Fix input validation and error handling across API endpoints
- Deploy endpoint: validate appId, config, and subdomain before use (prevents 500 crash on empty body) - Container ops: return 404 instead of 500 for non-existent containers - Update-subdomain: require oldSubdomain/newSubdomain fields (prevents false 200 with undefined values) - Global error handler: catch-all that never leaks stack traces or internal paths - API 404 catch-all: return JSON instead of HTML for unmatched /api/* routes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -1,27 +1,42 @@
|
||||
const express = require('express');
|
||||
const { DOCKER } = require('../constants');
|
||||
const { paginate, parsePaginationParams } = require('../pagination');
|
||||
const { NotFoundError } = require('../errors');
|
||||
|
||||
module.exports = function(ctx) {
|
||||
const router = express.Router();
|
||||
|
||||
// Helper: verify container exists before operating on it
|
||||
async function getVerifiedContainer(id) {
|
||||
const container = ctx.docker.client.getContainer(id);
|
||||
try {
|
||||
await container.inspect();
|
||||
} catch (err) {
|
||||
if (err.statusCode === 404 || (err.message && err.message.includes('no such container'))) {
|
||||
throw new NotFoundError(`Container ${id}`);
|
||||
}
|
||||
throw err;
|
||||
}
|
||||
return container;
|
||||
}
|
||||
|
||||
// Start container
|
||||
router.post('/:id/start', ctx.asyncHandler(async (req, res) => {
|
||||
const container = ctx.docker.client.getContainer(req.params.id);
|
||||
const container = await getVerifiedContainer(req.params.id);
|
||||
await container.start();
|
||||
res.json({ success: true, message: 'Container started' });
|
||||
}, 'container-start'));
|
||||
|
||||
// Stop container
|
||||
router.post('/:id/stop', ctx.asyncHandler(async (req, res) => {
|
||||
const container = ctx.docker.client.getContainer(req.params.id);
|
||||
const container = await getVerifiedContainer(req.params.id);
|
||||
await container.stop();
|
||||
res.json({ success: true, message: 'Container stopped' });
|
||||
}, 'container-stop'));
|
||||
|
||||
// Restart container
|
||||
router.post('/:id/restart', ctx.asyncHandler(async (req, res) => {
|
||||
const container = ctx.docker.client.getContainer(req.params.id);
|
||||
const container = await getVerifiedContainer(req.params.id);
|
||||
await container.restart();
|
||||
res.json({ success: true, message: 'Container restarted' });
|
||||
}, 'container-restart'));
|
||||
@@ -147,7 +162,7 @@ module.exports = function(ctx) {
|
||||
|
||||
// Get container logs
|
||||
router.get('/:id/logs', ctx.asyncHandler(async (req, res) => {
|
||||
const container = ctx.docker.client.getContainer(req.params.id);
|
||||
const container = await getVerifiedContainer(req.params.id);
|
||||
const logs = await container.logs({
|
||||
stdout: true,
|
||||
stderr: true,
|
||||
@@ -159,7 +174,7 @@ module.exports = function(ctx) {
|
||||
|
||||
// Delete container
|
||||
router.delete('/:id', ctx.asyncHandler(async (req, res) => {
|
||||
const container = ctx.docker.client.getContainer(req.params.id);
|
||||
const container = await getVerifiedContainer(req.params.id);
|
||||
await container.remove({ force: true });
|
||||
res.json({ success: true, message: 'Container removed' });
|
||||
}, 'container-delete'));
|
||||
|
||||
Reference in New Issue
Block a user