fix: middleware didn't return

---
 internal/authz/middleware.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'internal/authz/middleware.go')

diff --git a/internal/authz/middleware.go b/internal/authz/middleware.go
index 6763323..abebcdb 100644
--- a/internal/authz/middleware.go
+++ b/internal/authz/middleware.go
@@ -54,6 +54,7 @@ func Authorization(adminSvc *admin.Servicer, next http.Handler) http.Handler {
 		urn, ok := ctx.Value(AuthzUrnKey).(string)
 		if !ok || urn == "" {
 			http.Error(rw, "Bad Request", http.StatusBadRequest)
+			return
 		}
 		repo := req.URL.Path
 		action := req.Method
@@ -61,10 +62,12 @@ func Authorization(adminSvc *admin.Servicer, next http.Handler) http.Handler {
 		if err != nil {
 			log.Printf("error running enforce %s", err)
 			http.Error(rw, "Bad Request", http.StatusBadRequest)
+			return
 		}
 		if !ok {
-			log.Printf("Access denied")
+			log.Printf("Not Authorized - attempted access %s", urn)
 			http.Error(rw, "Access denied", http.StatusForbidden)
+			return
 		}
 		log.Printf("Method %s Url %s", action, repo)
 		next.ServeHTTP(rw, req.WithContext(ctx))
-- 
cgit v1.2.3