chore: update unauthorized callback calling order (#1469)

* chore: update unauthorized callback calling order

* chore: add comments

core/limit/tokenlimit.go

@@ -112,7 +112,8 @@ func (lim *TokenLimiter) reserveN(now time.Time, n int) bool {
 	// Lua boolean false -> r Nil bulk reply
 	if err == redis.Nil {
 		return false
-	} else if err != nil {
+	}
+	if err != nil {
 		logx.Errorf("fail to use rate limiter: %s, use in-process limiter for rescue", err)
 		lim.startMonitor()
 		return lim.rescueLimiter.AllowN(now, n)

core/mapping/unmarshaler.go

@@ -742,7 +742,9 @@ func getValueWithChainedKeys(m Valuer, keys []string) (interface{}, bool) {
 	if len(keys) == 1 {
 		v, ok := m.Value(keys[0])
 		return v, ok
-	} else if len(keys) > 1 {
+	}
+
+	if len(keys) > 1 {
 		if v, ok := m.Value(keys[0]); ok {
 			if nextm, ok := v.(map[string]interface{}); ok {
 				return getValueWithChainedKeys(MapValuer(nextm), keys[1:])

rest/handler/authhandler.go

@@ -113,11 +113,13 @@ func unauthorized(w http.ResponseWriter, r *http.Request, err error, callback Un
 		detailAuthLog(r, noDetailReason)
 	}
 
-	writer.WriteHeader(http.StatusUnauthorized)
-
+	// let callback go first, to make sure we respond with user-defined HTTP header
 	if callback != nil {
 		callback(writer, r, err)
 	}
+
+	// if user not setting HTTP header, we set header with 401
+	writer.WriteHeader(http.StatusUnauthorized)
 }
 
 type guardedResponseWriter struct {