# HG changeset patch
# User Peter Sanchez <peter@netlandish.com>
# Date 1690118738 21600
#      Sun Jul 23 07:25:38 2023 -0600
# Node ID cfd0400ff48e8d8ebbbe5551ced38f9c3a943c29
# Parent  abb365e5681558e4ec02ea07e433631ffaecfc44
Adding ErrInvalidToken to make it easier to process auth errors in external applications

diff --git a/logic.go b/logic.go
--- a/logic.go
+++ b/logic.go
@@ -4,6 +4,7 @@
 	"context"
 	"crypto/sha512"
 	"encoding/hex"
+	"errors"
 	"fmt"
 	"log"
 
@@ -12,10 +13,16 @@
 	"hg.code.netlandish.com/~netlandish/gobwebs/database"
 )
 
+// ErrInvalidToken general error for invalid tokens. You can use this to
+// customize behavior when an error is returned in your middleware checks.
+var ErrInvalidToken = errors.New("invalid or expired OAuth 2.0 bearer token")
+
+// OAuth2 will check the provided token and verify it's validity, returning a
+// TokenUser once all checks pass.
 func OAuth2(ctx context.Context, token string, fetch gobwebs.UserFetch) (*TokenUser, error) {
 	bt := DecodeBearerToken(ctx, token)
 	if bt == nil {
-		return nil, fmt.Errorf("Invalid or expired OAuth 2.0 bearer token")
+		return nil, ErrInvalidToken
 	}
 	user, err := fetch.FromDB(ctx, uint(bt.UserID), true)
 	if err != nil {
@@ -35,11 +42,11 @@
 		return nil, err
 	}
 	if len(grants) == 0 {
-		return nil, fmt.Errorf("Invalid or expired OAuth 2.0 bearer token")
+		return nil, ErrInvalidToken
 	} else if len(grants) > 1 {
 		// Should never happen
 		log.Printf("Token hash %s has more than one grant record", hashStr)
-		return nil, fmt.Errorf("Error with provided OAuth 2.0 bearer token")
+		return nil, fmt.Errorf("Error with provided OAuth 2.0 bearer token: %w", ErrInvalidToken)
 	}
 	grant := grants[0]