Prune expired auth requests + add global max limit. Closes #2490

controllers/auth/fediverse/fediverse.go

@@ -28,7 +28,12 @@ func RegisterFediverseOTPRequest(u user.User, w http.ResponseWriter, r *http.Req
 	}
 
 	accessToken := r.URL.Query().Get("accessToken")
-	reg, success := fediverseauth.RegisterFediverseOTP(accessToken, u.ID, u.DisplayName, req.FediverseAccount)
+	reg, success, err := fediverseauth.RegisterFediverseOTP(accessToken, u.ID, u.DisplayName, req.FediverseAccount)
+	if err != nil {
+		controllers.WriteSimpleResponse(w, false, "Could not register auth request: "+err.Error())
+		return
+	}
+
 	if !success {
 		controllers.WriteSimpleResponse(w, false, "Could not register auth request. One may already be pending. Try again later.")
 		return

controllers/auth/indieauth/server.go

@@ -33,7 +33,7 @@ func handleAuthEndpointGet(w http.ResponseWriter, r *http.Request) {
 
 	request, err := ia.StartServerAuth(clientID, redirectURI, codeChallenge, state, me)
 	if err != nil {
-		// Return a human readable, HTML page as an error. JSON is no use here.
+		_ = controllers.WriteString(w, err.Error(), http.StatusInternalServerError)
 		return
 	}