fix: return perm denied instead of internal error when login fail

Monify-Dev · Jun 1, 2024 · 32f6c20 · 32f6c20
1 parent 62a6cb3
commit 32f6c20
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 41 deletions.
diff --git a/internal/services/auth/login.go b/internal/services/auth/login.go
@@ -3,7 +3,6 @@ package auth
 import (
 	"context"
 	"database/sql"
-	"errors"
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/google/uuid"
 	"go.uber.org/zap"
@@ -16,6 +15,7 @@ import (
 )
 
 func matchEmailUser(ctx context.Context, email string, password string, db *sql.DB) (uuid.UUID, error) {
+	logger := ctx.Value(middlewares.LoggerContextKey{}).(*zap.Logger)
 	query, err := db.QueryContext(ctx, `
 	SELECT user_id, password 
 	FROM email_login 
@@ -33,12 +33,13 @@ func matchEmailUser(ctx context.Context, email string, password string, db *sql.
 	var hashedPassword string
 	err = query.Scan(&userId, &hashedPassword)
 	if err != nil {
-		return uuid.Nil, err
+		logger.Error("", zap.Error(err))
+		return uuid.Nil, status.Error(codes.Internal, "internal err.")
 	}
 
 	err = bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
 	if err != nil {
-		return uuid.Nil, errors.New("incorrect password")
+		return uuid.Nil, status.Error(codes.PermissionDenied, "Password incorrect.")
 	}
 
 	return userId, nil
@@ -66,7 +67,7 @@ func (s Service) EmailLogin(ctx context.Context, req *monify.EmailLoginRequest)
 
 	userId, err := matchEmailUser(ctx, req.Email, req.Password, db)
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, "internal err.")
+		return nil, err
 	}
 
 	if userId == uuid.Nil {

diff --git a/protobuf/gen/go/groups_bill.pb.go b/protobuf/gen/go/groups_bill.pb.go
diff --git a/protobuf/gen/go/groups_bill.pb.gw.go b/protobuf/gen/go/groups_bill.pb.gw.go
diff --git a/protobuf/gen/monify.swagger.json b/protobuf/gen/monify.swagger.json
@@ -302,7 +302,7 @@
         ]
       }
     },
-    "/v1/group_bill/history/{skip}/{limit}": {
+    "/v1/group_bill/history/{groupId}/{skip}/{limit}": {
       "get": {
         "operationId": "GroupsBillService_GetHistory",
         "responses": {
@@ -314,6 +314,12 @@
           }
         },
         "parameters": [
+          {
+            "name": "groupId",
+            "in": "path",
+            "required": true,
+            "type": "string"
+          },
           {
             "name": "skip",
             "in": "path",
@@ -327,12 +333,6 @@
             "required": true,
             "type": "integer",
             "format": "int32"
-          },
-          {
-            "name": "groupId",
-            "in": "query",
-            "required": false,
-            "type": "string"
           }
         ],
         "tags": [

diff --git a/protobuf/groups_bill.proto b/protobuf/groups_bill.proto
@@ -35,7 +35,7 @@ service GroupsBillService{
 
     rpc GetHistory(GetHistoryRequest) returns (GetHistoryResponse) {
         option (google.api.http) = {
-            get: "/v1/group_bill/history/{skip}/{limit}"
+            get: "/v1/group_bill/history/{group_id}/{skip}/{limit}"
         };
     }
 }