Bug fix: HTTPException should not be used in a middleware, so use JSONResponse instead

2026-05-03 19:04:59 +02:00
parent 374dc89c09
commit 10a25b82af
2 changed files with 14 additions and 5 deletions
@@ -16,6 +16,7 @@ import hmac
 import hashlib
 from fastapi import Request, HTTPException
 from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.responses import JSONResponse

 __all__ = [
    'GiteaSignatureMiddleware'
@@ -45,7 +46,10 @@ class GiteaSignatureMiddleware(BaseHTTPMiddleware):
            signature = request.headers.get('X-Gitea-Signature')

            if not signature:
-                raise HTTPException(status_code = 401, detail = 'Missing signature')
+                return JSONResponse(
+                    status_code = 401,
+                    content = {'detail': 'Invalid signature'}
+                )
            
            body = await request.body()

@@ -57,6 +61,9 @@ class GiteaSignatureMiddleware(BaseHTTPMiddleware):
                ).hexdigest()}',
                signature
            ):
-                raise HTTPException(status_code = 401, detail = 'Invalid signature')
-            
+                return JSONResponse(
+                    status_code = 401,
+                    content = {'detail': 'Invalid signature'}
+                )
+
        return await call_next(request)
@@ -104,6 +104,8 @@ async def test_GiteaSignatureMiddleware_valid_signature(body, secret):
    res = await middleware.dispatch(req, call_next)
    assert hasattr(res, 'called')

+import pprint
+
@pytest.mark.asyncio
@pytest.mark.parametrize('signature,body,secret', [
    (make_signature(b'body', b''), b'body', b'\x42'),
@@ -139,5 +141,5 @@ async def test_GiteaSignatureMiddleware_invalid_signature(signature, body, secre
        headers
    )

-    with pytest.raises(HTTPException):
-        await middleware.dispatch(req, call_next)
+    res = await middleware.dispatch(req, call_next)
+    assert res.status_code == 401