Fix unauthorized error handling, panic recovery, and concurrent JWT cache#1067
Draft
oliverbaehler with Copilot wants to merge 3 commits into
Draft
Fix unauthorized error handling, panic recovery, and concurrent JWT cache#1067oliverbaehler with Copilot wants to merge 3 commits into
oliverbaehler with Copilot wants to merge 3 commits into
Conversation
Copilot
AI
changed the title
[WIP] Fix code based on review comments
Fix unauthorized error handling, panic recovery, and concurrent JWT cache
Jul 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Addresses review feedback on PR #1066: several error paths returned 500 for auth failures, the JWT token cache had data races, and the panic recovery middleware swallowed
http.ErrAbortHandlerand returned plain-text instead of JSON.Error handling: distinguish unauthorized from internal errors
ResolveUserAndGroupsreturns*req.ErrUnauthorizedfor missing/invalid auth — previously all failures were routed throughHandleError(500). Now all call sites check error type and callHandleUnauthorized(403) orHandleError(500) accordingly, matching the pattern already used inimpersonateHandler.Affected:
authorizationMiddleware,registerModules(webserver.go),CheckUserInIgnoredGroupMiddleware,CheckUserInCapsuleGroupMiddleware(user_in_group.go).JWT middleware: fix concurrent map writes
invalidatedTokenis asets.Set[string](backed by a map) captured in a closure and accessed across concurrent requests. Addedsync.RWMutexto protect all reads and writes.Panic recovery: correct
http.ErrAbortHandlersemantics + JSON responseThe custom
recoveryMiddleware(replacinggorilla/handlers.RecoveryHandler) now:http.ErrAbortHandlersonet/httpcan handle connection abort correctlymetav1.Statusviaserver.HandleErrorinstead of plain-texthttp.Errorerrors/panic.go: remove panics, add proper status codesHandleErrorandHandleUnauthorizedpreviously ended withpanic(), relying on a recovery handler to terminate the request. They now write the response (with correct HTTP status codes and headers) and return normally. Call sites were updated to add explicitreturnstatements.Other
gorilla/handlersdependency (no longer needed)tokenreviewsRBAC rule to the FlowSchema chart template (required by JWT middleware)