Merge pull request #6126 from Shopify/add-unauthorized-errors

Add error handling for unauthorized errors

Author: szluzero

packages/store/src/lib/base-command.ts

@@ -1,5 +1,4 @@
 import {FlagOptions} from './types.js'
-import {checkForUndefinedFieldError} from '../services/store/utils/graphql-errors.js'
 import Command from '@shopify/cli-kit/node/base-command'
 import {AbortError} from '@shopify/cli-kit/node/error'
 
@@ -13,11 +12,7 @@ export abstract class BaseBDCommand extends Command {
       await this.runCommand()
     } catch (error) {
       if (error instanceof Error) {
-        let errorMessage = error.message || 'An unknown error occurred'
-        if (checkForUndefinedFieldError(error)) {
-          errorMessage = `This command is in Early Accesss and is not yet available for the requested store(s).`
-        }
-
+        const errorMessage = error.message || 'An unknown error occurred'
         throw new AbortError(errorMessage)
       } else {
         throw error

packages/store/src/services/store/api/api-client.ts

@@ -45,7 +45,10 @@ export class ApiClient implements ApiClientInterface {
         this.createUnauthorizedHandler(),
       )
     } catch (error) {
-      throw this.handleError(error, 'startBulkDataStoreCopy')
+      throw this.handleError(error, 'startBulkDataStoreCopy', {
+        sourceStoreName: sourceShopDomain,
+        targetStoreName: targetShopDomain,
+      })
     }
   }
 
@@ -57,7 +60,9 @@ export class ApiClient implements ApiClientInterface {
     try {
       return await startBulkDataStoreExport(shopId, sourceShopDomain, token, this.createUnauthorizedHandler())
     } catch (error) {
-      throw this.handleError(error, 'startBulkDataStoreExport')
+      throw this.handleError(error, 'startBulkDataStoreExport', {
+        storeName: sourceShopDomain,
+      })
     }
   }
 
@@ -78,7 +83,9 @@ export class ApiClient implements ApiClientInterface {
         this.createUnauthorizedHandler(),
       )
     } catch (error) {
-      throw this.handleError(error, 'startBulkDataStoreImport')
+      throw this.handleError(error, 'startBulkDataStoreImport', {
+        storeName: targetShopDomain,
+      })
     }
   }
 
@@ -108,17 +115,64 @@ export class ApiClient implements ApiClientInterface {
     }
   }
 
-  private handleError(error: unknown, operationName: string): OperationError | ValidationError {
-    if (error instanceof OperationError || error instanceof ValidationError) {
-      return error
-    }
+  private handleError(
+    error: unknown,
+    operationName: string,
+    params?: {[key: string]: string},
+  ): OperationError | ValidationError {
     if (error instanceof ClientError) {
       const requestId = this.extractRequestIdFromError(error)
-      return new OperationError(operationName, ErrorCodes.GRAPHQL_API_ERROR, {}, requestId)
+      return new OperationError(operationName, ErrorCodes.GRAPHQL_API_ERROR, params, requestId)
     }
+
+    if (error?.constructor?.name === 'GraphQLClientError') {
+      const requestId = this.extractRequestIdFromErrorMessage(error)
+      const errors = (error as {errors?: {extensions?: {code?: string; fieldName?: string}}[]})?.errors
+
+      const unauthorizedError = this.handleUnauthorizedError(errors, operationName, params, requestId)
+      if (unauthorizedError) {
+        return unauthorizedError
+      }
+
+      if (this.isMissingEAAccess(errors)) {
+        return new OperationError(operationName, ErrorCodes.MISSING_EA_ACCESS, params, requestId)
+      }
+
+      return new OperationError(operationName, ErrorCodes.GRAPHQL_API_ERROR, params, requestId)
+    }
+
     throw error
   }
 
