feat: Removing stack trace info in production env (#11657)

* feat: Hiding stack traces in production env * sytle * style * style * add SPDX * move ./error.js to ./misc/error.js * revert: remove frontend changes * feat: Hiding stack traces in production env * feat: Hiding stack traces in production env * revert * revert * revert * change and fix * revert * fix queue endpoint test --------- Co-authored-by: tamaina <[email protected]> Co-authored-by: Kagami Sascha Rosylight <[email protected]>
misskey-dev · Aug 21, 2023 · 388448f · 388448f
1 parent 50ec129
commit 388448f
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 7 deletions.
diff --git a/packages/backend/src/server/web/ClientServerService.ts b/packages/backend/src/server/web/ClientServerService.ts
@@ -148,18 +148,18 @@ export class ClientServerService {
 			if (url === bullBoardPath || url.startsWith(bullBoardPath + '/')) {
 				const token = request.cookies.token;
 				if (token == null) {
-					reply.code(401);
-					throw new Error('login required');
+					reply.code(401).send('Login required');
+					return;
 				}
 				const user = await this.usersRepository.findOneBy({ token });
 				if (user == null) {
-					reply.code(403);
-					throw new Error('no such user');
+					reply.code(403).send('No such user');
+					return;
 				}
 				const isAdministrator = await this.roleService.isAdministrator(user);
 				if (!isAdministrator) {
-					reply.code(403);
-					throw new Error('access denied');
+					reply.code(403).send('Access denied');
+					return;
 				}
 			}
 		});

diff --git a/packages/backend/test/e2e/fetch-resource.ts b/packages/backend/test/e2e/fetch-resource.ts
@@ -34,6 +34,8 @@ describe('Webリソース', () => {
 	let aliceGalleryPost: any;
 	let aliceChannel: any;
 
+	let bob: misskey.entities.MeSignup;
+
 	type Request = {
 		path: string,
 		accept?: string,
@@ -90,6 +92,8 @@ describe('Webリソース', () => {
 			fileIds: [aliceUploadedFile.body.id],
 		});
 		aliceChannel = await channel(alice, {});
+
+		bob = await signup({ username: 'alice' });
 	}, 1000 * 60 * 2);
 
 	afterAll(async () => {
@@ -163,9 +167,15 @@ describe('Webリソース', () => {
 	});
 
 	describe.each([{ path: '/queue' }])('$path', ({ path }) => {
+		test('はログインしないとGETできない。', async () => await notOk({
+			path,
+			status: 401,
+		}));
+
 		test('はadminでなければGETできない。', async () => await notOk({
 			path,
-			status: 500, // FIXME? 403ではない。
+			cookie: cookie(bob),
+			status: 403,
 		}));
 
 		test('はadminならGETできる。', async () => await ok({