Skip to content

fix(admin): use static error messages in excluded models/providers handlers#528

Open
rohith500 wants to merge 1 commit into
workweave:mainfrom
rohith500:fix/admin-error-message-leakage
Open

fix(admin): use static error messages in excluded models/providers handlers#528
rohith500 wants to merge 1 commit into
workweave:mainfrom
rohith500:fix/admin-error-message-leakage

Conversation

@rohith500

@rohith500 rohith500 commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Problem

PUT /admin/v1/excluded-models and PUT /admin/v1/excluded-providers call err.Error() directly when an unknown model or provider name is submitted, leaking the internal Go package name prefix to the client:

{"error":"auth: unknown model id: \"some-model-name\""}
{"error":"auth: unknown provider: \"some-provider-name\""}

The auth: prefix comes from ErrUnknownModel = errors.New("auth: unknown model id") and ErrUnknownProvider = errors.New("auth: unknown provider") in internal/auth/service.go. These sentinel errors are internal bookkeeping — their Error() string was never intended to be user-facing.

Every other 400 response in the admin API uses a static string:

gin.H{"error": "Failed to update excluded models."}
gin.H{"error": "Missing ID."}
gin.H{"error": "Failed to look up API key."}

These two handlers are the only ones in the admin layer that pass err.Error() through to the client on a validation failure.

Fix

Replace the two err.Error() calls with static strings consistent with the rest of the admin API:

// excluded_models.go
- c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+ c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "unknown model id in exclusion list"})
 
// excluded_providers.go
- c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+ c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "unknown provider in exclusion list"})

The underlying errors.Is(err, auth.ErrUnknownModel) / errors.Is(err, auth.ErrUnknownProvider) check is preserved — only the response body changes.

Verification

Before the fix:

PUT /admin/v1/excluded-models    {"excluded":["not-a-real-model"]}
→ {"error":"auth: unknown model id: \"not-a-real-model\""}
 
PUT /admin/v1/excluded-providers {"excluded":["not-a-real-provider"]}
→ {"error":"auth: unknown provider: \"not-a-real-provider\""}

After the fix:

PUT /admin/v1/excluded-models    {"excluded":["not-a-real-model"]}
→ {"error":"unknown model id in exclusion list"}
 
PUT /admin/v1/excluded-providers {"excluded":["not-a-real-provider"]}
→ {"error":"unknown provider in exclusion list"}

make check — all 30 packages pass. fixes #535

…ndlers

handlers were returning err.Error() directly on unknown model/provider
400 responses, which leaked the internal Go package name prefix 'auth:'
to the client (e.g. 'auth: unknown model id: "..."'). All other error
responses in the admin API use static strings; align these two handlers
with that pattern.

Verified live: before returns 'auth: unknown model id: ...',
after returns 'unknown model id in exclusion list'.

Fixes: internal/api/admin/excluded_models.go:127
Fixes: internal/api/admin/excluded_providers.go:113
Signed-off-by: N Rohith Reddy <rohithreddy2202@gmail.com>
@greptile-apps

greptile-apps Bot commented Jun 26, 2026

Copy link
Copy Markdown

PR author is not in the allowed authors list.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Bug: Internal Go package name leaked in admin API 400 responses

1 participant