Missing Authorization header is reported as 400 instead of 401

[notxcain]

A missing Authorization header is reported with 400 instead of 401 status code when served by a route created using the declarative endpoint syntax.

To Reproduce

1. Create a simple endpoint using Endpoint(PathCodec.Get).header(HeaderCodec.authorization).
2. Send a request without Authorization header.
3. Get a response with 400 status code.

Expected Behaviour

According to the RFC, in such case a response should have 401 Unauthorized code:

The 401 (Unauthorized) status code indicates that the request has not
been applied because it lacks valid authentication credentials for
the target resource.

[weili96]

I also meet this bug !

[weili96]

content-type is also error!

[987Nabil]

@weili96 without the endpoint definition, Idk what the issue is. Also, if you find a new bug, please open a new issue

[weili96]

private val editorViewArticleEndpoint =
  Endpoint((RoutePattern.POST / "article" / "editorView") ?? Doc.p("文章编辑页面-查看文章详情"))
    .auth(AuthType.Bearer)
    .header(HeaderCodec.authorization)
    .in[ArticleId]
    .out[ArticleInfo]
    .outErrors[ServerError](
      HttpCodec.error[BadRequestError](Status.BadRequest),
      HttpCodec.error[DbError](Status.InternalServerError)
    )
    .tag("Article")
private val editorViewArticleRoute = editorViewArticleEndpoint.implement(
  (authHeader: Authorization, input: ArticleId) =>
    ZIO.serviceWithZIO[ArticleApiHandler](_.editorViewArticle(input, Authorization.render(authHeader)))
)

@987Nabil when i send , without header of authorization

[weili96]

private val uploadImageEndpoint =
    Endpoint((RoutePattern.POST / "upload" / "image") ?? Doc.p("上传图片"))
      .auth(AuthType.Bearer)
      .header(HeaderCodec.authorization)
      .header(HeaderCodec.contentType)
      .inCodec(HttpCodec.binaryStream(MediaType.multipart.`form-data`))
      .out[ImageUrl]
      .outErrors[ServerError](
        HttpCodec.error[BadRequestError](Status.BadRequest),
        HttpCodec.error[DbError](Status.InternalServerError)
      )
      .tag("Tool")
  private val uploadImageRoute = uploadImageEndpoint.implement(
    (_, bytes) => {
      for
        _ <- ZIO.logInfo(bytes.toString)
        form <- Body.fromStreamChunked(bytes).asMultipartForm.mapError(e => BadRequestError(s"请求转换异常; ${e.toString}"))
        _ <- ZIO.logInfo(form.formData(1).name)
        res <- ZIO.serviceWithZIO[ToolApiHandler](_.uploadImage(form))
      yield res
    }
  )

this is also without contentType

[jdegoes]

/bounty $100

[algora-pbc]

💎 $100 bounty • ZIO

Steps to solve:

1. Start working: Comment /attempt #3235 with your implementation plan
2. Submit work: Create a pull request including /claim #3235 in the PR body to claim the bounty
3. Receive payment: 100% of the bounty is received 2-5 days post-reward. Make sure you are eligible for payouts

Thank you for contributing to zio/zio-http!

Add a bounty • Share on socials

Attempt	Started (GMT+0)	Solution
🟢 @notxcain	Jan 22, 2025, 6:09:56 PM	#3281

[notxcain]

/attempt #3235

Algora profile	Completed bounties	Tech	Active attempts	Options
@notxcain	1 ZIO bounty	Scala, JavaScript, Java & more		Cancel attempt

[algora-pbc]

💡 @notxcain submitted a pull request that claims the bounty. You can visit your bounty board to reward.