src/controllers/errors.js

'use strict';

const nconf = require('nconf');
const winston = require('winston');
const validator = require('validator');
const translator = require('../translator');
const plugins = require('../plugins');
const middleware = require('../middleware');
const middlewareHelpers = require('../middleware/helpers');
const helpers = require('./helpers');

exports.handleURIErrors = async function handleURIErrors(err, req, res, next) {
	// Handle cases where malformed URIs are passed in
	if (err instanceof URIError) {
		const cleanPath = req.path.replace(new RegExp(`^${nconf.get('relative_path')}`), '');
		const tidMatch = cleanPath.match(/^\/topic\/(\d+)\//);
		const cidMatch = cleanPath.match(/^\/category\/(\d+)\//);

		if (tidMatch) {
			res.redirect(nconf.get('relative_path') + tidMatch[0]);
		} else if (cidMatch) {
			res.redirect(nconf.get('relative_path') + cidMatch[0]);
		} else {
			winston.warn(`[controller] Bad request: ${req.path}`);
			if (req.path.startsWith(`${nconf.get('relative_path')}/api`)) {
				res.status(400).json({
					error: '[[global:400.title]]',
				});
			} else {
				await middleware.buildHeaderAsync(req, res);
				res.status(400).render('400', { error: validator.escape(String(err.message)) });
			}
		}
	} else {
		next(err);
	}
};

// this needs to have four arguments or express treats it as `(req, res, next)`
// don't remove `next`!
exports.handleErrors = async function handleErrors(err, req, res, next) { // eslint-disable-line no-unused-vars
	const cases = {
		EBADCSRFTOKEN: function () {
			winston.error(`${req.path}\n${err.message}`);
			res.sendStatus(403);
		},
		'blacklisted-ip': function () {
			res.status(403).type('text/plain').send(err.message);
		},
	};
	const defaultHandler = async function () {
		// Display NodeBB error page
		const status = parseInt(err.status, 10);
		if ((status === 302 || status === 308) && err.path) {
			return res.locals.isAPI ? res.set('X-Redirect', err.path).status(200).json(err.path) : res.redirect(nconf.get('relative_path') + err.path);
		}

		const path = String(req.path || '');

		if (path.startsWith(`${nconf.get('relative_path')}/api/v3`)) {
			let status = 500;
			if (err.message.startsWith('[[')) {
				status = 400;
				err.message = await translator.translate(err.message);
			}
			return helpers.formatApiResponse(status, res, err);
		}

		winston.error(`${req.originalUrl}\n${err.stack}`);
		res.status(status || 500);
		const data = {
			path: validator.escape(path),
			error: validator.escape(String(err.message)),
			bodyClass: middlewareHelpers.buildBodyClass(req, res),
		};
		if (res.locals.isAPI) {
			res.json(data);
		} else {
			await middleware.buildHeaderAsync(req, res);
			res.render('500', data);
		}
	};
	const data = await getErrorHandlers(cases);
	try {
		if (data.cases.hasOwnProperty(err.code)) {
			data.cases[err.code](err, req, res, defaultHandler);
		} else {
			await defaultHandler();
		}
	} catch (_err) {
		winston.error(`${req.originalUrl}\n${_err.stack}`);
		if (!res.headersSent) {
			res.status(500).send(_err.message);
		}
	}
};

async function getErrorHandlers(cases) {
	try {
		return await plugins.hooks.fire('filter:error.handle', {
			cases: cases,
		});
	} catch (err) {
		// Assume defaults
		winston.warn(`[errors/handle] Unable to retrieve plugin handlers for errors: ${err.message}`);
		return { cases };
	}
}
move out error and 404 controllers 2017-03-02 14:57:33 +03:00			`'use strict';`

chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const nconf = require('nconf');`
			`const winston = require('winston');`
			`const validator = require('validator');`
feat: internationalize API error messages 2021-07-09 11:40:05 -04:00			`const translator = require('../translator');`
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const plugins = require('../plugins');`
			`const middleware = require('../middleware');`
fix: return proper API-style response if exception caught by error handler on v3 routes [breaking] 2021-07-09 10:30:46 -04:00			`const middlewareHelpers = require('../middleware/helpers');`
			`const helpers = require('./helpers');`
move out error and 404 controllers 2017-03-02 14:57:33 +03:00
feat: add buildHeaderAsync (#8367) * feat: add buildHeaderAsync make helphers.notAllowed async * fix: remove csrf from buildHeader * fix: remove unused method, use middleware * fix: /post/pid redirect doesn't need buildHeader use buildHeaderAsync 2020-06-04 01:14:46 -04:00			`exports.handleURIErrors = async function handleURIErrors(err, req, res, next) {`
move out error and 404 controllers 2017-03-02 14:57:33 +03:00			`// Handle cases where malformed URIs are passed in`
			`if (err instanceof URIError) {`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			const cleanPath = req.path.replace(new RegExp(`^${nconf.get('relative_path')}`), '');
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const tidMatch = cleanPath.match(/^\/topic\/(\d+)\//);`
			`const cidMatch = cleanPath.match(/^\/category\/(\d+)\//);`
move out error and 404 controllers 2017-03-02 14:57:33 +03:00
			`if (tidMatch) {`
			`res.redirect(nconf.get('relative_path') + tidMatch[0]);`
			`} else if (cidMatch) {`
			`res.redirect(nconf.get('relative_path') + cidMatch[0]);`
			`} else {`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			winston.warn(`[controller] Bad request: ${req.path}`);
			if (req.path.startsWith(`${nconf.get('relative_path')}/api`)) {
move out error and 404 controllers 2017-03-02 14:57:33 +03:00			`res.status(400).json({`
			`error: '[[global:400.title]]',`
			`});`
			`} else {`
feat: add buildHeaderAsync (#8367) * feat: add buildHeaderAsync make helphers.notAllowed async * fix: remove csrf from buildHeader * fix: remove unused method, use middleware * fix: /post/pid redirect doesn't need buildHeader use buildHeaderAsync 2020-06-04 01:14:46 -04:00			`await middleware.buildHeaderAsync(req, res);`
			`res.status(400).render('400', { error: validator.escape(String(err.message)) });`
move out error and 404 controllers 2017-03-02 14:57:33 +03:00			`}`
			`}`
			`} else {`
			`next(err);`
			`}`
			`};`

