From 1175ce3f97fdebc6fdb489ce65deaac59c7b7f87 Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Tue, 21 Apr 2020 07:36:22 -0600
Subject: Add Exception Middleware

---
 Jellyfin.Server/Middleware/ExceptionMiddleware.cs | 60 +++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 Jellyfin.Server/Middleware/ExceptionMiddleware.cs

(limited to 'Jellyfin.Server/Middleware/ExceptionMiddleware.cs')

diff --git a/Jellyfin.Server/Middleware/ExceptionMiddleware.cs b/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
new file mode 100644
index 000000000..39aace95d
--- /dev/null
+++ b/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
@@ -0,0 +1,60 @@
+using System;
+using System.Text.Json;
+using System.Threading.Tasks;
+using Jellyfin.Api.Models.ExceptionDtos;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+
+namespace Jellyfin.Server.Middleware
+{
+    /// <summary>
+    /// Exception Middleware.
+    /// </summary>
+    public class ExceptionMiddleware
+    {
+        private readonly RequestDelegate _next;
+        private readonly ILogger<ExceptionMiddleware> _logger;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="ExceptionMiddleware"/> class.
+        /// </summary>
+        /// <param name="next">Next request delegate.</param>
+        /// <param name="loggerFactory">Instance of the <see cref="ILoggerFactory"/> interface.</param>
+        public ExceptionMiddleware(RequestDelegate next, ILoggerFactory loggerFactory)
+        {
+            _next = next ?? throw new ArgumentNullException(nameof(next));
+            _logger = loggerFactory.CreateLogger<ExceptionMiddleware>() ??
+                      throw new ArgumentNullException(nameof(loggerFactory));
+        }
+
+        /// <summary>
+        /// Invoke request.
+        /// </summary>
+        /// <param name="context">Request context.</param>
+        /// <returns>Task.</returns>
+        public async Task Invoke(HttpContext context)
+        {
+            try
+            {
+                await _next(context).ConfigureAwait(false);
+            }
+            catch (Exception ex)
+            {
+                if (context.Response.HasStarted)
+                {
+                    _logger.LogWarning("The response has already started, the exception middleware will not be executed.");
+                    throw;
+                }
+
+                var exceptionBody = new ExceptionDto { Message = ex.Message };
+                var exceptionJson = JsonSerializer.Serialize(exceptionBody);
+
+                context.Response.Clear();
+                context.Response.StatusCode = StatusCodes.Status500InternalServerError;
+                // TODO switch between PascalCase and camelCase
+                context.Response.ContentType = "application/json";
+                await context.Response.WriteAsync(exceptionJson).ConfigureAwait(false);
+            }
+        }
+    }
+}
-- 
cgit v1.2.3


From 3ef8448a518e673feae0c70c2682d60e4632c0cd Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Tue, 21 Apr 2020 09:09:05 -0600
Subject: Return to previous exception handle implementation

---
 Jellyfin.Api/BaseJellyfinApiController.cs         |  3 -
 Jellyfin.Api/Models/ExceptionDtos/ExceptionDto.cs | 14 ----
 Jellyfin.Server/Middleware/ExceptionMiddleware.cs | 86 +++++++++++++++++++----
 3 files changed, 73 insertions(+), 30 deletions(-)
 delete mode 100644 Jellyfin.Api/Models/ExceptionDtos/ExceptionDto.cs

(limited to 'Jellyfin.Server/Middleware/ExceptionMiddleware.cs')

diff --git a/Jellyfin.Api/BaseJellyfinApiController.cs b/Jellyfin.Api/BaseJellyfinApiController.cs
index f69175986..1f4508e6c 100644
--- a/Jellyfin.Api/BaseJellyfinApiController.cs
+++ b/Jellyfin.Api/BaseJellyfinApiController.cs
@@ -1,5 +1,3 @@
-using Jellyfin.Api.Models.ExceptionDtos;
-using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Jellyfin.Api
@@ -9,7 +7,6 @@ namespace Jellyfin.Api
     /// </summary>
     [ApiController]
     [Route("[controller]")]
-    [ProducesResponseType(typeof(ExceptionDto), StatusCodes.Status500InternalServerError)]
     public class BaseJellyfinApiController : ControllerBase
     {
     }
diff --git a/Jellyfin.Api/Models/ExceptionDtos/ExceptionDto.cs b/Jellyfin.Api/Models/ExceptionDtos/ExceptionDto.cs
deleted file mode 100644
index d2b48d4ae..000000000
--- a/Jellyfin.Api/Models/ExceptionDtos/ExceptionDto.cs
+++ /dev/null
@@ -1,14 +0,0 @@
-namespace Jellyfin.Api.Models.ExceptionDtos
-{
-    /// <summary>
-    /// Exception Dto.
-    /// Used for graceful handling of API exceptions.
-    /// </summary>
-    public class ExceptionDto
-    {
-        /// <summary>
-        /// Gets or sets exception message.
-        /// </summary>
-        public string Message { get; set; }
-    }
-}
diff --git a/Jellyfin.Server/Middleware/ExceptionMiddleware.cs b/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
index 39aace95d..0d9dac89f 100644
--- a/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
+++ b/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
@@ -1,7 +1,9 @@
 using System;
-using System.Text.Json;
+using System.IO;
 using System.Threading.Tasks;
-using Jellyfin.Api.Models.ExceptionDtos;
+using MediaBrowser.Common.Extensions;
+using MediaBrowser.Controller.Configuration;
+using MediaBrowser.Controller.Net;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 
@@ -14,17 +16,22 @@ namespace Jellyfin.Server.Middleware
     {
         private readonly RequestDelegate _next;
         private readonly ILogger<ExceptionMiddleware> _logger;
+        private readonly IServerConfigurationManager _configuration;
 