+  private isMissingEAAccess(errors?: {extensions?: {code?: string; fieldName?: string}}[]): boolean {
+    return (
+      errors?.some(
+        (err) => err.extensions?.code === 'undefinedField' && err.extensions?.fieldName?.includes('bulkDataStore'),
+      ) ?? false
+    )
+  }
+
+  private handleUnauthorizedError(
+    errors: {extensions?: {code?: string}}[] | undefined,
+    operationName: string,
+    params?: {[key: string]: string},
+    requestId?: string,
+  ): OperationError | null {
+    const isUnauthorized = errors?.some((err) => err.extensions?.code === 'UNAUTHORIZED') ?? false
+    if (!isUnauthorized) {
+      return null
+    }
+
+    if (operationName === 'startBulkDataStoreExport') {
+      return new OperationError(operationName, ErrorCodes.UNAUTHORIZED_EXPORT, params, requestId)
+    } else if (operationName === 'startBulkDataStoreImport') {
+      return new OperationError(operationName, ErrorCodes.UNAUTHORIZED_IMPORT, params, requestId)
+    } else if (operationName === 'startBulkDataStoreCopy') {
+      return new OperationError(operationName, ErrorCodes.UNAUTHORIZED_COPY, params, requestId)
+    }
+    return new OperationError(operationName, ErrorCodes.UNAUTHORIZED, params, requestId)
+  }
+
   private extractRequestIdFromError(error: unknown): string | undefined {
     if (error && typeof error === 'object' && 'response' in error) {
       const response = (error as {response?: {headers?: {get?: (key: string) => string | null}}}).response
@@ -128,4 +182,14 @@ export class ApiClient implements ApiClientInterface {
     }
     return undefined
   }
+
+  private extractRequestIdFromErrorMessage(error: unknown): string | undefined {
+    if (error && typeof error === 'object' && 'message' in error) {
+      const message = (error as {message?: string}).message
+      if (message) {
+        return message.match(/Request ID: ([\w-]+)/)?.[1] ?? undefined
+      }
+    }
+    return undefined
+  }
 }

packages/store/src/services/store/errors/errors.test.ts

@@ -82,6 +82,26 @@ describe('Error message generation', () => {
       'Network error',
     )
     expect(new OperationError('upload', ErrorCodes.STAGED_UPLOAD_FAILED).message).toBe('Failed to create staged upload')
+
+    // Unauthorized errors
+    expect(
+      new OperationError('export', ErrorCodes.UNAUTHORIZED_EXPORT, {storeName: 'test-store.myshopify.com'}).message,
+    ).toBe(
+      "You are not authorized to export bulk data from store \"test-store.myshopify.com\"\n\nTo export you'll need the 'bulk data > export' permission",
+    )
+    expect(
+      new OperationError('import', ErrorCodes.UNAUTHORIZED_IMPORT, {storeName: 'test-store.myshopify.com'}).message,
+    ).toBe(
+      "You are not authorized to import bulk data to store \"test-store.myshopify.com\"\n\nTo import you'll need the 'bulk data > import' permission",
+    )
+    expect(
+      new OperationError('copy', ErrorCodes.UNAUTHORIZED_COPY, {
+        sourceStoreName: 'source.myshopify.com',
+        targetStoreName: 'target.myshopify.com',
+      }).message,
+    ).toBe(
+      "You are not authorized to copy data between these stores\n\nTo export data from \"source.myshopify.com\"\n• You'll need the 'bulk data > export' permission\n\nTo import data to \"target.myshopify.com\"\n• You'll need the 'bulk data > import' permission",
+    )
   })
 