			// this needs to have four arguments or express treats it as `(req, res, next)`
			// don't remove `next`!
refactor: catch errors from buildHeader in error handler :fire: 2021-10-21 10:28:27 -04:00			`exports.handleErrors = async function handleErrors(err, req, res, next) { // eslint-disable-line no-unused-vars`
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const cases = {`
closes #5925 2017-09-12 13:46:51 -04:00			`EBADCSRFTOKEN: function () {`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			winston.error(`${req.path}\n${err.message}`);
closes #5925 2017-09-12 13:46:51 -04:00			`res.sendStatus(403);`
			`},`
			`'blacklisted-ip': function () {`
			`res.status(403).type('text/plain').send(err.message);`
			`},`
			`};`
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const defaultHandler = async function () {`
closes #5925 2017-09-12 13:46:51 -04:00			`// Display NodeBB error page`
chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const status = parseInt(err.status, 10);`
closes #5925 2017-09-12 13:46:51 -04:00			`if ((status === 302 \|\| status === 308) && err.path) {`
Home route (#7039) * fix: WIP home fix * remove console.log * fix: #6949 on redis run all tests in subfolder /forum fix URI errors fix sping/ping 2018-11-30 21:35:57 -05:00			`return res.locals.isAPI ? res.set('X-Redirect', err.path).status(200).json(err.path) : res.redirect(nconf.get('relative_path') + err.path);`
closes #5925 2017-09-12 13:46:51 -04:00			`}`
move out error and 404 controllers 2017-03-02 14:57:33 +03:00
fix: return proper API-style response if exception caught by error handler on v3 routes [breaking] 2021-07-09 10:30:46 -04:00			`const path = String(req.path \|\| '');`
move out error and 404 controllers 2017-03-02 14:57:33 +03:00
fix: return proper API-style response if exception caught by error handler on v3 routes [breaking] 2021-07-09 10:30:46 -04:00			if (path.startsWith(`${nconf.get('relative_path')}/api/v3`)) {
feat: internationalize API error messages 2021-07-09 11:40:05 -04:00			`let status = 500;`
			`if (err.message.startsWith('[[')) {`
			`status = 400;`
			`err.message = await translator.translate(err.message);`
			`}`
			`return helpers.formatApiResponse(status, res, err);`
fix: return proper API-style response if exception caught by error handler on v3 routes [breaking] 2021-07-09 10:30:46 -04:00			`}`
move out error and 404 controllers 2017-03-02 14:57:33 +03:00
refactor: show full url on error log 2021-10-14 19:00:03 -04:00			winston.error(`${req.originalUrl}\n${err.stack}`);
fix: return proper API-style response if exception caught by error handler on v3 routes [breaking] 2021-07-09 10:30:46 -04:00			`res.status(status \|\| 500);`
feat: add bodyClass to 500 page 2021-06-18 09:55:08 -04:00			`const data = {`
			`path: validator.escape(path),`
			`error: validator.escape(String(err.message)),`
fix: return proper API-style response if exception caught by error handler on v3 routes [breaking] 2021-07-09 10:30:46 -04:00			`bodyClass: middlewareHelpers.buildBodyClass(req, res),`
feat: add bodyClass to 500 page 2021-06-18 09:55:08 -04:00			`};`
closes #5925 2017-09-12 13:46:51 -04:00			`if (res.locals.isAPI) {`
feat: add bodyClass to 500 page 2021-06-18 09:55:08 -04:00			`res.json(data);`
closes #5925 2017-09-12 13:46:51 -04:00			`} else {`
feat: add buildHeaderAsync (#8367) * feat: add buildHeaderAsync make helphers.notAllowed async * fix: remove csrf from buildHeader * fix: remove unused method, use middleware * fix: /post/pid redirect doesn't need buildHeader use buildHeaderAsync 2020-06-04 01:14:46 -04:00			`await middleware.buildHeaderAsync(req, res);`
feat: add bodyClass to 500 page 2021-06-18 09:55:08 -04:00			`res.render('500', data);`
closes #5925 2017-09-12 13:46:51 -04:00			`}`
			`};`
refactor: catch errors from buildHeader in error handler :fire: 2021-10-21 10:28:27 -04:00			`const data = await getErrorHandlers(cases);`
			`try {`
closes #5925 2017-09-12 13:46:51 -04:00			`if (data.cases.hasOwnProperty(err.code)) {`
fixed incorrect parameter passed into hook 2017-09-12 18:55:47 -04:00			`data.cases[err.code](err, req, res, defaultHandler);`
closes #5925 2017-09-12 13:46:51 -04:00			`} else {`
refactor: catch errors from buildHeader in error handler :fire: 2021-10-21 10:28:27 -04:00			`await defaultHandler();`
closes #5925 2017-09-12 13:46:51 -04:00			`}`
refactor: catch errors from buildHeader in error handler :fire: 2021-10-21 10:28:27 -04:00			`} catch (_err) {`
refactor: log error as well 2021-10-21 12:34:26 -04:00			winston.error(`${req.originalUrl}\n${_err.stack}`);
feat: show popular searches 2021-10-25 16:26:50 -04:00			`if (!res.headersSent) {`
			`res.status(500).send(_err.message);`
			`}`
refactor: catch errors from buildHeader in error handler :fire: 2021-10-21 10:28:27 -04:00			`}`
move out error and 404 controllers 2017-03-02 14:57:33 +03:00			`};`
refactor: catch errors from buildHeader in error handler :fire: 2021-10-21 10:28:27 -04:00
			`async function getErrorHandlers(cases) {`
			`try {`
			`return await plugins.hooks.fire('filter:error.handle', {`
			`cases: cases,`
			`});`
			`} catch (err) {`
			`// Assume defaults`
			winston.warn(`[errors/handle] Unable to retrieve plugin handlers for errors: ${err.message}`);
			`return { cases };`
			`}`
			`}`