fix: unauthorized access (#205)

2025-05-11 02:15:48 +02:00 · 2023-11-25 23:29:00 +08:00 · 2023-11-25 23:29:00 +08:00 · c578f26054
commit c578f26054
parent 7fe3517afe
1 changed files with 15 additions and 4 deletions
--- a/server/api/auth.go
+++ b/server/api/auth.go
@ -2,12 +2,15 @@ package api

 import (
 	"fmt"
+	"net/http"
+
 	"github.com/0xJacky/Nginx-UI/server/model"
 	"github.com/0xJacky/Nginx-UI/server/settings"
 	"github.com/casdoor/casdoor-go-sdk/casdoorsdk"
 	"github.com/gin-gonic/gin"
+	"github.com/pkg/errors"
 	"golang.org/x/crypto/bcrypt"
-	"net/http"
+	"gorm.io/gorm"
 )

 type LoginUser struct {
@ -81,6 +84,7 @@ func CasdoorCallback(c *gin.Context) {
 		c.JSON(http.StatusInternalServerError, gin.H{
 			"message": "Casdoor is not configured",
 		})
+		return
 	}
 	casdoorsdk.InitConfig(endpoint, clientId, clientSecret, certificate, organization, application)
 	token, err := casdoorsdk.GetOAuthToken(loginUser.Code, loginUser.State)
@ -99,9 +103,16 @@ func CasdoorCallback(c *gin.Context) {
 	}
 	u, err := model.GetUser(claims.Name)
 	if err != nil {
-		c.JSON(http.StatusInternalServerError, gin.H{
-			"message": err.Error(),
-		})
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			c.JSON(http.StatusForbidden, gin.H{
+				"message": "User not exist",
+			})
+		} else {
+			c.JSON(http.StatusInternalServerError, gin.H{
+				"message": err.Error(),
+			})
+		}
+		return
 	}

 	userToken, err := model.GenerateJWT(u.Name)