admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Improve RestApiExceptionFilter (#12967)

Browse Source 
RestApiExceptionFilter is used as an exception filter for the core
controller which is used for crud operations on our objects (equivalent
of our dynamic queries findManyPeople etc. on the graphql API).

Exceptions were leading a 400 / BadRequestException response status
which can be confusing to users.
By default we should actually throw a 500 if the error was not handled
priorily, but we have not implemented input validation for the REST api
so we fear to be flooded with errors that should not be 500 but 400 due
to user inputs. A solution should be brought [with this
ticket](https://github.com/twentyhq/core-team-issues/issues/1027) but it
has not been prioritized yet.
This commit is contained in:
Marie
2025-06-30 16:01:48 +02:00
committed by GitHub
parent d4fe8efd7f
commit 1b72d901a5
6 changed files with 69 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
packages/twenty-server/src/engine/api/rest/core/handlers/rest-api-create-many.handler.ts
View File

@ -1,4 +1,8 @@
import { BadRequestException, Injectable } from '@nestjs/common'; import {
BadRequestException,
Injectable,
InternalServerErrorException,
} from '@nestjs/common';
import { Request } from 'express'; import { Request } from 'express';
import { isDefined } from 'twenty-shared/utils'; import { isDefined } from 'twenty-shared/utils';
@ -72,7 +76,7 @@ export class RestApiCreateManyHandler extends RestApiBaseHandler {
}); });
if (records.length !== body.length) { if (records.length !== body.length) {
throw new Error( throw new InternalServerErrorException(
`Error when creating records. ${body.length - records.length} records are missing after creation.`, `Error when creating records. ${body.length - records.length} records are missing after creation.`,
); );
} }

8
packages/twenty-server/src/engine/api/rest/core/handlers/rest-api-create-one.handler.ts
View File

@ -1,4 +1,8 @@
import { BadRequestException, Injectable } from '@nestjs/common'; import {
BadRequestException,
Injectable,
InternalServerErrorException,
} from '@nestjs/common';
import { Request } from 'express'; import { Request } from 'express';
import { isDefined } from 'twenty-shared/utils'; import { isDefined } from 'twenty-shared/utils';
@ -57,7 +61,7 @@ export class RestApiCreateOneHandler extends RestApiBaseHandler {
const record = records[0]; const record = records[0];
if (!isDefined(record)) { if (!isDefined(record)) {
throw new Error('Created record not found'); throw new InternalServerErrorException('Created record not found');
} }
return this.formatResult({ return this.formatResult({

8
packages/twenty-server/src/engine/api/rest/core/handlers/rest-api-update-one.handler.ts
View File

@ -1,4 +1,8 @@
import { BadRequestException, Injectable } from '@nestjs/common'; import {
BadRequestException,
Injectable,
InternalServerErrorException,
} from '@nestjs/common';
import { Request } from 'express'; import { Request } from 'express';
import { isDefined } from 'twenty-shared/utils'; import { isDefined } from 'twenty-shared/utils';
@ -54,7 +58,7 @@ export class RestApiUpdateOneHandler extends RestApiBaseHandler {
const record = records[0]; const record = records[0];
if (!isDefined(record)) { if (!isDefined(record)) {
throw new Error('Updated record not found'); throw new InternalServerErrorException('Updated record not found');
} }
return this.formatResult({ return this.formatResult({

15
packages/twenty-server/src/engine/api/rest/rest-api-exception.filter.ts
View File

