From 1d299dedfc745aacd126984165fc7763d90a1aa9 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Wed, 4 Feb 2015 22:56:19 +0100
Subject: [PATCH] Better error handling in the API

---
 lib/Vroom/I18N/en.pm |  1 +
 lib/Vroom/I18N/fr.pm |  1 +
 vroom.pl             | 34 +++++++++++++++++++++++++++++-----
 3 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/lib/Vroom/I18N/en.pm b/lib/Vroom/I18N/en.pm
index 3cb078f..0572d53 100644
--- a/lib/Vroom/I18N/en.pm
+++ b/lib/Vroom/I18N/en.pm
@@ -8,6 +8,7 @@ our %Lexicon = (
   "VROOM_IS_FREE_SOFTWARE"               => "VROOM is a free software",
   "POWERED_BY"                           => "Proudly powered by",
   "ERROR_NAME_INVALID"                   => "This name is not valid",
+  "ERROR_ROOM_NAME_MISSING"              => "Vous devez fournir un nom de salon",
   "ERROR_NAME_RESERVED"                  => "This name is reserved and cannot be used",
   "ERROR_NAME_CONFLICT"                  => "A room with this name already exists, please choose another one",
   "ERROR_ROOM_s_DOESNT_EXIST"            => "The room %s doesn't exist",
diff --git a/lib/Vroom/I18N/fr.pm b/lib/Vroom/I18N/fr.pm
index b2857b8..151c2b3 100644
--- a/lib/Vroom/I18N/fr.pm
+++ b/lib/Vroom/I18N/fr.pm
@@ -10,6 +10,7 @@ our %Lexicon = (
     "VROOM_IS_FREE_SOFTWARE"                    => "VROOM est un logiciel libre",
     "POWERED_BY"                                => "Fièrement propulsé par",
     "ERROR_NAME_INVALID"                        => "Ce nom n'est pas valide",
+    "ERROR_ROOM_NAME_MISSING"                   => "Vous devez fournir un nom de salon",
     "ERROR_NAME_RESERVED"                       => "Ce nom est réservé et ne peut être utilisé",
     "ERROR_NAME_CONFLICT"                       => "Ce nom est déjà pris, choisissez en un autre",
     "ERROR_ROOM_s_DOESNT_EXIST"                 => "Le salon %s n'existe pas",
diff --git a/vroom.pl b/vroom.pl
index 31b49fa..a9f75aa 100755
--- a/vroom.pl
+++ b/vroom.pl
@@ -1272,8 +1272,20 @@ any '/api' => sub {
     param  => $req->{param}
   );
 
+  # This action isn't possible with the privs associated to the API Key
+  if (!$res){
+    return $self->render(
+      json => {
+        status => 'error',
+        msg    => $self->l('NOT_ALLOWED'),
+        err    => 'NOT_ALLOWED'
+      },
+      status => '401'
+    );
+  }
+
   # Here are method not tied to a room
-  if ($res && $req->{action} eq 'get_room_list'){
+  if ($req->{action} eq 'get_room_list'){
     my $rooms = $self->get_room_list;
     # Blank out a few param we don't need
     foreach my $r (keys %{$rooms}){
@@ -1289,17 +1301,29 @@ any '/api' => sub {
     );
   }
 
+  if (!$req->{param}->{room}){
+    return $self->render(
+      json => {
+        status => 'error',
+        msg    => $self->l('ERROR_ROOM_NAME_MISSING'),
+        err    => 'ERROR_ROOM_NAME_MISSING'
+      },
+      status => '400'
+    );
+  }
+
   $room = $self->get_room_by_name($req->{param}->{room});
-  if (!$res || (!$room && $req->{param}->{room})){
+  if (!$room){
     return $self->render(
       json => {
         status => 'error',
-        msg    => $self->l('NOT_ALLOWED'),
-        err    => 'NOT_ALLOWED'
+        msg    => sprintf($self->l('ERROR_ROOM_s_DOESNT_EXIST'), $req->{param}->{room}),
+        err    => 'ERROR_ROOM_DOESNT_EXIST'
       },
-      status => '401'
+      status => '400'
     );
   }
+
   # Ok, now, we don't have to bother with authorization anymore
   if ($req->{action} eq 'invite_email'){
     my $rcpts = $req->{param}->{rcpts};