Small adjustment to error codes and messages

gbv · May 31, 2023 · 6484e94 · 6484e94
1 parent 265118f
commit 6484e94
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -67,7 +67,8 @@ It is possible to configure webhooks without signature validation. **Experimenta
 
 ### Status Codes
 - Status 200 (OK) will be returned when a matching webhook was found (the command itself is run asynchronously, so a failed command will not return an error code).
-- Status 401 (Unauthorized) will be returned when there was a matching webhook, but the signature could not be validated.
+- Status 400 (Bad Request) will be returned when there is an issue parsing the request body.
+- Status 403 (Forbidden) will be returned when there was a matching webhook, but the signature could not be validated.
 - Status 404 (Not Found) will be returned when no matching webhook was found.
 
 ## Webhook setup

diff --git a/index.js b/index.js
@@ -113,7 +113,7 @@ import Version from "./version.js"
 
 app.post("/", (req, res) => {
   if (!req.rawBody) {
-    res.status(401).send("Empty request body")
+    res.status(400).send("Empty request body")
   }
   let code = 200, message = "OK"
   // Run command according to payload
@@ -178,8 +178,8 @@ app.post("/", (req, res) => {
       })
     } else {
       log("Skipping workflow as signature does not match", { level: "warn" })
-      code = 401
-      message = "Invalid signature"
+      code = 403
+      message = "Request body was not signed or verification failed"
     }
   }
   if (matches.length === 0) {