From b86ae4eb112ec142ba816cb391ae4f8baad54b60 Mon Sep 17 00:00:00 2001
From: phil <phil.dev@philome.mooo.com>
Date: Wed, 5 Feb 2025 02:13:09 +0100
Subject: [PATCH] Raise HTTPException on resource server error

---
 src/oidc_test/auth_utils.py       |  1 +
 src/oidc_test/resource_server.py  | 17 ++++++++++++-----
 src/oidc_test/static/styles.css   |  4 ++--
 src/oidc_test/static/utils.js     | 25 +++++++++++++++----------
 src/oidc_test/templates/home.html |  8 ++++++--
 5 files changed, 36 insertions(+), 19 deletions(-)

diff --git a/src/oidc_test/auth_utils.py b/src/oidc_test/auth_utils.py
index fd82ecd..0c8dcc7 100644
--- a/src/oidc_test/auth_utils.py
+++ b/src/oidc_test/auth_utils.py
@@ -37,6 +37,7 @@ async def fetch_token(name, request):
 
 async def update_token(name, token, refresh_token=None, access_token=None):
     breakpoint()
+    item = await db.get_token(token["id_token"])
     if refresh_token:
         item = OAuth2Token.find(name=name, refresh_token=refresh_token)
     elif access_token:
diff --git a/src/oidc_test/resource_server.py b/src/oidc_test/resource_server.py
index fbee866..635a91b 100644
--- a/src/oidc_test/resource_server.py
+++ b/src/oidc_test/resource_server.py
@@ -3,6 +3,8 @@ import logging
 
 from httpx import AsyncClient
 from jwt.exceptions import ExpiredSignatureError, InvalidTokenError
+from fastapi import HTTPException, status
+from starlette.status import HTTP_401_UNAUTHORIZED
 
 from .models import User
 
@@ -29,14 +31,17 @@ async def get_resource(resource_id: str, user: User) -> dict:
         else:
             ## For the showcase, giving a explanation.
             ## Alternatively, raise HTTP_401_UNAUTHORIZED
-            resp["sorry"] = (
+            raise HTTPException(
+                status.HTTP_401_UNAUTHORIZED,
                 f"No scope {required_scope} in the access token "
-                + "but it is required for accessing this resource."
+                + "but it is required for accessing this resource.",
             )
     except ExpiredSignatureError:
-        resp["sorry"] = "The token's signature has expired"
+        raise HTTPException(
+            status.HTTP_401_UNAUTHORIZED, "The token's signature has expired"
+        )
     except InvalidTokenError:
-        resp["sorry"] = "The token is invalid"
+        raise HTTPException(status.HTTP_401_UNAUTHORIZED, "The token is invalid")
     return resp
 
 
@@ -53,7 +58,9 @@ async def process(user, resource_id, resp):
             bs = await client.get("https://corporatebs-generator.sameerkumar.website/")
             resp["bs"] = bs.json().get("phrase", "Sorry, i am out of BS today.")
     else:
-        resp["sorry"] = f"I don't known how to give '{resource_id}'."
+        raise HTTPException(
+            status.HTTP_401_UNAUTHORIZED, f"I don't known how to give '{resource_id}'."
+        )
 
 
 # assert user.oidc_provider is not None
diff --git a/src/oidc_test/static/styles.css b/src/oidc_test/static/styles.css
index 426a464..7e1260b 100644
--- a/src/oidc_test/static/styles.css
+++ b/src/oidc_test/static/styles.css
@@ -73,6 +73,7 @@ hr {
 }
 .debug-auth p {
   border-bottom: 1px solid black;
+  text-align: left;
 }
 .debug-auth ul {
   padding: 0;
@@ -188,9 +189,8 @@ hr {
   gap: 0.5em;
 }
 
-.resource {
+.resourceResult {
   padding: 0.5em;
-  display: flex;
   gap: 0.5em;
   flex-direction: column;
   width: fit-content;
diff --git a/src/oidc_test/static/utils.js b/src/oidc_test/static/utils.js
index 2fdb32d..a982267 100644
--- a/src/oidc_test/static/utils.js
+++ b/src/oidc_test/static/utils.js
@@ -20,6 +20,8 @@ function checkPerms(className) {
 
 async function get_resource(id, token, authProvider) {
   //if (!keycloak.keycloak) { return }
+  const msg = document.getElementById("msg")
+  const resourceElem = document.getElementById('resource')
   const resp = await fetch("resource/" + id, {
     method: "GET",
     headers: new Headers({
@@ -27,18 +29,21 @@ async function get_resource(id, token, authProvider) {
       "Authorization": `Bearer ${token}`,
       "auth_provider": authProvider,
     }),
+  }).catch(err => {
+    msg.innerHTML = "Cannot fetch resource: " + err.message
+    resourceElem.innerHTML = ""
   })
-  /*
-    resource.value = resp['data']
-    msg.value = ""
+  if (resp === undefined) {
+    return
   }
-  ).catch (
-  err => msg.value = err
-  )
-*/
   const resource = await resp.json()
-  const rootElem = document.getElementById('resource')
-  rootElem.innerHTML = ""
+  if (!resp.ok) {
+    msg.innerHTML = resource["detail"]
+    resourceElem.innerHTML = ""
+    return
+  }
+  msg.innerHTML = ""
+  resourceElem.innerHTML = ""
   Object.entries(resource).forEach(
     ([k, v]) => {
       let r = document.createElement('div')
@@ -53,7 +58,7 @@ async function get_resource(id, token, authProvider) {
       }
       r.appendChild(kElem)
       r.appendChild(vElem)
-      rootElem.appendChild(r)
+      resourceElem.appendChild(r)
     }
   )
 }
diff --git a/src/oidc_test/templates/home.html b/src/oidc_test/templates/home.html
index 55bd844..ce344cc 100644
--- a/src/oidc_test/templates/home.html
+++ b/src/oidc_test/templates/home.html
@@ -69,7 +69,10 @@
     <button onclick="get_resource('time', '{{ user.access_token }}', '{{ oidc_provider_settings.id }}')">Time</button>
     <button onclick="get_resource('bs', '{{ user.access_token }}', '{{ oidc_provider_settings.id }}')">BS</button>
   </div>
-  <div id="resource" class="resource"></div>
+  <div class="resourceResult">
+    <div id="resource" class="resource"></div>
+    <div id="msg" class="msg error"></div>
+  </div>
   <hr>
   {% endif %}
   <div class="content">
@@ -96,6 +99,7 @@
         {% endfor %}
       </div>
     {% endif %}
+  </div>
   {% if user_info_details %}
     <hr>
     <div class="debug-auth">
@@ -103,7 +107,7 @@
       <ul>
         {% for key, value in user_info_details.items() %}
         <li>
-          <span class="key">{{ key }}</span>: {{ value }}
+          <span class="key">{{ key }}</span>: <span class="value">{{ value }}</span>
         </li>
         {% endfor %}
       </ul>