Structured JSON error responses for API endpoints#110
Merged
Conversation
API handlers returned errors via http.Error (text/plain) with ad-hoc
strings, while the mirror API used a different {"error": "..."} shape
and leaked internal err.Error() text to clients.
Add ErrorResponse{Code, Message} with stable codes (BAD_REQUEST,
NOT_FOUND, UPSTREAM_ERROR, INTERNAL_ERROR) and writeError/badRequest/
notFound/internalError helpers. Convert all JSON API handlers in
api.go, browse.go, mirror_api.go and the /stats endpoint. Enrichment
failures now report 502 UPSTREAM_ERROR rather than 500.
Protocol handlers in internal/handler/ are deliberately unchanged
since npm/pip/cargo clients expect their own response formats, not
JSON. HTML page handlers in server.go also keep text/plain.
Swagger @failure annotations updated and docs regenerated.
Fixes #76
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
API handlers returned errors via
http.Erroras text/plain with ad-hoc strings, while the mirror API used a different{"error": "..."}shape and leaked rawerr.Error()to clients on job creation failure.Adds
ErrorResponse{Code, Message}ininternal/server/errors.gowith four stable codes (BAD_REQUEST,NOT_FOUND,UPSTREAM_ERROR,INTERNAL_ERROR) andwriteErrorplusbadRequest/notFound/internalErrorshorthands. All JSON API handlers inapi.go,browse.go,mirror_api.goand the/statsendpoint now return:{"code": "NOT_FOUND", "message": "package not found"}Enrichment failures now report 502
UPSTREAM_ERRORrather than 500, since the proxy itself is fine.Two surfaces deliberately left as-is. Protocol handlers in
internal/handler/serve real package-manager clients (npm, pip, cargo, etc.) that expect protocol-native responses, so JSON errors there would break installs. HTML page handlers inserver.go(showPackage,showVersion, search/list pages) keep text/plain since they render templates, not JSON.Swagger
@Failureannotations updated to{object} ErrorResponseanddocs/swaggerregenerated.Fixes #76