diff --git a/packages/auth/package.json b/packages/auth/package.json index a452299d08..020acd7cd2 100644 --- a/packages/auth/package.json +++ b/packages/auth/package.json @@ -30,7 +30,7 @@ "@graphql-tools/schema": "^10.0.3", "@interledger/http-signature-utils": "2.0.2", "@interledger/open-payments": "6.8.0", - "@interledger/openapi": "1.2.1", + "@interledger/openapi": "2.0.1", "@koa/cors": "^5.0.0", "@koa/router": "^12.0.0", "ajv": "^8.12.0", diff --git a/packages/auth/src/index.ts b/packages/auth/src/index.ts index a1daa2868d..c71d04cded 100644 --- a/packages/auth/src/index.ts +++ b/packages/auth/src/index.ts @@ -33,7 +33,13 @@ export function initIocContainer( container.singleton('logger', async (deps: IocContract) => { const config = await deps.use('config') const logger = createLogger({ - level: config.logLevel + level: config.logLevel, + redact: [ + 'grant.continueToken', + 'headers.authorization', + 'accessToken.value', + 'requestBody.access_token' + ] }) return logger }) diff --git a/packages/auth/src/shared/gnapErrors.ts b/packages/auth/src/shared/gnapErrors.ts index d0d6ce4208..947f7eaf94 100644 --- a/packages/auth/src/shared/gnapErrors.ts +++ b/packages/auth/src/shared/gnapErrors.ts @@ -1,5 +1,5 @@ import { AppContext } from '../app' - +import { OpenAPIValidatorMiddlewareError } from '@interledger/openapi' export enum GNAPErrorCode { InvalidRequest = 'invalid_request', InvalidClient = 'invalid_client', @@ -54,17 +54,30 @@ export async function gnapServerErrorMiddleware( message: err.message, requestBody: ctx.request.body }, - 'Received error when handling GNAP request' + 'Received error when handling Open Payments GNAP request' ) ctx.throw(err.status, err.code, { error: { code: err.code, description: err.message } }) + } else if (err instanceof OpenAPIValidatorMiddlewareError) { + const finalStatus = err.status || 400 + + logger.info( + { + ...baseLog, + message: err.message, + status: finalStatus + }, + 'Received OpenAPI validation error when handling Open Payments GNAP request' + ) + + ctx.throw(finalStatus, err.message) } logger.error( { ...baseLog, err }, - 'Received unhandled error in GNAP request' + 'Received unhandled error in Open Payments GNAP request' ) ctx.throw(500) } diff --git a/packages/auth/src/signature/middleware.ts b/packages/auth/src/signature/middleware.ts index 5630e37d50..1b8e63c0c5 100644 --- a/packages/auth/src/signature/middleware.ts +++ b/packages/auth/src/signature/middleware.ts @@ -161,6 +161,10 @@ export async function tokenHttpsigMiddleware( } if (!accessToken.grant) { + const logger = await ctx.container.use('logger') + logger.error( + `access token with management id ${ctx.params['id']} has no grant associated with it.` + ) throw new GNAPServerRouteError( 500, GNAPErrorCode.RequestDenied, diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 01f9fdee5f..f5bbe92d16 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -148,8 +148,8 @@ importers: specifier: 6.8.0 version: 6.8.0 '@interledger/openapi': - specifier: 1.2.1 - version: 1.2.1 + specifier: 2.0.1 + version: 2.0.1 '@koa/cors': specifier: ^5.0.0 version: 5.0.0 @@ -4148,7 +4148,7 @@ packages: '@apidevtools/json-schema-ref-parser': 10.1.0 ajv: 8.12.0 ajv-formats: 2.1.1(ajv@8.12.0) - koa: 2.15.2 + koa: 2.15.3 openapi-default-setter: 12.1.3 openapi-request-coercer: 12.1.3 openapi-request-validator: 12.1.3 @@ -12628,6 +12628,7 @@ packages: vary: 1.1.2 transitivePeerDependencies: - supports-color + dev: false /koa@2.15.3: resolution: {integrity: sha512-j/8tY9j5t+GVMLeioLaxweJiKUayFhlGqNTzf2ZGwL0ZCQijd2RLHK0SLW5Tsko8YyyqCZC2cojIb0/s62qTAg==} @@ -12658,7 +12659,6 @@ packages: vary: 1.1.2 transitivePeerDependencies: - supports-color - dev: true /language-subtag-registry@0.3.22: resolution: {integrity: sha512-tN0MCzyWnoz/4nHS6uxdlFWoUZT7ABptwKPQ52Ea7URk6vll88bWBVhodtnlfEuCcKWNGoc+uGbw1cwa9IKh/w==}