update not authorized 403 -> 401

Author: manwaring

CHANGELOG.md

@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html)
 
+## [3.5.0]  (2020-05-10)
+
+### Changed
+
+- API response 'not authorized' now returns 401 instead of 403
+
 ## [3.4.0]  (2020-05-10)
 
 ### Added
@@ -213,6 +219,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/),
 - Update older libraries
 - Now publish from Git tags instead of master pushes
 
+[3.5.0]: https://github.com/manwaring/lambda-wrapper/compare/v3.4.0...v3.5.0
 [3.4.0]: https://github.com/manwaring/lambda-wrapper/compare/v3.3.3...v3.4.0
 [3.3.3]: https://github.com/manwaring/lambda-wrapper/compare/v3.3.1...v3.3.3
 [3.3.2]: https://github.com/manwaring/lambda-wrapper/compare/v3.3.1...v3.3.2

README.md

@@ -114,7 +114,7 @@ export interface ApiSignature<T> {
   success(payload?: any, replacer?: (this: any, key: string, value: any) => any): ApiResponse; // returns 200 status code with optional payload as body
   invalid(errors?: string[]): ApiResponse; // returns 400 status code with optional errors as body
   notFound(message?: string): ApiResponse; // returns 404 status code with optional message as body
-  notAuthorized(message?: string): ApiResponse; // returns 403 status code with optional message as body
+  notAuthorized(message?: string): ApiResponse; // returns 401 status code with optional message as body
   redirect(url: string): ApiResponse; // returns 302 status code (redirect) with new url
   error(error?: any): ApiResponse; // returns 500 status code with optional error as body
 }

package-lock.json

@@ -1,7 +1,7 @@
 {
   "name": "@manwaring/lambda-wrapper",
   "description": "A lambda handler wrapper to abstract common functionality and provide useful defaults",
-  "version": "3.4.0",
+  "version": "3.5.0",
   "scripts": {
     "publish-please-dry-run": "publish-please --dry-run",
     "publish-please": "publish-please",

package.json

@@ -12,17 +12,17 @@ describe('API responses', () => {
       headers: {
         'Access-Control-Allow-Origin': '*',
         'Access-Control-Allow-Credentials': true,
-        'Content-Type': 'application/json'
+        'Content-Type': 'application/json',
       },
-      statusCode: 200
+      statusCode: 200,
     });
   });
 
   it('Handles success response without payload', () => {
     const response = success();
     expect(response).toEqual({
       headers: { 'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Credentials': true },
-      statusCode: 200
+      statusCode: 200,
     });
   });
 
@@ -40,10 +40,10 @@ describe('API responses', () => {
       headers: {
         'Access-Control-Allow-Origin': '*',
         'Access-Control-Allow-Credentials': true,
-        'Content-Type': 'application/json'
+        'Content-Type': 'application/json',
       },
       body: JSON.stringify({ hello: 'world', replace: { not: 'this one' } }),
-      statusCode: 200
+      statusCode: 200,
     });
   });
 
@@ -53,10 +53,10 @@ describe('API responses', () => {
       headers: {
         'Access-Control-Allow-Origin': '*',
         'Access-Control-Allow-Credentials': true,
-        'Content-Type': 'application/json'
+        'Content-Type': 'application/json',
       },
       body: JSON.stringify({ message: 'error' }),
-      statusCode: 500
+      statusCode: 500,
     });
   });
 
@@ -67,9 +67,9 @@ describe('API responses', () => {
       headers: {
         'Access-Control-Allow-Origin': '*',
         'Access-Control-Allow-Credentials': true,
-        'Content-Type': 'application/json'
+        'Content-Type': 'application/json',
       },
-      statusCode: 400
+      statusCode: 400,
     });
   });
 
@@ -78,9 +78,9 @@ describe('API responses', () => {
     expect(response).toEqual({
       headers: {
         'Access-Control-Allow-Origin': '*',
-        'Access-Control-Allow-Credentials': true
+        'Access-Control-Allow-Credentials': true,
       },
-      statusCode: 400
+      statusCode: 400,
     });
   });
 
@@ -91,9 +91,9 @@ describe('API responses', () => {
       headers: {
         'Access-Control-Allow-Origin': '*',
         'Access-Control-Allow-Credentials': true,
-        'Content-Type': 'application/json'
+        'Content-Type': 'application/json',
       },
-      statusCode: 404
+      statusCode: 404,
     });
   });
 
@@ -104,9 +104,9 @@ describe('API responses', () => {
       headers: {
         'Access-Control-Allow-Origin': '*',
         'Access-Control-Allow-Credentials': true,
-        'Content-Type': 'application/json'
+        'Content-Type': 'application/json',
       },
-      statusCode: 403
+      statusCode: 401,
     });
   });
 
@@ -116,9 +116,9 @@ describe('API responses', () => {
       headers: {
         'Access-Control-Allow-Origin': '*',
         'Access-Control-Allow-Credentials': true,
-        Location: 'url'
+        Location: 'url',
       },
-      statusCode: 302
+      statusCode: 302,
     });
   });
 });

src/api/responses.test.ts

@@ -2,7 +2,7 @@ import { Metrics, logger } from '../common';
 
 const DEFAULT_HEADERS = {
   'Access-Control-Allow-Origin': '*',
-  'Access-Control-Allow-Credentials': true
+  'Access-Control-Allow-Credentials': true,
 };
 
 const metrics = new Metrics('API Gateway');
@@ -38,7 +38,7 @@ export function notFound(message?: string): ApiResponse {
 }
 
 export function notAuthorized(message?: string): ApiResponse {
-  const response = { statusCode: 403, headers: { ...DEFAULT_HEADERS } };
+  const response = { statusCode: 401, headers: { ...DEFAULT_HEADERS } };
   if (message) {
     response['body'] = JSON.stringify({ message });
     response.headers['Content-Type'] = 'application/json';