From 602ad948913d7e70a0d195a5c293be60109c024a Mon Sep 17 00:00:00 2001
From: bayusamudra5502 <bayusamudra.55.02.com@gmail.com>
Date: Wed, 15 Mar 2023 21:19:46 +0700
Subject: [PATCH] fix: fixing guard

---
 middleware/guard/guard.go | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/middleware/guard/guard.go b/middleware/guard/guard.go
index f5979ee..e8cb7b8 100644
--- a/middleware/guard/guard.go
+++ b/middleware/guard/guard.go
@@ -30,10 +30,10 @@ func (g GuardMiddleware) Handle(next http.Handler) http.Handler {
 		if len(g.Role) > 0 {
 			authorization := r.Header.Get("Authorization")
 
-			if authorization != "" {
+			if authorization == "" {
 				g.Logger.Info("Unauthorized access detected")
 
-				w.WriteHeader(http.StatusUnauthorized)
+				w.WriteHeader(http.StatusBadRequest)
 				payload := g.WrapperUtil.ErrorResponseWrap("authorization is required", nil)
 
 				parser := json.NewEncoder(w)
@@ -41,7 +41,18 @@ func (g GuardMiddleware) Handle(next http.Handler) http.Handler {
 				return
 			}
 
-			tokenString := strings.Split(authorization, " ")[1]
+			tokenSplit := strings.Split(authorization, " ")
+
+			if tokenSplit[0] != "Bearer" {
+				w.WriteHeader(http.StatusUnprocessableEntity)
+				payload := g.WrapperUtil.ErrorResponseWrap("authorization must be bearer token", nil)
+
+				parser := json.NewEncoder(w)
+				parser.Encode(payload)
+				return
+			}
+
+			tokenString := tokenSplit[1]
 			claim, err := g.Token.Validate(tokenString, authToken.Access)
 
 			if err != nil {
-- 
GitLab