Improve RestApiExceptionFilter (#12967)

RestApiExceptionFilter is used as an exception filter for the core controller which is used for crud operations on our objects (equivalent of our dynamic queries findManyPeople etc. on the graphql API). Exceptions were leading a 400 / BadRequestException response status which can be confusing to users. By default we should actually throw a 500 if the error was not handled priorily, but we have not implemented input validation for the REST api so we fear to be flooded with errors that should not be 500 but 400 due to user inputs. A solution should be brought [with this ticket](https://github.com/twentyhq/core-team-issues/issues/1027) but it has not been prioritized yet.
2025-06-30 16:01:48 +02:00
parent d4fe8efd7f
commit 1b72d901a5
6 changed files with 69 additions and 16 deletions
--- a/packages/twenty-server/src/engine/core-modules/exception-handler/http-exception-handler.service.ts
+++ b/packages/twenty-server/src/engine/core-modules/exception-handler/http-exception-handler.service.ts
@ -1,4 +1,10 @@
-import { BadRequestException, Inject, Injectable, Scope } from '@nestjs/common';
+import {
+  BadRequestException,
+  HttpException,
+  Inject,
+  Injectable,
+  Scope,
+} from '@nestjs/common';
 import { REQUEST } from '@nestjs/core';

 import { Response } from 'express';
@ -16,6 +22,34 @@ interface RequestAndParams {
  params: any;
 }

+const getErrorNameFromStatusCode = (statusCode: number) => {
+  switch (statusCode) {
+    case 400:
+      return 'BadRequestException';
+    case 401:
+      return 'UnauthorizedException';
+    case 403:
+      return 'ForbiddenException';
+    case 404:
+      return 'NotFoundException';
+    case 405:
+      return 'MethodNotAllowedException';
+    case 409:
+      return 'ConflictException';
+    case 422:
+      return 'UnprocessableEntityException';
+    case 500:
+      return 'InternalServerErrorException';
+    default: {
+      if (statusCode >= 500) {
+        return 'InternalServerErrorException';
+      }
+
+      return 'BadRequestException';
+    }
+  }
+};
+
@Injectable({ scope: Scope.REQUEST })
 export class HttpExceptionHandlerService {
  constructor(
@ -25,15 +59,13 @@ export class HttpExceptionHandlerService {
  ) {}

  handleError = (
-    exception: Error,
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    exception: Error | HttpException,
    // eslint-disable-next-line @typescript-eslint/no-explicit-any
    response: Response<any, Record<string, any>>,
    errorCode?: number,
    user?: ExceptionHandlerUser,
    workspace?: ExceptionHandlerWorkspace,
    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
  ): Response<any, Record<string, any>> | undefined => {
    const params = this.request?.params;

@ -62,7 +94,7 @@ export class HttpExceptionHandlerService {

    return response.status(statusCode).send({
      statusCode,
-      error: exception.name || 'BadRequestException',
+      error: exception.name ?? getErrorNameFromStatusCode(statusCode),
      messages: [exception?.message],
    });
  };