fix: error handling on graphql-auth, auth

tradle · Jan 12, 2018 · dbc31dd · dbc31dd
1 parent f82b0b9
commit dbc31dd
Show file tree

Hide file tree

Showing 4 changed files with 84 additions and 11 deletions.
diff --git a/lib/bot/lambda/auth.js b/lib/bot/lambda/auth.js
diff --git a/lib/bot/middleware/graphql-auth.js b/lib/bot/middleware/graphql-auth.js
diff --git a/src/bot/lambda/auth.ts b/src/bot/lambda/auth.ts
@@ -1,5 +1,6 @@
 import compose = require('koa-compose')
 import cors = require('kcors')
+import Errors from '../../errors'
 import { post } from '../middleware/noop-route'
 import { bodyParser } from '../middleware/body-parser'
 import { EventSource, Lambda, fromHTTP } from '../lambda'
@@ -22,7 +23,24 @@ export const auth = (lambda:Lambda, opts?:any) => {
   const { tradle, bot } = lambda
   return async (ctx, next) => {
     const time = Date.now()
-    ctx.session = await tradle.auth.handleChallengeResponse(ctx.request.body)
+    try {
+      ctx.session = await tradle.auth.handleChallengeResponse(ctx.request.body)
+    } catch (err) {
+      Errors.rethrow(err, 'system')
+      ctx.status = 400
+      if (Errors.matches(err, Errors.HandshakeFailed)) {
+        ctx.body = {
+          message: err.message
+        }
+      } else {
+        ctx.body = {
+          message: 'failed, please retry'
+        }
+      }
+
+      return
+    }
+
     ctx.userId = ctx.session.permalink
     await bot.hooks.fire('user:authenticated', ctx.userId)
     await next()

diff --git a/src/bot/middleware/graphql-auth.ts b/src/bot/middleware/graphql-auth.ts
@@ -1,6 +1,7 @@
 import { utils as tradleUtils } from '@tradle/engine'
 import validateResource = require('@tradle/validate-resource')
-import { constants, Errors } from '../../'
+import constants = require('../../constants')
+import Errors = require('../../errors')
 import { ITradleObject } from '../../types'
 import { isPromise } from '../../utils'
 
@@ -59,8 +60,25 @@ export const createHandler = ({ bot }, { allowGuest, canUserRunQuery }) => {
     let { user } = ctx
     if (sig && !user) {
       debug('looking up query author')
-      await identities.addAuthorInfo(queryObj)
-      ctx.user = user = await bot.users.get(queryObj._author)
+      try {
+        await identities.addAuthorInfo(queryObj)
+        ctx.user = user = await bot.users.get(queryObj._author)
+      } catch (err) {
+        Errors.rethrow(err, 'system')
+        if (Errors.matches(err, [Errors.NotFound, Errors.UnknownAuthor])) {
+          ctx.status = 403
+          ctx.body = {
+            message: 'not allowed'
+          }
+        } else {
+          ctx.status = 500
+          ctx.body = {
+            message: 'something went wrong'
+          }
+        }
+
+        return
+      }
     }
 
     let allowed = canUserRunQuery({ user, query: queryObj })