chore(handles/auth): improve error response (#2148)

xrgzs · web-flow · commit 82ae2d5890cc · 2026-02-19T17:15:40.000+08:00
* chore(handles/auth): improve error response Signed-off-by: MadDogOwner <xiaoran@xrgzs.top> * Apply suggestion from @xrgzs Signed-off-by: MadDogOwner <xiaoran@xrgzs.top> --------- Signed-off-by: MadDogOwner <xiaoran@xrgzs.top>
diff --git a/internal/model/user.go b/internal/model/user.go
@@ -20,7 +20,15 @@ const (
 	ADMIN
 )
 
-const StaticHashSalt = "https://github.com/alist-org/alist"
+const (
+	StaticHashSalt = "https://github.com/alist-org/alist"
+
+	InvalidUsernameOrPassword = "Invalid username or password"
+	Invalid2FACode            = "Invalid 2FA code"
+	TooManyAttempts           = "Too many unsuccessful sign-in attempts have been made using an incorrect username or password, Try again later."
+	GuestCannotUpdateProfile  = "Guest user can not update profile"
+	GuestCannotGenerate2FA    = "Guest user can not generate 2FA code"
+)
 
 var LoginCache = cache.NewMemCache[int]()
 
diff --git a/server/handles/auth.go b/server/handles/auth.go
@@ -45,35 +45,36 @@ func loginHash(c *gin.Context, req *LoginReq) {
 	ip := c.ClientIP()
 	count, ok := model.LoginCache.Get(ip)
 	if ok && count >= model.DefaultMaxAuthRetries {
-		common.ErrorStrResp(c, "Too many unsuccessful sign-in attempts have been made using an incorrect username or password, Try again later.", 429)
+		common.ErrorStrResp(c, model.TooManyAttempts, 429)
 		model.LoginCache.Expire(ip, model.DefaultLockDuration)
 		return
 	}
 	// check username
 	user, err := op.GetUserByName(req.Username)
 	if err != nil {
-		common.ErrorResp(c, err, 400)
+		common.ErrorStrResp(c, model.InvalidUsernameOrPassword, 401)
 		model.LoginCache.Set(ip, count+1)
 		return
 	}
 	// validate password hash
 	if err := user.ValidatePwdStaticHash(req.Password); err != nil {
-		common.ErrorResp(c, err, 400)
+		common.ErrorStrResp(c, model.InvalidUsernameOrPassword, 401)
 		model.LoginCache.Set(ip, count+1)
 		return
 	}
 	// check 2FA
 	if user.OtpSecret != "" {
 		if !totp.Validate(req.OtpCode, user.OtpSecret) {
-			common.ErrorStrResp(c, "Invalid 2FA code", 402)
+			// 402 - need opt
+			common.ErrorStrResp(c, model.Invalid2FACode, 402)
 			model.LoginCache.Set(ip, count+1)
 			return
 		}
 	}
 	// generate token
 	token, err := common.GenerateToken(user)
 	if err != nil {
-		common.ErrorResp(c, err, 400, true)
+		common.ErrorResp(c, err, 500, true)
 		return
 	}
 	common.SuccessResp(c, gin.H{"token": token})
@@ -107,7 +108,7 @@ func UpdateCurrent(c *gin.Context) {
 	}
 	user := c.Request.Context().Value(conf.UserKey).(*model.User)
 	if user.IsGuest() {
-		common.ErrorStrResp(c, "Guest user can not update profile", 403)
+		common.ErrorStrResp(c, model.GuestCannotUpdateProfile, 403)
 		return
 	}
 	user.Username = req.Username
@@ -125,7 +126,7 @@ func UpdateCurrent(c *gin.Context) {
 func Generate2FA(c *gin.Context) {
 	user := c.Request.Context().Value(conf.UserKey).(*model.User)
 	if user.IsGuest() {
-		common.ErrorStrResp(c, "Guest user can not generate 2FA code", 403)
+		common.ErrorStrResp(c, model.GuestCannotGenerate2FA, 403)
 		return
 	}
 	key, err := totp.Generate(totp.GenerateOpts{
@@ -164,11 +165,11 @@ func Verify2FA(c *gin.Context) {
 	}
 	user := c.Request.Context().Value(conf.UserKey).(*model.User)
 	if user.IsGuest() {
-		common.ErrorStrResp(c, "Guest user can not generate 2FA code", 403)
+		common.ErrorStrResp(c, model.GuestCannotGenerate2FA, 403)
 		return
 	}
 	if !totp.Validate(req.Code, req.Secret) {
-		common.ErrorStrResp(c, "Invalid 2FA code", 400)
+		common.ErrorStrResp(c, model.Invalid2FACode, 400)
 		return
 	}
 	user.OtpSecret = req.Secret
