fix: handle token decode errors (#8018)

Signed-off-by: Alexander Onnikov <Alexander.Onnikov@xored.com>
This commit is contained in:
Alexander Onnikov 2025-02-17 12:32:42 +07:00 committed by GitHub
parent 0bfab71501
commit 567989dac5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 19 additions and 6 deletions

View File

@ -56,7 +56,7 @@ import {
AccountEventType
} from './types'
import { Analytics } from '@hcengineering/analytics'
import { decodeTokenVerbose, generateToken } from '@hcengineering/server-token'
import { TokenError, decodeTokenVerbose, generateToken } from '@hcengineering/server-token'
export const GUEST_ACCOUNT = 'b6996120-416f-49cd-841e-e4a5d2e49c9b'
@ -127,7 +127,7 @@ export function wrap (
? err.status
: new Status(Severity.ERROR, platform.status.InternalServerError, {})
if (((err.message as string) ?? '') === 'Signature verification failed') {
if (err instanceof TokenError) {
// Let's send un authorized
return {
error: new Status(Severity.ERROR, platform.status.Unauthorized, {})

View File

@ -23,7 +23,7 @@ import {
metricsAggregate,
type Ref
} from '@hcengineering/core'
import { decodeToken } from '@hcengineering/server-token'
import { TokenError, decodeToken } from '@hcengineering/server-token'
import { StorageAdapter } from '@hcengineering/storage'
import bp from 'body-parser'
import cors from 'cors'
@ -376,10 +376,13 @@ export function start (
})
res.end(json)
} catch (err: any) {
if (err instanceof TokenError) {
res.status(401).send()
return
}
ctx.error('statistics error', { err })
Analytics.handleError(err)
res.writeHead(404, {})
res.end()
res.status(404).send()
}
})

View File

@ -12,6 +12,16 @@ export interface Token {
extra?: Record<string, any>
}
/**
* @public
*/
export class TokenError extends Error {
constructor (message: string) {
super(message)
this.name = 'TokenError'
}
}
const getSecret = (): string => {
return getMetadata(serverPlugin.metadata.Secret) ?? 'secret'
}
@ -50,6 +60,6 @@ export function decodeTokenVerbose (ctx: MeasureContext, token: string): Token {
} catch (err2: any) {
// Nothing to do
}
throw err
throw new TokenError(err.message)
}
}