         /// <summary>
         /// Initializes a new instance of the <see cref="ExceptionMiddleware"/> class.
         /// </summary>
         /// <param name="next">Next request delegate.</param>
         /// <param name="loggerFactory">Instance of the <see cref="ILoggerFactory"/> interface.</param>
-        public ExceptionMiddleware(RequestDelegate next, ILoggerFactory loggerFactory)
+        /// <param name="serverConfigurationManager">Instance of the <see cref="IServerConfigurationManager"/> interface.</param>
+        public ExceptionMiddleware(
+            RequestDelegate next,
+            ILoggerFactory loggerFactory,
+            IServerConfigurationManager serverConfigurationManager)
         {
-            _next = next ?? throw new ArgumentNullException(nameof(next));
-            _logger = loggerFactory.CreateLogger<ExceptionMiddleware>() ??
-                      throw new ArgumentNullException(nameof(loggerFactory));
+            _next = next;
+            _logger = loggerFactory.CreateLogger<ExceptionMiddleware>();
+            _configuration = serverConfigurationManager;
         }
 
         /// <summary>
@@ -46,15 +53,68 @@ namespace Jellyfin.Server.Middleware
                     throw;
                 }
 
-                var exceptionBody = new ExceptionDto { Message = ex.Message };
-                var exceptionJson = JsonSerializer.Serialize(exceptionBody);
+                ex = GetActualException(ex);
+                _logger.LogError(ex, "Error processing request: {0}", ex.Message);
+                context.Response.StatusCode = GetStatusCode(ex);
+                context.Response.ContentType = "text/plain";
 
-                context.Response.Clear();
-                context.Response.StatusCode = StatusCodes.Status500InternalServerError;
-                // TODO switch between PascalCase and camelCase
-                context.Response.ContentType = "application/json";
-                await context.Response.WriteAsync(exceptionJson).ConfigureAwait(false);
+                var errorContent = NormalizeExceptionMessage(ex.Message);
+                await context.Response.WriteAsync(errorContent).ConfigureAwait(false);
             }
         }
+
+        private static Exception GetActualException(Exception ex)
+        {
+            if (ex is AggregateException agg)
+            {
+                var inner = agg.InnerException;
+                if (inner != null)
+                {
+                    return GetActualException(inner);
+                }
+
+                var inners = agg.InnerExceptions;
+                if (inners.Count > 0)
+                {
+                    return GetActualException(inners[0]);
+                }
+            }
+
+            return ex;
+        }
+
+        private static int GetStatusCode(Exception ex)
+        {
+            switch (ex)
+            {
+                case ArgumentException _: return StatusCodes.Status400BadRequest;
+                case SecurityException _: return StatusCodes.Status401Unauthorized;
+                case DirectoryNotFoundException _:
+                case FileNotFoundException _:
+                case ResourceNotFoundException _: return StatusCodes.Status404NotFound;
+                case MethodNotAllowedException _: return StatusCodes.Status405MethodNotAllowed;
+                default: return StatusCodes.Status500InternalServerError;
+            }
+        }
+
+        private string NormalizeExceptionMessage(string msg)
+        {
+            if (msg == null)
+            {
+                return string.Empty;
+            }
+
+            // Strip any information we don't want to reveal
+            msg = msg.Replace(
+                _configuration.ApplicationPaths.ProgramSystemPath,
+                string.Empty,
+                StringComparison.OrdinalIgnoreCase);
+            msg = msg.Replace(
+                _configuration.ApplicationPaths.ProgramDataPath,
+                string.Empty,
+                StringComparison.OrdinalIgnoreCase);
+
+            return msg;
+        }
     }
 }
-- 
cgit v1.2.3


