From d81546658a86bcc6c3c347e27d20ad33860209ac Mon Sep 17 00:00:00 2001
From: Gabriel Simmer <gabriel@gitgalaxy.com>
Date: Tue, 5 Jul 2022 18:15:34 +0100
Subject: [PATCH] Return 403 on session denial rather than redirect

---
 transport/http.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/transport/http.go b/transport/http.go
index ed2aaa6..f91ff42 100644
--- a/transport/http.go
+++ b/transport/http.go
@@ -57,13 +57,13 @@ func (h *Handler) SessionAuth(next http.Handler) http.Handler {
 		session, err := r.Cookie("session")
 		if err != nil {
 			log.Println(err)
-			http.Redirect(w, r, "/api/v1/auth/redirect", http.StatusTemporaryRedirect)
+			http.Error(w, err.Error(), http.StatusForbidden)
 			return
 		}
 		user, err := h.store.SessionUser(session.Value)
 		if err != nil {
 			log.Println(err)
-			http.Redirect(w, r, "/api/v1/auth/redirect", http.StatusTemporaryRedirect)
+			http.Error(w, err.Error(), http.StatusForbidden)
 			return
 		}
 		ctx := context.WithValue(r.Context(), "user", user)