feat: return 401 error instead of panicking

2026-06-19 06:21:15 +00:00 · 2022-11-20 21:17:08 +01:00 · 2022-11-20 21:17:08 +01:00 · 1bfc8f68c2
commit 1bfc8f68c2
parent 8656a82ef8
3 changed files with 5 additions and 2 deletions
--- a/core/src/error.rs
+++ b/core/src/error.rs
@ -8,6 +8,8 @@ pub enum ServiceError {
    InvalidApplicationId,
    #[error("Invalid credentials")]
    InvalidCredentials,
+    #[error("Unauthorized")]
+    Unauthorized,
    #[error("Forbidden")]
    Forbidden,
    #[error("Session expired, please login agai")]
@ -65,6 +67,7 @@ impl ServiceError {
        match self {
            ServiceError::InvalidApplicationId => 400,
            ServiceError::InvalidCredentials => 401,
+            ServiceError::Unauthorized => 401,
            ServiceError::Forbidden => 403,
            ServiceError::ExpiredSession => 401,
            ServiceError::JwtError => 500,
--- a/core/src/services/admin_service.rs
+++ b/core/src/services/admin_service.rs
@ -41,7 +41,7 @@ impl AdminService {
    pub async fn auth(db: &DbConn, session_uuid: Uuid) -> Result<admin::Model, ServiceError> {
        match SessionService::auth_user_session(db, session_uuid).await? {
            AdminUser::Admin(admin) => Ok(admin),
-            AdminUser::Candidate(_) => unreachable!(),
+            AdminUser::Candidate(_) => Err(ServiceError::Unauthorized),
        }
    }
 }
--- a/core/src/services/candidate_service.rs
+++ b/core/src/services/candidate_service.rs
@ -215,7 +215,7 @@ impl CandidateService {
        match SessionService::auth_user_session(db, session_uuid).await {
            Ok(user) => match user {
                AdminUser::Candidate(candidate) => Ok(candidate),
-                AdminUser::Admin(_) => unreachable!(),
+                AdminUser::Admin(_) => Err(ServiceError::Unauthorized),
            },
            Err(e) => Err(e),
        }