Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(backend): APIエラーのHTTP status code変更 #11047

Merged
merged 1 commit into from
Jun 26, 2023
Merged

fix(backend): APIエラーのHTTP status code変更 #11047

merged 1 commit into from
Jun 26, 2023

Conversation

saschanaz
Copy link
Member

What

  • authenticationエラーにHTTP 401
  • permissonエラーにHTTP 403

Why

https://www.rfc-editor.org/rfc/rfc9110#status.401

The 401 (Unauthorized) status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource.
If the request included authentication credentials, then the 401 response indicates that authorization has been refused for those credentials.

https://www.rfc-editor.org/rfc/rfc9110#name-403-forbidden

The 403 (Forbidden) status code indicates that the server understood the request but refuses to fulfill it. A server that wishes to make public why the request has been forbidden can describe that reason in the response content (if any).
If authentication credentials were provided in the request, the server considers them insufficient to grant access.

あとOAuthのスペックにもtokenエラーに401使うように書いてあるので(いますぐには関係ありませんが関係あるようになる)

https://datatracker.ietf.org/doc/html/rfc6750.html#section-3.1

invalid_token
The access token provided is expired, revoked, malformed, or
invalid for other reasons. The resource SHOULD respond with
the HTTP 401 (Unauthorized) status code. The client MAY
request a new access token and retry the protected resource
request.

403も同じく

insufficient_scope
The request requires higher privileges than provided by the
access token. The resource server SHOULD respond with the HTTP
403 (Forbidden) status code and MAY include the "scope"
attribute with the scope necessary to access the protected
resource.

Additional info (optional)

Checklist

  • Read the contribution guide
  • Test working in a local environment
  • (If needed) Add story of storybook
  • (If needed) Update CHANGELOG.md
  • (If possible) Add tests

@github-actions github-actions bot added packages/backend Server side specific issue/PR packages/backend:test labels Jun 25, 2023
@codecov
Copy link

codecov bot commented Jun 25, 2023
edited
Loading

Codecov Report

Merging #11047 (6027846) into develop (8099bc2) will increase coverage by 0.04%.
The diff coverage is 33.33%.

@@             Coverage Diff             @@
##           develop   #11047      +/-   ##
===========================================
+ Coverage    77.29%   77.34%   +0.04%     
===========================================
  Files          907      907              
  Lines        91361    91365       +4     
  Branches      7512     7522      +10     
===========================================
+ Hits         70620    70665      +45     
+ Misses       20741    20700      -41
Impacted Files Coverage Δ
packages/backend/src/server/api/ApiCallService.ts 71.92% <33.33%> (+4.08%) ⬆️

... and 3 files with indirect coverage changes

@syuilo syuilo merged commit d23ad8b into develop Jun 26, 2023
@syuilo syuilo deleted the api-error-code branch June 26, 2023 01:09
@syuilo
Copy link
Member

syuilo commented Jun 26, 2023

👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@acid-chicken acid-chicken Awaiting requested review from acid-chicken

@syuilo syuilo Awaiting requested review from syuilo

Assignees
No one assigned
Labels
packages/backend:test packages/backend Server side specific issue/PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@saschanaz @syuilo