fix: guard every error statement with early return (#2810)

2025-10-29 23:25:01 -04:00 · 2025-10-22 19:48:07 +08:00 · 2025-10-22 19:48:07 +08:00 · 2c9e98d3f5
commit 2c9e98d3f5
parent 8becb7e54a
1 changed files with 33 additions and 41 deletions
--- a/hscontrol/app.go
+++ b/hscontrol/app.go
@ -380,53 +380,45 @@ func (h *Headscale) httpAuthenticationMiddleware(next http.Handler) http.Handler
 		writer http.ResponseWriter,
 		req *http.Request,
 	) {
-		if err := func() error {
-			log.Trace().
+		log.Trace().
+			Caller().
+			Str("client_address", req.RemoteAddr).
+			Msg("HTTP authentication invoked")
+
+		authHeader := req.Header.Get("Authorization")
+
+		writeUnauthorized := func(statusCode int) {
+			writer.WriteHeader(statusCode)
+			if _, err := writer.Write([]byte("Unauthorized")); err != nil {
+				log.Error().Err(err).Msg("writing HTTP response failed")
+			}
+		}
+
+		if !strings.HasPrefix(authHeader, AuthPrefix) {
+			log.Error().
 				Caller().
 				Str("client_address", req.RemoteAddr).
-				Msg("HTTP authentication invoked")
+				Msg(`missing "Bearer " prefix in "Authorization" header`)
+			writeUnauthorized(http.StatusUnauthorized)
+			return
+		}

-			authHeader := req.Header.Get("Authorization")
-
-			if !strings.HasPrefix(authHeader, AuthPrefix) {
-				log.Error().
-					Caller().
-					Str("client_address", req.RemoteAddr).
-					Msg(`missing "Bearer " prefix in "Authorization" header`)
-				writer.WriteHeader(http.StatusUnauthorized)
-				_, err := writer.Write([]byte("Unauthorized"))
-				return err
-			}
-
-			valid, err := h.state.ValidateAPIKey(strings.TrimPrefix(authHeader, AuthPrefix))
-			if err != nil {
-				log.Error().
-					Caller().
-					Err(err).
-					Str("client_address", req.RemoteAddr).
-					Msg("failed to validate token")
-
-				writer.WriteHeader(http.StatusInternalServerError)
-				_, err := writer.Write([]byte("Unauthorized"))
-				return err
-			}
-
-			if !valid {
-				log.Info().
-					Str("client_address", req.RemoteAddr).
-					Msg("invalid token")
-
-				writer.WriteHeader(http.StatusUnauthorized)
-				_, err := writer.Write([]byte("Unauthorized"))
-				return err
-			}
-
-			return nil
-		}(); err != nil {
+		valid, err := h.state.ValidateAPIKey(strings.TrimPrefix(authHeader, AuthPrefix))
+		if err != nil {
 			log.Error().
 				Caller().
 				Err(err).
-				Msg("Failed to write HTTP response")
+				Str("client_address", req.RemoteAddr).
+				Msg("failed to validate token")
+			writeUnauthorized(http.StatusInternalServerError)
+			return
+		}
+
+		if !valid {
+			log.Info().
+				Str("client_address", req.RemoteAddr).
+				Msg("invalid token")
+			writeUnauthorized(http.StatusUnauthorized)
 			return
 		}