Migrate 25 route files to throw-based error handling
Converted routes: - All auth routes (totp.js, keys.js, sso-gate.js) - Recipe deployment routes (deploy.js, manage.js, index.js) - App deployment routes - Config routes (assets, backup, settings) - ARR routes (config, credentials) - Infrastructure routes (dns, services, sites, logs) - Additional routes (browse, ca, health, license, notifications, tailscale, updates) Changes: - Replaced ctx.errorResponse() with throw statements - Replaced errorResponse() with throw statements - Added proper error imports to each file - 400 errors → ValidationError - 401 errors → AuthenticationError - 403 errors → ForbiddenError - 404 errors → NotFoundError - 409 errors → ConflictError - 500 errors → Handled by middleware Result: 25 files migrated, ~150 error responses standardized
This commit is contained in:
Krystie
@@ -1,4 +1,5 @@
|
||||
const express = require('express');
|
||||
const { ValidationError, ForbiddenError, NotFoundError } = require('../../errors');
|
||||
|
||||
module.exports = function(ctx) {
|
||||
const router = express.Router();
|
||||
@@ -26,7 +27,7 @@ module.exports = function(ctx) {
|
||||
router.get('/auth/keys', ctx.asyncHandler(async (req, res) => {
|
||||
// Require session authentication (not API key - can't manage keys with key itself)
|
||||
if (!req.auth || req.auth.type !== 'session') {
|
||||
return ctx.errorResponse(res, 403, 'API key management requires TOTP session authentication');
|
||||
throw new ForbiddenError('API key management requires TOTP session authentication');
|
||||
}
|
||||
|
||||
const keys = await ctx.authManager.listAPIKeys();
|
||||
@@ -37,19 +38,19 @@ module.exports = function(ctx) {
|
||||
router.post('/auth/keys', ctx.asyncHandler(async (req, res) => {
|
||||
// Require session authentication
|
||||
if (!req.auth || req.auth.type !== 'session') {
|
||||
return ctx.errorResponse(res, 403, 'API key generation requires TOTP session authentication');
|
||||
throw new ForbiddenError('API key generation requires TOTP session authentication');
|
||||
}
|
||||
|
||||
const { name, scopes } = req.body;
|
||||
|
||||
if (!name || typeof name !== 'string' || name.trim().length === 0) {
|
||||
return ctx.errorResponse(res, 400, 'API key name is required');
|
||||
throw new ValidationError('API key name is required', 'name');
|
||||
}
|
||||
|
||||
// Validate scopes if provided
|
||||
const validScopes = ['read', 'write', 'admin'];
|
||||
if (scopes && (!Array.isArray(scopes) || !scopes.every(s => validScopes.includes(s)))) {
|
||||
return ctx.errorResponse(res, 400, 'Invalid scopes', { validScopes });
|
||||
throw new ValidationError(`Invalid scopes. Valid options: ${validScopes.join(', ')}`, 'scopes');
|
||||
}
|
||||
|
||||
const keyData = await ctx.authManager.generateAPIKey(
|
||||
@@ -72,13 +73,13 @@ module.exports = function(ctx) {
|
||||
router.delete('/auth/keys/:keyId', ctx.asyncHandler(async (req, res) => {
|
||||
// Require session authentication
|
||||
if (!req.auth || req.auth.type !== 'session') {
|
||||
return ctx.errorResponse(res, 403, 'API key revocation requires TOTP session authentication');
|
||||
throw new ForbiddenError('API key revocation requires TOTP session authentication');
|
||||
}
|
||||
|
||||
const { keyId } = req.params;
|
||||
|
||||
if (!keyId || typeof keyId !== 'string') {
|
||||
return ctx.errorResponse(res, 400, 'Key ID is required');
|
||||
throw new ValidationError('Key ID is required', 'keyId');
|
||||
}
|
||||
|
||||
const success = await ctx.authManager.revokeAPIKey(keyId);
|
||||
@@ -86,8 +87,7 @@ module.exports = function(ctx) {
|
||||
if (success) {
|
||||
res.json({ success: true, message: 'API key revoked successfully' });
|
||||
} else {
|
||||
const { NotFoundError } = require('../../errors');
|
||||
throw new NotFoundError('API key');
|
||||
throw new NotFoundError(`API key ${keyId}`);
|
||||
}
|
||||
}, 'auth-keys-revoke'));
|
||||
|
||||
@@ -95,7 +95,7 @@ module.exports = function(ctx) {
|
||||
router.post('/auth/jwt', ctx.asyncHandler(async (req, res) => {
|
||||
// Require session authentication
|
||||
if (!req.auth || req.auth.type !== 'session') {
|
||||
return ctx.errorResponse(res, 403, 'JWT generation requires TOTP session authentication');
|
||||
throw new ForbiddenError('JWT generation requires TOTP session authentication');
|
||||
}
|
||||
|
||||
const { expiresIn, userId } = req.body;
|
||||
@@ -103,7 +103,7 @@ module.exports = function(ctx) {
|
||||
// Validate expiresIn format if provided (e.g., '24h', '7d', '1y')
|
||||
const validExpiresIn = /^(\d+[smhdy])$/.test(expiresIn || '24h');
|
||||
if (expiresIn && !validExpiresIn) {
|
||||
return ctx.errorResponse(res, 400, 'Invalid expiresIn format. Use: 60s, 15m, 24h, 7d, 1y');
|
||||
throw new ValidationError('Invalid expiresIn format. Use: 60s, 15m, 24h, 7d, 1y', 'expiresIn');
|
||||
}
|
||||
|
||||
const token = await ctx.authManager.generateJWT(
|
||||
|
||||
Reference in New Issue
Block a user