pieced/pieced-portal
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b12bca88188ea6ba3bfcc103fd132180af938571
pieced-portal/src/lib/errors.ts
admin f0eca1959b fix(portal): security hardening for pilot readiness 
- C1: Rewrite /api/usage to resolve teamId server-side from tenant CR;
  customers can no longer pass arbitrary teamId (IDOR fix)
- C2: Remove POST /api/tenants — tenants are only created via admin
  approval flow
- H1: Validate packages against catalog, workspaceFiles against allowlist,
  and field lengths in PATCH /api/tenants/[name]
- H2: Remove full ZITADEL profile claims logging from JWT callback
- H3: Add safeError() utility; sanitize all error responses to clients,
  toggle raw errors via PORTAL_DEBUG_ERRORS=true
- H4/H5: Escape HTML entities in all email templates (contactName,
  companyName, adminNotes)
2026-04-14 20:20:04 +02:00

38 lines
1.3 KiB
TypeScript
Raw Blame History

/**
* Error sanitization for API responses.
*
* By default, returns a generic message to the client and logs the full
* error server-side. Set PORTAL_DEBUG_ERRORS=true to return the raw
* error message to the client (useful during development/debugging).
*/
const DEBUG_ERRORS = process.env.PORTAL_DEBUG_ERRORS === "true";
/**
* Returns a safe error string for API responses.
*
* - In debug mode (PORTAL_DEBUG_ERRORS=true): returns the raw e.message
* - In production mode: returns the fallback string and logs the real error
*
* Recognises common HTTP status codes from k8s/vault errors and returns
* appropriate short messages even in production mode.
*/
export function safeError(e: unknown, fallback: string): string {
const err = e instanceof Error ? e : new Error(String(e));
const statusCode = (err as any).statusCode as number | undefined;
if (DEBUG_ERRORS) {
return err.message;
}
// Map well-known status codes to safe messages
if (statusCode === 404) return "Not found";
if (statusCode === 403) return "Forbidden";
if (statusCode === 409) return "Conflict";
if (statusCode === 401) return "Unauthorized";
// Log full error server-side, return generic to client
console.error(`${fallback}:`, err.message);
return fallback;
}
Reference in New Issue View Git Blame Copy Permalink