From c6eebca335d09d6a6c627205e126448ab5441f37 Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Thu, 23 Apr 2020 07:29:28 -0600
Subject: Apply suggestions and add URL to log message

---
 Jellyfin.Server/Middleware/ExceptionMiddleware.cs | 34 +++++++++++++----------
 1 file changed, 19 insertions(+), 15 deletions(-)

(limited to 'Jellyfin.Server/Middleware/ExceptionMiddleware.cs')

diff --git a/Jellyfin.Server/Middleware/ExceptionMiddleware.cs b/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
index 0d9dac89f..ecc76594e 100644
--- a/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
+++ b/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
@@ -1,5 +1,6 @@
 using System;
 using System.IO;
+using System.Net.Mime;
 using System.Threading.Tasks;
 using MediaBrowser.Common.Extensions;
 using MediaBrowser.Controller.Configuration;
@@ -22,15 +23,15 @@ namespace Jellyfin.Server.Middleware
         /// Initializes a new instance of the <see cref="ExceptionMiddleware"/> class.
         /// </summary>
         /// <param name="next">Next request delegate.</param>
-        /// <param name="loggerFactory">Instance of the <see cref="ILoggerFactory"/> interface.</param>
+        /// <param name="logger">Instance of the <see cref="ILogger{ExceptionMiddleware}"/> interface.</param>
         /// <param name="serverConfigurationManager">Instance of the <see cref="IServerConfigurationManager"/> interface.</param>
         public ExceptionMiddleware(
             RequestDelegate next,
-            ILoggerFactory loggerFactory,
+            ILogger<ExceptionMiddleware> logger,
             IServerConfigurationManager serverConfigurationManager)
         {
             _next = next;
-            _logger = loggerFactory.CreateLogger<ExceptionMiddleware>();
+            _logger = logger;
             _configuration = serverConfigurationManager;
         }
 
@@ -54,9 +55,14 @@ namespace Jellyfin.Server.Middleware
                 }
 
                 ex = GetActualException(ex);
-                _logger.LogError(ex, "Error processing request: {0}", ex.Message);
+                _logger.LogError(
+                    ex,
+                    "Error processing request: {ExceptionMessage}. URL {Method} {Url}. ",
+                    ex.Message,
+                    context.Request.Method,
+                    context.Request.Path);
                 context.Response.StatusCode = GetStatusCode(ex);
-                context.Response.ContentType = "text/plain";
+                context.Response.ContentType = MediaTypeNames.Text.Plain;
 
                 var errorContent = NormalizeExceptionMessage(ex.Message);
                 await context.Response.WriteAsync(errorContent).ConfigureAwait(false);
@@ -105,16 +111,14 @@ namespace Jellyfin.Server.Middleware
             }
 
             // Strip any information we don't want to reveal
-            msg = msg.Replace(
-                _configuration.ApplicationPaths.ProgramSystemPath,
-                string.Empty,
-                StringComparison.OrdinalIgnoreCase);
-            msg = msg.Replace(
-                _configuration.ApplicationPaths.ProgramDataPath,
-                string.Empty,
-                StringComparison.OrdinalIgnoreCase);
-
-            return msg;
+            return msg.Replace(
+                    _configuration.ApplicationPaths.ProgramSystemPath,
+                    string.Empty,
+                    StringComparison.OrdinalIgnoreCase)
+                .Replace(
+                    _configuration.ApplicationPaths.ProgramDataPath,
+                    string.Empty,
+                    StringComparison.OrdinalIgnoreCase);
         }
     }
 }
-- 
cgit v1.2.3


From 3c34d956088430da08bdd812c05d6a87c3bf9d25 Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Thu, 23 Apr 2020 21:23:29 -0600
Subject: Address comments

---
 Jellyfin.Server/Middleware/ExceptionMiddleware.cs | 36 ++++++++++++++++++-----
 1 file changed, 29 insertions(+), 7 deletions(-)

