fixed wrong status for unauhtorized and log it

TODO.md

@@ -1,16 +1,15 @@
-- Add better logging for errors, filename more deatail
-    - ~package main~
-    - ~internal/cache~
-    - api endpoint to change level
-- implement streaming
-
 - Complete testing
 - Deployment(PKGBUILD, bootstrap script?)
 - More complete sync(refresh packages on schedule with db, prefetch updates to pkgs we already have)
 - clean cache of old files
+- implement streaming
 - Add chi for mux
 - Build server/tool
 - Think about: arch doesn't like partial upgrades, round robin fetching the db files might be an issue
+- ~Add better logging for errors, filename more deatail~
+    - ~package main~
+    - ~internal/cache~
+    - ~api endpoint to change level~
 - ~retry on failed fetch~
 - ~Solve timeout issue large pkgs~
 - ~Move project to github as primary~

handler_api.go

@@ -9,7 +9,12 @@ import (
 
 func (s *Server) handlerRefresh(w http.ResponseWriter, req *http.Request) {
 	if req.Header.Get("Authorization") != "Bearer "+s.cfg.Auth.Token {
-		http.Error(w, "unauthorized", http.StatusInternalServerError)
+		ip := req.Header.Get("X-Real-IP")
+		if ip == "" {
+			ip = req.RemoteAddr
+		}
+		slog.Warn("unauthorized request", "ip", ip, "path", req.URL.Path, "method", req.Method)
+		respondWithError(w, http.StatusUnauthorized, "unauthorized")
 		return
 	}
 	defer req.Body.Close()
@@ -24,6 +29,11 @@ func (s *Server) handlerRefresh(w http.ResponseWriter, req *http.Request) {
 
 func (s *Server) handlerLogLevel(w http.ResponseWriter, req *http.Request) {
 	if req.Header.Get("Authorization") != "Bearer "+s.cfg.Auth.Token {
+		ip := req.Header.Get("X-Real-IP")
+		if ip == "" {
+			ip = req.RemoteAddr
+		}
+		slog.Warn("unauthorized request", "ip", ip, "path", req.URL.Path, "method", req.Method)
 		respondWithError(w, http.StatusUnauthorized, "unauthorized")
 		return
 	}