Catch all exceptions in wallet API #220
Conversation
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## main #220 +/- ##
==========================================
+ Coverage 56.06% 56.41% +0.34%
==========================================
Files 42 42
Lines 3328 3311 -17
==========================================
+ Hits 1866 1868 +2
+ Misses 1462 1443 -19
☔ View full report in Codecov by Sentry. |
cashu/wallet/api/error_handler.py
Outdated
| except Exception as exc: | ||
| raise HTTPException( | ||
| status_code=status.HTTP_400_BAD_REQUEST, detail=str(exc) | ||
| ) |
There was a problem hiding this comment.
Would suggest
| except Exception as exc: | |
| raise HTTPException( | |
| status_code=status.HTTP_400_BAD_REQUEST, detail=str(exc) | |
| ) | |
| except (AssertionError, KeyboardInterrupt): | |
| # These should never really be caught, 1st is "something real bad" and 2nd is a PITA if something gets stuck | |
| raise | |
| except Exception as exc: | |
| if isinstance(exc, HTTPException): | |
| # Allows optionally setting a custom `status_code` if desired, but otherwise defaulting to below for convenience | |
| raise | |
| raise HTTPException( | |
| status_code=status.HTTP_400_BAD_REQUEST, detail=str(exc) | |
| ) |
There was a problem hiding this comment.
str(exc) probably OK for now, but should be a little cautious about echoing the contents of whatever exception gets raised back to some random person on the internet, it can leak info about the system and make it easier to find vulnerabilities (minor example #228 where the API responses reveal that this mint was running Postgres and CLN specifically)
There was a problem hiding this comment.
Would still recommend passing-up a HTTPException as-is if one is encountered, but could easilly be added later if someone needs this
if isinstance(exc, HTTPException):
# Allows optionally setting a custom `status_code` if desired, but otherwise defaulting to below for convenience
raiseOn the AssertionError, seems assert has been used in a few places so can pass on that suggestion (though IMHO even though assert is shorter, it is best reserved as a thing to actually cause a crash, like if somehow 1 != 1)
cashu/wallet/api/router.py
Outdated
| @@ -32,7 +34,7 @@ async def load_mint(wallet: Wallet, mint: Optional[str] = None): | |||
| try: | |||
| await wallet.load_mint() | |||
| except Exception as e: | |||
| raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(e)) | |||
| raise Exception(str(e)) | |||
There was a problem hiding this comment.
Jokingly suggest using a custom Exception class Cachuww 🤧
cashu/wallet/api/router.py
Outdated
| try: | ||
| await wallet.load_mint() | ||
| except Exception as e: | ||
| raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(e)) | ||
| raise Exception(str(e)) |
There was a problem hiding this comment.
This block can be replaced by simply wallet.load_mint() without try: ... except: ... – achieves the same thing.
Move HTTPException from router to error handler and catch all exceptions in error handler.
Closes #201 .