@ -1,9 +1,13 @@
import { ArgumentsHost, Catch, ExceptionFilter } from '@nestjs/common'; import {
ArgumentsHost,
Catch,
ExceptionFilter,
HttpException,
} from '@nestjs/common';
import { Response } from 'express'; import { Response } from 'express';
import { HttpExceptionHandlerService } from 'src/engine/core-modules/exception-handler/http-exception-handler.service'; import { HttpExceptionHandlerService } from 'src/engine/core-modules/exception-handler/http-exception-handler.service';
import { CustomException } from 'src/utils/custom-exception';
@Catch() @Catch()
export class RestApiExceptionFilter implements ExceptionFilter { export class RestApiExceptionFilter implements ExceptionFilter {
@ -15,10 +19,13 @@ export class RestApiExceptionFilter implements ExceptionFilter {
const ctx = host.switchToHttp(); const ctx = host.switchToHttp();
const response = ctx.getResponse<Response>(); const response = ctx.getResponse<Response>();
const statusCode =
exception instanceof HttpException ? exception.getStatus() : 400; // should actually default to 500 but we dont have input validation yet and dont want to be flooded with errors from input https://github.com/twentyhq/core-team-issues/issues/1027
return this.httpExceptionHandlerService.handleError( return this.httpExceptionHandlerService.handleError(
exception as CustomException, exception as Error | HttpException,
response, response,
400, statusCode,
); );
} }
} }

42
packages/twenty-server/src/engine/core-modules/exception-handler/http-exception-handler.service.ts
View File

@ -1,4 +1,10 @@
import { BadRequestException, Inject, Injectable, Scope } from '@nestjs/common'; import {
BadRequestException,
HttpException,
Inject,
Injectable,
Scope,
} from '@nestjs/common';
import { REQUEST } from '@nestjs/core'; import { REQUEST } from '@nestjs/core';
import { Response } from 'express'; import { Response } from 'express';
@ -16,6 +22,34 @@ interface RequestAndParams {
params: any; params: any;
} }
const getErrorNameFromStatusCode = (statusCode: number) => {
switch (statusCode) {
case 400:
return 'BadRequestException';
case 401:
return 'UnauthorizedException';
case 403:
return 'ForbiddenException';
case 404:
return 'NotFoundException';
case 405:
return 'MethodNotAllowedException';
case 409:
return 'ConflictException';
case 422:
return 'UnprocessableEntityException';
case 500:
return 'InternalServerErrorException';
default: {
if (statusCode >= 500) {
return 'InternalServerErrorException';
}
return 'BadRequestException';
}
}
};
@Injectable({ scope: Scope.REQUEST }) @Injectable({ scope: Scope.REQUEST })
export class HttpExceptionHandlerService { export class HttpExceptionHandlerService {
constructor( constructor(
@ -25,15 +59,13 @@ export class HttpExceptionHandlerService {
) {} ) {}
handleError = ( handleError = (
exception: Error, exception: Error | HttpException,
// eslint-disable-next-line @typescript-eslint/no-explicit-any
// eslint-disable-next-line @typescript-eslint/no-explicit-any // eslint-disable-next-line @typescript-eslint/no-explicit-any
response: Response<any, Record<string, any>>, response: Response<any, Record<string, any>>,
errorCode?: number, errorCode?: number,
user?: ExceptionHandlerUser, user?: ExceptionHandlerUser,
workspace?: ExceptionHandlerWorkspace, workspace?: ExceptionHandlerWorkspace,
// eslint-disable-next-line @typescript-eslint/no-explicit-any // eslint-disable-next-line @typescript-eslint/no-explicit-any
// eslint-disable-next-line @typescript-eslint/no-explicit-any
): Response<any, Record<string, any>> | undefined => { ): Response<any, Record<string, any>> | undefined => {
const params = this.request?.params; const params = this.request?.params;
@ -62,7 +94,7 @@ export class HttpExceptionHandlerService {
return response.status(statusCode).send({ return response.status(statusCode).send({
statusCode, statusCode,
error: exception.name || 'BadRequestException', error: exception.name ?? getErrorNameFromStatusCode(statusCode),
messages: [exception?.message], messages: [exception?.message],
}); });
}; };

4
packages/twenty-server/src/engine/utils/global-exception-handler.util.ts
View File

@ -86,7 +86,9 @@ export const shouldCaptureException = (
return true; return true;
}; };
export const handleException = <T extends Error | CustomException>({ export const handleException = <
T extends Error | CustomException | HttpException,
>({
exception, exception,
exceptionHandlerService, exceptionHandlerService,
user, user,