Don't expose raw exceptions to client

Donkie · May 14, 2023 · 24083b4 · 24083b4
1 parent 8b4ba1f
commit 24083b4
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 8 deletions.
diff --git a/spoolman/api/v1/filament.py b/spoolman/api/v1/filament.py
@@ -1,5 +1,6 @@
 """Filament related endpoints."""
 
+import logging
 from typing import Annotated, Optional
 
 from fastapi import APIRouter, Depends, Query
@@ -14,6 +15,8 @@
 from spoolman.database.database import get_db_session
 from spoolman.exceptions import ItemDeleteError
 
+logger = logging.getLogger(__name__)
+
 router = APIRouter(
     prefix="/filament",
     tags=["filament"],
@@ -196,9 +199,10 @@ async def delete(  # noqa: ANN201
 ):
     try:
         await filament.delete(db, filament_id)
-    except ItemDeleteError as exc:
+    except ItemDeleteError:
+        logger.exception("Failed to delete filament.")
         return JSONResponse(
             status_code=403,
-            content={"message": str(exc)},
+            content={"message": "Failed to delete filament, see server logs for more information."},
         )
     return Message(message="Success!")
diff --git a/spoolman/api/v1/router.py b/spoolman/api/v1/router.py
@@ -1,5 +1,9 @@
 """Router setup for the v1 version of the API."""
 
+# ruff: noqa: D103
+
+import logging
+
 from fastapi import FastAPI
 from fastapi.responses import JSONResponse
 from starlette.requests import Request
@@ -9,7 +13,7 @@
 
 from . import filament, models, spool, vendor
 
-# ruff: noqa: D103
+logger = logging.getLogger(__name__)
 
 app = FastAPI(
     title="Spoolman REST API v1",
@@ -21,9 +25,10 @@
 
 @app.exception_handler(ItemNotFoundError)
 async def itemnotfounderror_exception_handler(_request: Request, exc: ItemNotFoundError) -> Response:
+    logger.debug(exc, exc_info=True)
     return JSONResponse(
         status_code=404,
-        content={"message": str(exc)},
+        content={"message": "Item not found."},
     )
 
 

diff --git a/spoolman/api/v1/spool.py b/spoolman/api/v1/spool.py
@@ -1,5 +1,6 @@
 """Spool related endpoints."""
 
+import logging
 from datetime import datetime
 from typing import Annotated, Optional
 
@@ -15,6 +16,8 @@
 from spoolman.database.database import get_db_session
 from spoolman.exceptions import ItemCreateError
 
+logger = logging.getLogger(__name__)
+
 router = APIRouter(
     prefix="/spool",
     tags=["spool"],
@@ -166,10 +169,11 @@ async def create(  # noqa: ANN201
             comment=body.comment,
         )
         return Spool.from_db(db_item)
-    except ItemCreateError as exc:
+    except ItemCreateError:
+        logger.exception("Failed to create spool.")
         return JSONResponse(
             status_code=400,
-            content={"message": str(exc)},
+            content={"message": "Failed to create spool, see server logs for more information."},
         )
 
 
@@ -211,10 +215,11 @@ async def update(  # noqa: ANN201
             spool_id=spool_id,
             data=patch_data,
         )
-    except ItemCreateError as exc:
+    except ItemCreateError:
+        logger.exception("Failed to update spool.")
         return JSONResponse(
             status_code=400,
-            content={"message": str(exc)},
+            content={"message": "Failed to update spool, see server logs for more information."},
         )
 
     return Spool.from_db(db_item)