   test('should generate correct GRAPHQL_API_ERROR messages with request IDs', () => {
@@ -113,3 +133,96 @@ describe('OperationError with Request ID', () => {
     expect(error.message).toContain('Request Id: unknown')
   })
 })
+
+describe('Unauthorized Error Codes', () => {
+  test('should create UNAUTHORIZED_EXPORT error with store name', () => {
+    const error = new OperationError('startBulkDataStoreExport', ErrorCodes.UNAUTHORIZED_EXPORT, {
+      storeName: 'test-store.myshopify.com',
+    })
+
+    expect(error).toBeInstanceOf(OperationError)
+    expect(error.operation).toBe('startBulkDataStoreExport')
+    expect(error.code).toBe(ErrorCodes.UNAUTHORIZED_EXPORT)
+    expect(error.params).toEqual({storeName: 'test-store.myshopify.com'})
+    expect(error.message).toBe(
+      "You are not authorized to export bulk data from store \"test-store.myshopify.com\"\n\nTo export you'll need the 'bulk data > export' permission",
+    )
+  })
+
+  test('should create UNAUTHORIZED_IMPORT error with store name', () => {
+    const error = new OperationError('startBulkDataStoreImport', ErrorCodes.UNAUTHORIZED_IMPORT, {
+      storeName: 'target-store.myshopify.com',
+    })
+
+    expect(error).toBeInstanceOf(OperationError)
+    expect(error.operation).toBe('startBulkDataStoreImport')
+    expect(error.code).toBe(ErrorCodes.UNAUTHORIZED_IMPORT)
+    expect(error.params).toEqual({storeName: 'target-store.myshopify.com'})
+    expect(error.message).toBe(
+      "You are not authorized to import bulk data to store \"target-store.myshopify.com\"\n\nTo import you'll need the 'bulk data > import' permission",
+    )
+  })
+
+  test('should create UNAUTHORIZED_COPY error with source and target store names', () => {
+    const error = new OperationError('startBulkDataStoreCopy', ErrorCodes.UNAUTHORIZED_COPY, {
+      sourceStoreName: 'source.myshopify.com',
+      targetStoreName: 'target.myshopify.com',
+    })
+
+    expect(error).toBeInstanceOf(OperationError)
+    expect(error.operation).toBe('startBulkDataStoreCopy')
+    expect(error.code).toBe(ErrorCodes.UNAUTHORIZED_COPY)
+    expect(error.params).toEqual({
+      sourceStoreName: 'source.myshopify.com',
+      targetStoreName: 'target.myshopify.com',
+    })
+    expect(error.message).toBe(
+      "You are not authorized to copy data between these stores\n\nTo export data from \"source.myshopify.com\"\n• You'll need the 'bulk data > export' permission\n\nTo import data to \"target.myshopify.com\"\n• You'll need the 'bulk data > import' permission",
+    )
+  })
+
+  test('should create unauthorized errors with request IDs', () => {
+    const exportError = new OperationError(
+      'startBulkDataStoreExport',
+      ErrorCodes.UNAUTHORIZED_EXPORT,
+      {
+        storeName: 'test-store.myshopify.com',
+      },
+      'export-request-123',
+    )
+
+    expect(exportError.requestId).toBe('export-request-123')
+    expect(exportError.message).toBe(
+      "You are not authorized to export bulk data from store \"test-store.myshopify.com\"\n\nTo export you'll need the 'bulk data > export' permission",
+    )
+
+    const importError = new OperationError(
+      'startBulkDataStoreImport',
+      ErrorCodes.UNAUTHORIZED_IMPORT,
+      {
+        storeName: 'test-store.myshopify.com',
+      },
+      'import-request-456',
+    )
+
+    expect(importError.requestId).toBe('import-request-456')
+    expect(importError.message).toBe(
+      "You are not authorized to import bulk data to store \"test-store.myshopify.com\"\n\nTo import you'll need the 'bulk data > import' permission",
+    )
+
+    const copyError = new OperationError(
+      'startBulkDataStoreCopy',
+      ErrorCodes.UNAUTHORIZED_COPY,
+      {
+        sourceStoreName: 'source.myshopify.com',
+        targetStoreName: 'target.myshopify.com',
+      },
+      'copy-request-789',
+    )
+
+    expect(copyError.requestId).toBe('copy-request-789')
+    expect(copyError.message).toBe(
+      "You are not authorized to copy data between these stores\n\nTo export data from \"source.myshopify.com\"\n• You'll need the 'bulk data > export' permission\n\nTo import data to \"target.myshopify.com\"\n• You'll need the 'bulk data > import' permission",
+    )
+  })
+})

packages/store/src/services/store/errors/errors.ts

@@ -23,6 +23,13 @@ export const ErrorCodes = {
   FILE_DOWNLOAD_FAILED: 'FILE_DOWNLOAD_FAILED',
   STAGED_UPLOAD_FAILED: 'STAGED_UPLOAD_FAILED',
   GRAPHQL_API_ERROR: 'GRAPHQL_API_ERROR',
+
+  // Unauthorized errors
+  UNAUTHORIZED: 'UNAUTHORIZED',
+  UNAUTHORIZED_EXPORT: 'UNAUTHORIZED_EXPORT',
+  UNAUTHORIZED_IMPORT: 'UNAUTHORIZED_IMPORT',
+  UNAUTHORIZED_COPY: 'UNAUTHORIZED_COPY',
+  MISSING_EA_ACCESS: 'MISSING_EA_ACCESS',
 } as const
 
 interface ErrorParams {
@@ -110,6 +117,22 @@ function generateErrorMessage(code: string, params?: ErrorParams, requestId?: st
       return `Copy could not complete due to an API request failure\n\nRequest Id: ${finalRequestId}`
     }
 
