fix(middleware): return JSON error

pkg/middleware/json-errors.go

@@ -0,0 +1,24 @@
+package middleware
+
+import (
+	"encoding/json"
+	"net/http"
+)
+
+type errorObject struct {
+	Message string `json:"message"`
+}
+
+type errorsObject struct {
+	Errors []errorObject `json:"errors"`
+}
+
+func jsonErrors(w http.ResponseWriter, message string, code int) {
+	err := errorsObject{
+		Errors: []errorObject{{Message: message}},
+	}
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.Header().Set("X-Content-Type-Options", "nosniff")
+	w.WriteHeader(code)
+	json.NewEncoder(w).Encode(err)
+}

pkg/middleware/oidc-jwt-auth.go

@@ -33,7 +33,7 @@ func OpenIDConnectJWTAuth(authority string) Middleware {
 				return nil, errors.New("kid header not found in token")
 			})
 			if err != nil {
-				http.Error(w, err.Error(), 401)
+				jsonErrors(w, err.Error(), 401)
 				return
 			}
 			if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
@@ -44,12 +44,12 @@ func OpenIDConnectJWTAuth(authority string) Middleware {
 					username = val.(string)
 				}
 				if username == "" {
-					http.Error(w, "No username inside token", 403)
+					jsonErrors(w, "No username inside token", 403)
 					return
 				}
 				user, err := service.Lookup().GetOrRegisterUser(ctx, username)
 				if err != nil {
-					http.Error(w, err.Error(), http.StatusInternalServerError)
+					jsonErrors(w, err.Error(), http.StatusInternalServerError)
 					return
 				}
 				isAdmin := false
@@ -68,7 +68,7 @@ func OpenIDConnectJWTAuth(authority string) Middleware {
 				inner.ServeHTTP(w, r.WithContext(ctx))
 				return
 			}
-			http.Error(w, "Unauthorized", 401)
+			jsonErrors(w, "Unauthorized", 401)
 		})
 	}
 }

pkg/middleware/proxy-auth.go

@@ -41,7 +41,6 @@ func ProxyAuth(inner http.Handler) http.Handler {
 			return
 		}
 		w.Header().Set("WWW-Authenticate", `Basic realm="Ah ah ah, you didn't say the magic word"`)
-		w.WriteHeader(401)
-		w.Write([]byte("Unauthorized\n"))
+		jsonErrors(w, "Unauthorized", 401)
 	})
 }