return 401 for invalid token

helper/jwt.go

@@ -41,15 +41,15 @@ func JwtValidate(tokenString string, secret ...[]byte) *JwtClaims {
 
 	if err != nil {
 		log.Error("JWT ParseWithClaims Error: %s", err)
-		exception.New("Invalid token", 403).Ctx(err.Error()).Throw()
+		exception.New("Invalid token", 401).Ctx(err.Error()).Throw()
 		return nil
 	}
 
 	if claims, ok := token.Claims.(*JwtClaims); ok && token.Valid {
 		return claims
 	}
 
-	exception.New("Invalid token", 403).Ctx(token.Claims).Throw()
+	exception.New("Invalid token", 401).Ctx(token.Claims).Throw()
 	return nil
 }
 

studio/middleware.go

@@ -72,7 +72,7 @@ func hdAuth(c *gin.Context) {
 	if strings.HasPrefix(tokenString, "Bearer") {
 		tokenString = strings.TrimSpace(strings.TrimPrefix(tokenString, "Bearer "))
 		if tokenString == "" {
-			c.JSON(403, gin.H{"code": 403, "message": "No permission"})
+			c.JSON(401, gin.H{"code": 401, "message": "Not authenticated"})
 			c.Abort()
 			return
 		}

sui/api/guards.go

@@ -28,15 +28,15 @@ var Guards = map[string]func(c *Request) error{
 // JWT Bearer JWT
 func guardBearerJWT(r *Request) error {
 	if r.context == nil {
-		return fmt.Errorf("No permission")
+		return fmt.Errorf("Not authenticated")
 	}
 	c := r.context
 	tokenString := c.Request.Header.Get("Authorization")
 	tokenString = strings.TrimSpace(strings.TrimPrefix(tokenString, "Bearer "))
 	if tokenString == "" {
-		c.JSON(403, gin.H{"code": 403, "message": "No permission"})
+		c.JSON(401, gin.H{"code": 401, "message": "Not authenticated"})
 		c.Abort()
-		return fmt.Errorf("No permission")
+		return fmt.Errorf("Not authenticated")
 	}
 
 	claims := helper.JwtValidate(tokenString)
@@ -56,13 +56,13 @@ func guardCookieJWT(r *Request) error {
 	if err != nil {
 		// c.JSON(403, gin.H{"code": 403, "message": "No permission"})
 		// c.Abort()
-		return fmt.Errorf("Not Authorized")
+		return fmt.Errorf("Not authenticated")
 	}
 
 	if tokenString == "" {
 		// c.JSON(403, gin.H{"code": 403, "message": "No permission"})
 		// c.Abort()
-		return fmt.Errorf("Not Authorized")
+		return fmt.Errorf("Not authenticated")
 	}
 
 	claims := helper.JwtValidate(tokenString)
@@ -93,15 +93,15 @@ func guardCookieTrace(r *Request) error {
 // JWT Bearer JWT
 func guardQueryJWT(r *Request) error {
 	if r.context == nil {
-		return fmt.Errorf("No permission")
+		return fmt.Errorf("Not authenticated")
 	}
 	c := r.context
 
 	tokenString := c.Query("__tk")
 	if tokenString == "" {
-		c.JSON(403, gin.H{"code": 403, "message": "No permission"})
+		c.JSON(401, gin.H{"code": 401, "message": "Not authenticated"})
 		c.Abort()
-		return fmt.Errorf("No permission")
+		return fmt.Errorf("Not authenticated")
 	}
 
 	claims := helper.JwtValidate(tokenString)

widgets/form/process.go

@@ -94,7 +94,7 @@ func processDownload(process *gouProcess.Process) interface{} {
 	// Auth
 	tokenString = strings.TrimSpace(strings.TrimPrefix(tokenString, "Bearer "))
 	if tokenString == "" {
-		exception.New("%s.%s No permission", 403, form.ID, field).Throw()
+		exception.New("%s.%s not authenticated", 401, form.ID, field).Throw()
 	}
 	claims := helper.JwtValidate(tokenString)
 

widgets/list/process.go

@@ -82,7 +82,7 @@ func processDownload(process *gouProcess.Process) interface{} {
 	// Auth
 	tokenString = strings.TrimSpace(strings.TrimPrefix(tokenString, "Bearer "))
 	if tokenString == "" {
-		exception.New("%s.%s No permission", 403, list.ID, field).Throw()
+		exception.New("%s.%s not authenticated", 401, list.ID, field).Throw()
 	}
 	claims := helper.JwtValidate(tokenString)
 

widgets/login/process.go

@@ -44,7 +44,7 @@ func processLoginAdmin(process *process.Process) interface{} {
 
 	if !helper.CaptchaValidate(id, value) {
 		log.With(log.F{"id": id, "code": value}).Debug("ProcessLogin")
-		exception.New("验证码不正确", 403).Ctx(maps.Map{"id": id, "code": value}).Throw()
+		exception.New("验证码不正确", 401).Ctx(maps.Map{"id": id, "code": value}).Throw()
 		return nil
 	}