From 6574470278af3027388b0f2ee06affa745e4e643 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= <sedivy.miro@gmail.com>
Date: Thu, 12 Jan 2023 23:21:56 +0100
Subject: [PATCH] login logout proper http error handling.

---
 internal/api/session.go | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/internal/api/session.go b/internal/api/session.go
index 3ea6cc41..e221d1d6 100644
--- a/internal/api/session.go
+++ b/internal/api/session.go
@@ -1,6 +1,7 @@
 package api
 
 import (
+	"errors"
 	"net/http"
 
 	"github.com/demodesk/neko/pkg/auth"
@@ -28,7 +29,13 @@ func (api *ApiManagerCtx) Login(w http.ResponseWriter, r *http.Request) error {
 
 	session, token, err := api.members.Login(data.Username, data.Password)
 	if err != nil {
-		return utils.HttpUnauthorized().WithInternalErr(err)
+		if errors.Is(err, types.ErrSessionAlreadyConnected) {
+			return utils.HttpUnprocessableEntity("session already connected")
+		} else if errors.Is(err, types.ErrMemberDoesNotExist) || errors.Is(err, types.ErrMemberInvalidPassword) {
+			return utils.HttpUnauthorized().WithInternalErr(err)
+		} else {
+			return utils.HttpInternalServerError().WithInternalErr(err)
+		}
 	}
 
 	sessionData := SessionDataPayload{
@@ -51,7 +58,11 @@ func (api *ApiManagerCtx) Logout(w http.ResponseWriter, r *http.Request) error {
 
 	err := api.members.Logout(session.ID())
 	if err != nil {
-		return utils.HttpUnauthorized().WithInternalErr(err)
+		if errors.Is(err, types.ErrSessionNotFound) {
+			return utils.HttpBadRequest("session is not logged in")
+		} else {
+			return utils.HttpInternalServerError().WithInternalErr(err)
+		}
 	}
 
 	if api.sessions.CookieEnabled() {