+    // Unauthorized errors
+    case ErrorCodes.UNAUTHORIZED:
+      return 'You are not authorized to perform this operation'
+    case ErrorCodes.UNAUTHORIZED_EXPORT:
+      return `You are not authorized to export bulk data from store "${params?.storeName}"\n\nTo export you'll need the 'bulk data > export' permission`
+    case ErrorCodes.UNAUTHORIZED_IMPORT:
+      return `You are not authorized to import bulk data to store "${params?.storeName}"\n\nTo import you'll need the 'bulk data > import' permission`
+    case ErrorCodes.UNAUTHORIZED_COPY:
+      return (
+        `You are not authorized to copy data between these stores\n\nTo export data from "${params?.sourceStoreName}"\n` +
+        `• You'll need the 'bulk data > export' permission\n\nTo import data to "${params?.targetStoreName}"\n` +
+        `• You'll need the 'bulk data > import' permission`
+      )
+    case ErrorCodes.MISSING_EA_ACCESS:
+      return `This command is in Early Access and is not yet available for the requested store(s).`
+
     default:
       return 'An error occurred'
   }

packages/store/src/services/store/operations/store-copy.test.ts

@@ -242,5 +242,60 @@ describe('StoreCopyOperation', () => {
       expect(error.requestId).toBeUndefined()
       expect(error.code).toBe(ErrorCodes.GRAPHQL_API_ERROR)
     })
+
+    test('should get copy-specific unauthorized error from API client', async () => {
+      const unauthorizedError = new OperationError(
+        'startBulkDataStoreCopy',
+        ErrorCodes.UNAUTHORIZED_COPY,
+        {sourceStoreName: 'source.myshopify.com', targetStoreName: 'target.myshopify.com'},
+        'copy-request-unauthorized-789',
+      )
+      mockApiClient.startBulkDataStoreCopy.mockRejectedValue(unauthorizedError)
+
+      vi.mocked(renderTasks).mockImplementationOnce(async (tasks: any[]) => {
+        const ctx: any = {}
+        for (const task of tasks) {
+          // eslint-disable-next-line no-await-in-loop
+          await task.task(ctx, task)
+        }
+        return ctx
+      })
+
+      const promise = operation.execute('source.myshopify.com', 'target.myshopify.com', {'no-prompt': true})
+      await expect(promise).rejects.toThrow(OperationError)
+      await expect(promise).rejects.toMatchObject({
+        operation: 'startBulkDataStoreCopy',
+        code: ErrorCodes.UNAUTHORIZED_COPY,
+        params: {sourceStoreName: 'source.myshopify.com', targetStoreName: 'target.myshopify.com'},
+        requestId: 'copy-request-unauthorized-789',
+      })
+    })
+
+    test('should get missing EA access error from API client', async () => {
+      const missingEAError = new OperationError(
+        'startBulkDataStoreCopy',
+        ErrorCodes.MISSING_EA_ACCESS,
+        {},
+        'copy-request-ea-789',
+      )
+      mockApiClient.startBulkDataStoreCopy.mockRejectedValue(missingEAError)
+
+      vi.mocked(renderTasks).mockImplementationOnce(async (tasks: any[]) => {
+        const ctx: any = {}
+        for (const task of tasks) {
+          // eslint-disable-next-line no-await-in-loop
+          await task.task(ctx, task)
+        }
+        return ctx
+      })
+
+      const promise = operation.execute('source.myshopify.com', 'target.myshopify.com', {'no-prompt': true})
+      await expect(promise).rejects.toThrow(OperationError)
+      await expect(promise).rejects.toMatchObject({
+        operation: 'startBulkDataStoreCopy',
+        code: ErrorCodes.MISSING_EA_ACCESS,
+        requestId: 'copy-request-ea-789',
+      })
+    })
   })
 })