Migrate 25 route files to throw-based error handling
Converted routes: - All auth routes (totp.js, keys.js, sso-gate.js) - Recipe deployment routes (deploy.js, manage.js, index.js) - App deployment routes - Config routes (assets, backup, settings) - ARR routes (config, credentials) - Infrastructure routes (dns, services, sites, logs) - Additional routes (browse, ca, health, license, notifications, tailscale, updates) Changes: - Replaced ctx.errorResponse() with throw statements - Replaced errorResponse() with throw statements - Added proper error imports to each file - 400 errors → ValidationError - 401 errors → AuthenticationError - 403 errors → ForbiddenError - 404 errors → NotFoundError - 409 errors → ConflictError - 500 errors → Handled by middleware Result: 25 files migrated, ~150 error responses standardized
This commit is contained in:
Krystie
@@ -1,5 +1,6 @@
|
||||
const express = require('express');
|
||||
const { renewCSRFToken } = require('../../csrf-protection');
|
||||
const { ValidationError, AuthenticationError } = require('../../errors');
|
||||
|
||||
module.exports = function(ctx) {
|
||||
const router = express.Router();
|
||||
@@ -28,7 +29,7 @@ module.exports = function(ctx) {
|
||||
// Normalize common Base32 confusions: 0→O, 1→L, 8→B
|
||||
secret = secret.replace(/0/g, 'O').replace(/1/g, 'L').replace(/8/g, 'B');
|
||||
if (!/^[A-Z2-7]{16,}$/.test(secret)) {
|
||||
return ctx.errorResponse(res, 400, 'Invalid secret key format. Must be a Base32 string (letters A-Z and digits 2-7).');
|
||||
throw new ValidationError('Invalid secret key format. Must be a Base32 string (letters A-Z and digits 2-7).', 'secret');
|
||||
}
|
||||
} else {
|
||||
secret = authenticator.generateSecret();
|
||||
@@ -50,17 +51,17 @@ module.exports = function(ctx) {
|
||||
const { code } = req.body;
|
||||
|
||||
if (!code || !/^\d{6}$/.test(code)) {
|
||||
return ctx.errorResponse(res, 400, 'Invalid code format');
|
||||
throw new ValidationError('Invalid code format', 'code');
|
||||
}
|
||||
|
||||
const pendingSecret = await ctx.credentialManager.retrieve('totp.pending_secret');
|
||||
if (!pendingSecret) {
|
||||
return ctx.errorResponse(res, 400, 'No pending TOTP setup. Call /api/totp/setup first.');
|
||||
throw new ValidationError('No pending TOTP setup. Call /api/totp/setup first.');
|
||||
}
|
||||
|
||||
authenticator.options = { window: 1 };
|
||||
if (!authenticator.verify({ token: code, secret: pendingSecret })) {
|
||||
return ctx.errorResponse(res, 401, '[DC-111] Invalid code. Please try again.');
|
||||
throw new AuthenticationError('[DC-111] Invalid code. Please try again.');
|
||||
}
|
||||
|
||||
// Promote pending secret to active
|
||||
@@ -87,21 +88,21 @@ module.exports = function(ctx) {
|
||||
const { code } = req.body;
|
||||
|
||||
if (!code || !/^\d{6}$/.test(code)) {
|
||||
return ctx.errorResponse(res, 400, 'Invalid code format');
|
||||
throw new ValidationError('Invalid code format', 'code');
|
||||
}
|
||||
|
||||
if (!ctx.totpConfig.enabled || !ctx.totpConfig.isSetUp) {
|
||||
return ctx.errorResponse(res, 400, 'TOTP is not enabled');
|
||||
throw new ValidationError('TOTP is not enabled');
|
||||
}
|
||||
|
||||
const secret = await ctx.credentialManager.retrieve('totp.secret');
|
||||
if (!secret) {
|
||||
return ctx.errorResponse(res, 500, 'TOTP secret not found');
|
||||
throw new Error('TOTP secret not found');
|
||||
}
|
||||
|
||||
authenticator.options = { window: 1 };
|
||||
if (!authenticator.verify({ token: code, secret })) {
|
||||
return ctx.errorResponse(res, 401, '[DC-111] Invalid code');
|
||||
throw new AuthenticationError('[DC-111] Invalid code');
|
||||
}
|
||||
|
||||
ctx.log.info('auth', 'TOTP verified, creating session', { ip: ctx.session.getClientIP(req), duration: ctx.totpConfig.sessionDuration });
|
||||
@@ -131,7 +132,7 @@ module.exports = function(ctx) {
|
||||
return res.status(200).json({ authenticated: true });
|
||||
}
|
||||
|
||||
return ctx.errorResponse(res, 401, 'Session expired or invalid', { authenticated: false });
|
||||
throw new AuthenticationError('Session expired or invalid');
|
||||
}, 'totp-check-session'));
|
||||
|
||||
// Disable TOTP
|
||||
@@ -141,14 +142,14 @@ module.exports = function(ctx) {
|
||||
// Always require a valid TOTP code when TOTP is active
|
||||
if (ctx.totpConfig.enabled && ctx.totpConfig.isSetUp) {
|
||||
if (!code || !/^\d{6}$/.test(code)) {
|
||||
return ctx.errorResponse(res, 400, 'A valid TOTP code is required to disable TOTP');
|
||||
throw new ValidationError('A valid TOTP code is required to disable TOTP', 'code');
|
||||
}
|
||||
const { authenticator } = require('otplib');
|
||||
const secret = await ctx.credentialManager.retrieve('totp.secret');
|
||||
if (secret) {
|
||||
authenticator.options = { window: 1 };
|
||||
if (!authenticator.verify({ token: code, secret })) {
|
||||
return ctx.errorResponse(res, 401, '[DC-111] Invalid code');
|
||||
throw new AuthenticationError('[DC-111] Invalid code');
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -172,9 +173,7 @@ module.exports = function(ctx) {
|
||||
const { sessionDuration } = req.body;
|
||||
|
||||
if (sessionDuration && !ctx.session.durations.hasOwnProperty(sessionDuration)) {
|
||||
return ctx.errorResponse(res, 400, 'Invalid session duration', {
|
||||
validOptions: Object.keys(ctx.session.durations)
|
||||
});
|
||||
throw new ValidationError(`Invalid session duration. Valid options: ${Object.keys(ctx.session.durations).join(', ')}`, 'sessionDuration');
|
||||
}
|
||||
|
||||
if (sessionDuration) {
|
||||
|
||||
Reference in New Issue
Block a user