(limited to 'Jellyfin.Server/Middleware/ExceptionMiddleware.cs')

diff --git a/Jellyfin.Server/Middleware/ExceptionMiddleware.cs b/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
index ecc76594e..6ebe01503 100644
--- a/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
+++ b/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
@@ -1,8 +1,10 @@
 using System;
 using System.IO;
 using System.Net.Mime;
+using System.Net.Sockets;
 using System.Threading.Tasks;
 using MediaBrowser.Common.Extensions;
+using MediaBrowser.Controller.Authentication;
 using MediaBrowser.Controller.Configuration;
 using MediaBrowser.Controller.Net;
 using Microsoft.AspNetCore.Http;
@@ -55,15 +57,35 @@ namespace Jellyfin.Server.Middleware
                 }
 
                 ex = GetActualException(ex);
-                _logger.LogError(
-                    ex,
-                    "Error processing request: {ExceptionMessage}. URL {Method} {Url}. ",
-                    ex.Message,
-                    context.Request.Method,
-                    context.Request.Path);
+
+                bool ignoreStackTrace =
+                    ex is SocketException
+                    || ex is IOException
+                    || ex is OperationCanceledException
+                    || ex is SecurityException
+                    || ex is AuthenticationException
+                    || ex is FileNotFoundException;
+
+                if (ignoreStackTrace)
+                {
+                    _logger.LogError(
+                        "Error processing request: {ExceptionMessage}. URL {Method} {Url}.",
+                        ex.Message.TrimEnd('.'),
+                        context.Request.Method,
+                        context.Request.Path);
+                }
+                else
+                {
+                    _logger.LogError(
+                        ex,
+                        "Error processing request. URL {Method} {Url}.",
+                        ex.Message.TrimEnd('.'),
+                        context.Request.Method,
+                        context.Request.Path);
+                }
+
                 context.Response.StatusCode = GetStatusCode(ex);
                 context.Response.ContentType = MediaTypeNames.Text.Plain;
-
                 var errorContent = NormalizeExceptionMessage(ex.Message);
                 await context.Response.WriteAsync(errorContent).ConfigureAwait(false);
             }
-- 
cgit v1.2.3


From b8508a57d8320085c01a7e2d4656b233169584f2 Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Thu, 23 Apr 2020 21:38:40 -0600
Subject: oop

---
 Jellyfin.Server/Middleware/ExceptionMiddleware.cs | 1 -
 1 file changed, 1 deletion(-)

(limited to 'Jellyfin.Server/Middleware/ExceptionMiddleware.cs')

diff --git a/Jellyfin.Server/Middleware/ExceptionMiddleware.cs b/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
index 6ebe01503..0d79bbfaf 100644
--- a/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
+++ b/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
@@ -79,7 +79,6 @@ namespace Jellyfin.Server.Middleware
                     _logger.LogError(
                         ex,
                         "Error processing request. URL {Method} {Url}.",
-                        ex.Message.TrimEnd('.'),
                         context.Request.Method,
                         context.Request.Path);
                 }
-- 
cgit v1.2.3


From a5a39300bc733ad7b1d3c683f5f290a742171661 Mon Sep 17 00:00:00 2001
From: David <daullmer@gmail.com>
Date: Tue, 26 May 2020 16:55:27 +0200
Subject: Don't send Exception message in Production Environment

---
 Jellyfin.Server/Middleware/ExceptionMiddleware.cs | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 'Jellyfin.Server/Middleware/ExceptionMiddleware.cs')

diff --git a/Jellyfin.Server/Middleware/ExceptionMiddleware.cs b/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
index 0d79bbfaf..dd4d1ee99 100644
--- a/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
+++ b/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
@@ -7,7 +7,9 @@ using MediaBrowser.Common.Extensions;
 using MediaBrowser.Controller.Authentication;
 using MediaBrowser.Controller.Configuration;
 using MediaBrowser.Controller.Net;
+using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.Logging;
 
 namespace Jellyfin.Server.Middleware
@@ -20,6 +22,7 @@ namespace Jellyfin.Server.Middleware
         private readonly RequestDelegate _next;
         private readonly ILogger<ExceptionMiddleware> _logger;
         private readonly IServerConfigurationManager _configuration;
+        private readonly IWebHostEnvironment _hostEnvironment;
 
         /// <summary>
         /// Initializes a new instance of the <see cref="ExceptionMiddleware"/> class.
@@ -27,14 +30,17 @@ namespace Jellyfin.Server.Middleware
         /// <param name="next">Next request delegate.</param>
         /// <param name="logger">Instance of the <see cref="ILogger{ExceptionMiddleware}"/> interface.</param>
         /// <param name="serverConfigurationManager">Instance of the <see cref="IServerConfigurationManager"/> interface.</param>
+        /// <param name="hostEnvironment">Instance of the <see cref="IWebHostEnvironment"/> interface.</param>
         public ExceptionMiddleware(
             RequestDelegate next,
             ILogger<ExceptionMiddleware> logger,
-            IServerConfigurationManager serverConfigurationManager)
+            IServerConfigurationManager serverConfigurationManager,
+            IWebHostEnvironment hostEnvironment)
         {
             _next = next;
             _logger = logger;
             _configuration = serverConfigurationManager;
+            _hostEnvironment = hostEnvironment;
         }
 
