feat: Removing stack trace info in production env (#11657)

* feat: Hiding stack traces in production env * sytle * style * style * add SPDX * move ./error.js to ./misc/error.js * revert: remove frontend changes * feat: Hiding stack traces in production env * feat: Hiding stack traces in production env * revert * revert * revert * change and fix * revert * fix queue endpoint test --------- Co-authored-by: tamaina <tamaina@hotmail.co.jp> Co-authored-by: Kagami Sascha Rosylight <saschanaz@outlook.com>
2023-08-21 16:21:57 +08:00 · 2023-08-21 16:21:57 +08:00 · 388448f298
parent 50ec129b87
commit 388448f298
2 changed files with 17 additions and 7 deletions
--- a/packages/backend/src/server/web/ClientServerService.ts
+++ b/packages/backend/src/server/web/ClientServerService.ts
@ -148,18 +148,18 @@ export class ClientServerService {
 			if (url === bullBoardPath || url.startsWith(bullBoardPath + '/')) {
 				const token = request.cookies.token;
 				if (token == null) {
-					reply.code(401);
-					throw new Error('login required');
+					reply.code(401).send('Login required');
+					return;
 				}
 				const user = await this.usersRepository.findOneBy({ token });
 				if (user == null) {
-					reply.code(403);
-					throw new Error('no such user');
+					reply.code(403).send('No such user');
+					return;
 				}
 				const isAdministrator = await this.roleService.isAdministrator(user);
 				if (!isAdministrator) {
-					reply.code(403);
-					throw new Error('access denied');
+					reply.code(403).send('Access denied');
+					return;
 				}
 			}
 		});
--- a/packages/backend/test/e2e/fetch-resource.ts
+++ b/packages/backend/test/e2e/fetch-resource.ts
@ -34,6 +34,8 @@ describe('Webリソース', () => {
 	let aliceGalleryPost: any;
 	let aliceChannel: any;

+	let bob: misskey.entities.MeSignup;
+
 	type Request = {
 		path: string,
 		accept?: string,
@ -90,6 +92,8 @@ describe('Webリソース', () => {
 			fileIds: [aliceUploadedFile.body.id],
 		});
 		aliceChannel = await channel(alice, {});
+
+		bob = await signup({ username: 'alice' });
 	}, 1000 * 60 * 2);

 	afterAll(async () => {
@ -163,9 +167,15 @@ describe('Webリソース', () => {
 	});

 	describe.each([{ path: '/queue' }])('$path', ({ path }) => {
+		test('はログインしないとGETできない。', async () => await notOk({
+			path,
+			status: 401,
+		}));
+
 		test('はadminでなければGETできない。', async () => await notOk({
 			path,
-			status: 500, // FIXME? 403ではない。
+			cookie: cookie(bob),
+			status: 403,
 		}));

 		test('はadminならGETできる。', async () => await ok({