feat: hide textual errors on internal server errors

gfyrag · gfyrag · commit 0d0d266740e4 · 2025-03-17T09:53:51.000+01:00
diff --git a/internal/api/common/errors.go b/internal/api/common/errors.go
@@ -3,7 +3,9 @@ package common
 import (
 	"errors"
 	"github.com/formancehq/go-libs/v2/api"
+	"github.com/formancehq/go-libs/v2/logging"
 	"github.com/formancehq/go-libs/v2/platform/postgres"
+	"go.opentelemetry.io/otel/trace"
 	"net/http"
 )
 
@@ -31,6 +33,15 @@ func HandleCommonErrors(w http.ResponseWriter, r *http.Request, err error) {
 	case errors.Is(err, postgres.ErrTooManyClient{}):
 		api.WriteErrorResponse(w, http.StatusServiceUnavailable, api.ErrorInternal, err)
 	default:
-		api.InternalServerError(w, r, err)
+		InternalServerError(w, r, err)
 	}
 }
+
+func InternalServerError(w http.ResponseWriter, r *http.Request, err error) {
+	span := trace.SpanFromContext(r.Context())
+	if span != nil {
+		span.RecordError(err)
+	}
+	logging.FromContext(r.Context()).Error(err)
+	api.WriteErrorResponse(w, http.StatusInternalServerError, api.ErrorInternal, errors.New("Internal error. Consult logs/traces to have more details."))
+}
diff --git a/internal/api/common/middleware_resolver.go b/internal/api/common/middleware_resolver.go
@@ -40,7 +40,7 @@ func LedgerMiddleware(
 				case postgres.IsNotFoundError(err):
 					api.WriteErrorResponse(w, http.StatusNotFound, "LEDGER_NOT_FOUND", err)
 				default:
-					api.InternalServerError(w, r, err)
+					InternalServerError(w, r, err)
 				}
 				return
 			}
@@ -65,7 +65,7 @@ func LedgerMiddleware(
 			if !excluded {
 				isUpToDate, err := l.IsDatabaseUpToDate(ctx)
 				if err != nil {
-					api.InternalServerError(w, r, err)
+					InternalServerError(w, r, err)
 					return
 				}
 				if !isUpToDate {
diff --git a/internal/api/v1/middleware_auto_create_ledger.go b/internal/api/v1/middleware_auto_create_ledger.go
@@ -26,7 +26,7 @@ func autoCreateMiddleware(backend system.Controller, tracer trace.Tracer) func(h
 			ledgerName := chi.URLParam(r, "ledger")
 			if _, err := backend.GetLedger(ctx, ledgerName); err != nil {
 				if !postgres.IsNotFoundError(err) {
-					api.InternalServerError(w, r, err)
+					common.InternalServerError(w, r, err)
 					return
 				}
 
@@ -37,7 +37,7 @@ func autoCreateMiddleware(backend system.Controller, tracer trace.Tracer) func(h
 					case errors.Is(err, ledger.ErrInvalidLedgerName{}):
 						api.BadRequest(w, common.ErrValidation, err)
 					default:
-						api.InternalServerError(w, r, err)
+						common.InternalServerError(w, r, err)
 					}
 					return
 				}
diff --git a/internal/api/v2/controllers_bulk.go b/internal/api/v2/controllers_bulk.go
@@ -43,7 +43,7 @@ func bulkHandler(bulkerFactory bulking.BulkerFactory, bulkHandlerFactories map[s
 			},
 		)
 		if err != nil {
-			api.InternalServerError(w, r, err)
+			common.InternalServerError(w, r, err)
 			return
 		}
 
diff --git a/internal/api/v2/controllers_ledgers_create.go b/internal/api/v2/controllers_ledgers_create.go
@@ -20,7 +20,7 @@ func createLedger(systemController system.Controller) http.HandlerFunc {
 		configuration := ledger.Configuration{}
 		data, err := io.ReadAll(r.Body)
 		if err != nil && !errors.Is(err, io.EOF) {
-			api.InternalServerError(w, r, err)
+			common.InternalServerError(w, r, err)
 			return
 		}
 
