improved PostInboxScheme() error handling / logging in case of failed auth

internal/federation/federatingactor.go

@@ -81,7 +81,14 @@ func (f *federatingActor) PostInboxScheme(ctx context.Context, w http.ResponseWr
 
 	// Authenticate request by checking http signature.
 	ctx, authenticated, err := f.sideEffectActor.AuthenticatePostInbox(ctx, w, r)
-	if err != nil {
+	if errors.As(err, new(gtserror.WithCode)) {
+		// If it was already wrapped with an
+		// HTTP code then don't bother rewrapping
+		// it, just return it as-is for caller to
+		// handle. AuthenticatePostInbox already
+		// calls WriteHeader() in some situations.
+		return false, err
+	} else if err != nil {
 		err := gtserror.Newf("error authenticating post inbox: %w", err)
 		return false, gtserror.NewErrorInternalError(err)
 	}

internal/federation/federatingprotocol.go

@@ -216,7 +216,6 @@ func (f *Federator) AuthenticatePostInbox(ctx context.Context, w http.ResponseWr
 			// If codes 400, 401, or 403, obey the go-fed
 			// interface by writing the header and bailing.
 			w.WriteHeader(errWithCode.Code())
-			return ctx, false, nil
 		case http.StatusGone:
 			// If the requesting account's key has gone
 			// (410) then likely inbox post was a delete.
@@ -225,11 +224,11 @@ func (f *Federator) AuthenticatePostInbox(ctx context.Context, w http.ResponseWr
 			// know about the account anyway, so we can't
 			// do any further processing.
 			w.WriteHeader(http.StatusAccepted)
-			return ctx, false, nil
-		default:
-			// Proper error.
-			return ctx, false, err
 		}
+
+		// We still return the error
+		// for later request logging.
+		return ctx, false, err
 	}
 
 	if pubKeyAuth.Handshaking {