gristlabs_grist-core/app/server/lib/expressWrap.ts

import {RequestWithLogin} from 'app/server/lib/Authorizer';
import * as log from 'app/server/lib/log';
import * as express from 'express';

/**
 * Wrapper for async express endpoints to catch errors and forward them to the error handler.
 */
export function expressWrap(callback: express.RequestHandler): express.RequestHandler {
  return async (req, res, next) => {
    try {
      await callback(req, res, next);
    } catch (err) {
      next(err);
    }
  };
}

/**
 * Error-handling middleware that responds to errors in json. The status code is taken from
 * error.status property (for which ApiError is convenient), and defaults to 500.
 */
export const jsonErrorHandler: express.ErrorRequestHandler = (err, req, res, next) => {
  const mreq = req as RequestWithLogin;
  log.warn("Error during api call to %s: (%s) user %d params %s body %s", req.path, err.message,
           mreq.userId,
           JSON.stringify(req.params), JSON.stringify(req.body));
  let details = err.details && {...err.details};
  const status = details?.status || err.status || 500;
  if (details) {
    // Remove some details exposed for websocket API only.
    delete details.accessMode;
    delete details.status;  // TODO: reconcile err.status and details.status, no need for both.
    if (Object.keys(details).length === 0) { details = undefined; }
  }
  res.status(status).json({error: err.message || 'internal error', details});
};

/**
 * Middleware that responds with a 404 status and a json error object.
 */
export const jsonNotFoundHandler: express.RequestHandler = (req, res, next) => {
  res.status(404).json({error: `not found: ${req.url}`});
};
(core) move home server into core Summary: This moves enough server material into core to run a home server. The data engine is not yet incorporated (though in manual testing it works when ported). Test Plan: existing tests pass Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2552 2020-07-21 13:20:51 +00:00			`import {RequestWithLogin} from 'app/server/lib/Authorizer';`
			`import * as log from 'app/server/lib/log';`
			`import * as express from 'express';`

			`/**`
			`* Wrapper for async express endpoints to catch errors and forward them to the error handler.`
			`*/`
			`export function expressWrap(callback: express.RequestHandler): express.RequestHandler {`
			`return async (req, res, next) => {`
			`try {`
			`await callback(req, res, next);`
			`} catch (err) {`
			`next(err);`
			`}`
			`};`
			`}`

			`/**`
			`* Error-handling middleware that responds to errors in json. The status code is taken from`
			`* error.status property (for which ApiError is convenient), and defaults to 500.`
			`*/`
			`export const jsonErrorHandler: express.ErrorRequestHandler = (err, req, res, next) => {`
			`const mreq = req as RequestWithLogin;`
			`log.warn("Error during api call to %s: (%s) user %d params %s body %s", req.path, err.message,`
			`mreq.userId,`
			`JSON.stringify(req.params), JSON.stringify(req.body));`
(core) give more detailed reasons for access denied when memos are present Summary: With this change, if a comment is added to an ACL formula, then that comment will be offered to the user if access is denied and that rule could potentially have granted access. The code is factored so that when access is permitted, or when partially visible tables are being filtered, there is little overhead. Comments are gathered only when an explicit denial of access. Test Plan: added tests, updated tests Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2730 2021-02-15 21:36:33 +00:00			`let details = err.details && {...err.details};`
			`const status = details?.status \|\| err.status \|\| 500;`
			`if (details) {`
			`// Remove some details exposed for websocket API only.`
			`delete details.accessMode;`
			`delete details.status; // TODO: reconcile err.status and details.status, no need for both.`
			`if (Object.keys(details).length === 0) { details = undefined; }`
			`}`
			`res.status(status).json({error: err.message \|\| 'internal error', details});`
(core) move home server into core Summary: This moves enough server material into core to run a home server. The data engine is not yet incorporated (though in manual testing it works when ported). Test Plan: existing tests pass Reviewers: dsagal Reviewed By: dsagal Differential Revision: https://phab.getgrist.com/D2552 2020-07-21 13:20:51 +00:00			`};`

			`/**`
			`* Middleware that responds with a 404 status and a json error object.`
			`*/`
			`export const jsonNotFoundHandler: express.RequestHandler = (req, res, next) => {`
			res.status(404).json({error: `not found: ${req.url}`});
			`};`