diff --git a/internal/api/v2/controllers_logs_import.go b/internal/api/v2/controllers_logs_import.go
@@ -36,14 +36,14 @@ func importLogs(w http.ResponseWriter, r *http.Request) {
 				close(stream)
 				break
 			} else {
-				api.InternalServerError(w, r, err)
+				common.InternalServerError(w, r, err)
 				return
 			}
 		}
 		select {
 		case stream <- l:
 		case <-r.Context().Done():
-			api.InternalServerError(w, r, r.Context().Err())
+			common.InternalServerError(w, r, r.Context().Err())
 			return
 		case err := <-errChan:
 			handleError(err)
@@ -57,7 +57,7 @@ func importLogs(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	case <-r.Context().Done():
-		api.InternalServerError(w, r, r.Context().Err())
+		common.InternalServerError(w, r, r.Context().Err())
 		return
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ func LedgerMiddleware(`
`40`	`40`	`case postgres.IsNotFoundError(err):`
`41`	`41`	`api.WriteErrorResponse(w, http.StatusNotFound, "LEDGER_NOT_FOUND", err)`
`42`	`42`	`default:`
`43`		`- api.InternalServerError(w, r, err)`
	`43`	`+ InternalServerError(w, r, err)`
`44`	`44`	`}`
`45`	`45`	`return`
`46`	`46`	`}`
`@@ -65,7 +65,7 @@ func LedgerMiddleware(`
`65`	`65`	`if !excluded {`
`66`	`66`	`isUpToDate, err := l.IsDatabaseUpToDate(ctx)`
`67`	`67`	`if err != nil {`
`68`		`- api.InternalServerError(w, r, err)`
	`68`	`+ InternalServerError(w, r, err)`
`69`	`69`	`return`
`70`	`70`	`}`
`71`	`71`	`if !isUpToDate {`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ func autoCreateMiddleware(backend system.Controller, tracer trace.Tracer) func(h`
`26`	`26`	`ledgerName := chi.URLParam(r, "ledger")`
`27`	`27`	`if _, err := backend.GetLedger(ctx, ledgerName); err != nil {`
`28`	`28`	`if !postgres.IsNotFoundError(err) {`
`29`		`- api.InternalServerError(w, r, err)`
	`29`	`+ common.InternalServerError(w, r, err)`
`30`	`30`	`return`
`31`	`31`	`}`
`32`	`32`
`@@ -37,7 +37,7 @@ func autoCreateMiddleware(backend system.Controller, tracer trace.Tracer) func(h`
`37`	`37`	`case errors.Is(err, ledger.ErrInvalidLedgerName{}):`
`38`	`38`	`api.BadRequest(w, common.ErrValidation, err)`
`39`	`39`	`default:`
`40`		`- api.InternalServerError(w, r, err)`
	`40`	`+ common.InternalServerError(w, r, err)`
`41`	`41`	`}`
`42`	`42`	`return`
`43`	`43`	`}`
Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ func bulkHandler(bulkerFactory bulking.BulkerFactory, bulkHandlerFactories map[s`
`43`	`43`	`},`
`44`	`44`	`)`
`45`	`45`	`if err != nil {`
`46`		`- api.InternalServerError(w, r, err)`
	`46`	`+ common.InternalServerError(w, r, err)`
`47`	`47`	`return`
`48`	`48`	`}`
`49`	`49`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ func createLedger(systemController system.Controller) http.HandlerFunc {`
`20`	`20`	`configuration := ledger.Configuration{}`
`21`	`21`	`data, err := io.ReadAll(r.Body)`
`22`	`22`	`if err != nil && !errors.Is(err, io.EOF) {`
`23`		`- api.InternalServerError(w, r, err)`
	`23`	`+ common.InternalServerError(w, r, err)`
`24`	`24`	`return`
`25`	`25`	`}`
`26`	`26`
Original file line number	Diff line number	Diff line change
`@@ -36,14 +36,14 @@ func importLogs(w http.ResponseWriter, r *http.Request) {`
`36`	`36`	`close(stream)`
`37`	`37`	`break`
`38`	`38`	`} else {`
`39`		`- api.InternalServerError(w, r, err)`
	`39`	`+ common.InternalServerError(w, r, err)`
`40`	`40`	`return`
`41`	`41`	`}`
`42`	`42`	`}`
`43`	`43`	`select {`
`44`	`44`	`case stream <- l:`
`45`	`45`	`case <-r.Context().Done():`
`46`		`- api.InternalServerError(w, r, r.Context().Err())`
	`46`	`+ common.InternalServerError(w, r, r.Context().Err())`
`47`	`47`	`return`
`48`	`48`	`case err := <-errChan:`
`49`	`49`	`handleError(err)`
`@@ -57,7 +57,7 @@ func importLogs(w http.ResponseWriter, r *http.Request) {`
`57`	`57`	`return`
`58`	`58`	`}`
`59`	`59`	`case <-r.Context().Done():`
`60`		`- api.InternalServerError(w, r, r.Context().Err())`
	`60`	`+ common.InternalServerError(w, r, r.Context().Err())`
`61`	`61`	`return`
`62`	`62`	`}`
`63`	`63`