Cleanup JWT error messages

2025-07-09 03:04:20 -04:00 · 2023-03-20 12:11:17 +09:00 · 2023-03-20 12:11:17 +09:00 · 9e98bf3532
commit 9e98bf3532
parent 86955cf0cb
4 changed files with 15 additions and 9 deletions
--- a/back/src/Kyoo.Authentication/Controllers/PermissionValidator.cs
+++ b/back/src/Kyoo.Authentication/Controllers/PermissionValidator.cs
@ -173,7 +173,8 @@ namespace Kyoo.Authentication
 				string overallStr = $"{_group.ToString().ToLower()}.{kind.ToString()!.ToLower()}";
 				AuthenticateResult res = _ApiKeyCheck(context);
 				if (res.None)
-					res = await context.HttpContext.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
+					res = await _JwtCheck(context);
+
 				if (res.Succeeded)
 				{
 					ICollection<string> permissions = res.Principal.GetPermissions();
@ -190,6 +191,8 @@ namespace Kyoo.Authentication
 				}
 				else if (res.Failure != null)
 					context.Result = _ErrorResult(res.Failure.Message, StatusCodes.Status403Forbidden);
+				else
+					context.Result = _ErrorResult("Authentication panic", StatusCodes.Status500InternalServerError);
 			}

 			private AuthenticateResult _ApiKeyCheck(ActionContext context)
@ -214,6 +217,15 @@ namespace Kyoo.Authentication
 					)
 				);
 			}
+
+			private async Task<AuthenticateResult> _JwtCheck(ActionContext context)
+			{
+				AuthenticateResult ret = await context.HttpContext.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
+				// Change the failure message to make the API nice to use.
+				if (ret.Failure != null)
+					return AuthenticateResult.Fail("Invalid JWT token. The token may have expired.");
+				return ret;
+			}
 		}

 		/// <summary>
--- a/back/src/Kyoo.Host/Application.cs
+++ b/back/src/Kyoo.Host/Application.cs
@ -82,11 +82,7 @@ namespace Kyoo.Host
 		/// <returns>A task representing the whole process</returns>
 		public async Task Start(string[] args, Action<ContainerBuilder> configure)
 		{
-			IConfiguration parsed = new ConfigurationBuilder()
-				.AddEnvironmentVariables()
-				.AddEnvironmentVariables("KYOO_")
-				.AddCommandLine(args)
-				.Build();
+			IConfiguration parsed = _SetupConfig(new ConfigurationBuilder(), args).Build();
 			string path = Path.GetFullPath(parsed.GetValue("DATADIR", "/kyoo"));
 			if (!Directory.Exists(path))
 				Directory.CreateDirectory(path);
@ -161,7 +157,6 @@ namespace Kyoo.Host
 		private IConfigurationBuilder _SetupConfig(IConfigurationBuilder builder, string[] args)
 		{
 			return builder
-				.AddJsonFile(Path.Join(AppDomain.CurrentDomain.BaseDirectory, "./settings.json"), false, true)
 				.AddEnvironmentVariables()
 				.AddEnvironmentVariables("KYOO_")
 				.AddCommandLine(args);
--- a/back/src/Kyoo.Host/PluginsStartup.cs
+++ b/back/src/Kyoo.Host/PluginsStartup.cs
@ -70,7 +70,7 @@ namespace Kyoo.Host
 		{
 			_plugins = plugins;
 			_configuration = configuration;
-			_hostModule = new HostModule(_plugins);
+			_hostModule = new HostModule(_plugins, configuration);
 			_plugins.LoadPlugins(
 				typeof(CoreModule),
 				typeof(AuthenticationModule),
--- a/back/src/Kyoo.Postgresql/PostgresModule.cs
+++ b/back/src/Kyoo.Postgresql/PostgresModule.cs
@ -17,7 +17,6 @@
 // along with Kyoo. If not, see <https://www.gnu.org/licenses/>.

 using System;
-using System.Collections.Generic;
 using System.Data.Common;
 using Kyoo.Abstractions.Controllers;
 using Microsoft.AspNetCore.Hosting;