         /// <summary>
@@ -85,6 +91,14 @@ namespace Jellyfin.Server.Middleware
 
                 context.Response.StatusCode = GetStatusCode(ex);
                 context.Response.ContentType = MediaTypeNames.Text.Plain;
+
+                // Don't send exception unless the server is in a Development environment
+                if (!_hostEnvironment.IsDevelopment())
+                {
+                    await context.Response.WriteAsync("Error processing request.").ConfigureAwait(false);
+                    return;
+                }
+
                 var errorContent = NormalizeExceptionMessage(ex.Message);
                 await context.Response.WriteAsync(errorContent).ConfigureAwait(false);
             }
-- 
cgit v1.2.3


From 6d9f564a949e326e909cbcfd37d254195b40ba56 Mon Sep 17 00:00:00 2001
From: David <daullmer@gmail.com>
Date: Tue, 2 Jun 2020 15:04:55 +0200
Subject: Remove duplicate code

Co-authored-by: Vasily <JustAMan@users.noreply.github.com>
---
 Jellyfin.Server/Middleware/ExceptionMiddleware.cs | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

(limited to 'Jellyfin.Server/Middleware/ExceptionMiddleware.cs')

diff --git a/Jellyfin.Server/Middleware/ExceptionMiddleware.cs b/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
index dd4d1ee99..63effafc1 100644
--- a/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
+++ b/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
@@ -93,13 +93,9 @@ namespace Jellyfin.Server.Middleware
                 context.Response.ContentType = MediaTypeNames.Text.Plain;
 
                 // Don't send exception unless the server is in a Development environment
-                if (!_hostEnvironment.IsDevelopment())
-                {
-                    await context.Response.WriteAsync("Error processing request.").ConfigureAwait(false);
-                    return;
-                }
-
-                var errorContent = NormalizeExceptionMessage(ex.Message);
+                var errorContent = _hostEnvironment.IsDevelopment()
+                        ? NormalizeExceptionMessage(ex.Message)
+                        : "Error processing request.";
                 await context.Response.WriteAsync(errorContent).ConfigureAwait(false);
             }
         }
-- 
cgit v1.2.3


From e7727563288480e6eee541b96a4b97dbb0fef9d7 Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Mon, 7 Sep 2020 20:51:12 -0600
Subject: Fix catching authentication exception

---
 Jellyfin.Server/Middleware/ExceptionMiddleware.cs | 1 +
 1 file changed, 1 insertion(+)

(limited to 'Jellyfin.Server/Middleware/ExceptionMiddleware.cs')

diff --git a/Jellyfin.Server/Middleware/ExceptionMiddleware.cs b/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
index 63effafc1..fb1ee3b2b 100644
--- a/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
+++ b/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
@@ -125,6 +125,7 @@ namespace Jellyfin.Server.Middleware
             switch (ex)
             {
                 case ArgumentException _: return StatusCodes.Status400BadRequest;
+                case AuthenticationException _:
                 case SecurityException _: return StatusCodes.Status401Unauthorized;
                 case DirectoryNotFoundException _:
                 case FileNotFoundException _:
-- 
cgit v1.2.3


From df75c1cd9c8fdcec8302a848c05d3ee36b0f7a58 Mon Sep 17 00:00:00 2001
From: cvium <clausvium@gmail.com>
Date: Mon, 5 Oct 2020 08:28:37 +0200
Subject: SecurityException should return 403

---
 Jellyfin.Server/Middleware/ExceptionMiddleware.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'Jellyfin.Server/Middleware/ExceptionMiddleware.cs')

diff --git a/Jellyfin.Server/Middleware/ExceptionMiddleware.cs b/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
index fb1ee3b2b..f6c76e4d9 100644
--- a/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
+++ b/Jellyfin.Server/Middleware/ExceptionMiddleware.cs
@@ -125,8 +125,8 @@ namespace Jellyfin.Server.Middleware
             switch (ex)
             {
                 case ArgumentException _: return StatusCodes.Status400BadRequest;
-                case AuthenticationException _:
-                case SecurityException _: return StatusCodes.Status401Unauthorized;
+                case AuthenticationException _: return StatusCodes.Status401Unauthorized;
+                case SecurityException _: return StatusCodes.Status403Forbidden;
                 case DirectoryNotFoundException _:
                 case FileNotFoundException _:
                 case ResourceNotFoundException _: return StatusCodes.Status404NotFound;
-- 
cgit v1.2.3