Skip to content

Commit 9cecbdd

Browse files
darkbasicdarkbasic
committed
fix: return proper unmasked 401 errors when unauthorized
1 parent b784af6 commit 9cecbdd

File tree

3 files changed

+40
-6
lines changed

3 files changed

+40
-6
lines changed

modules/module-core/src/utils/authenticated-resolver.ts

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
import { GraphQLError } from 'graphql';
2+
13
export const authenticated =
24
<
35
CustomRoot,
@@ -18,7 +20,12 @@ export const authenticated =
1820
return func(root, args, context, info);
1921
}
2022
if (!context.userId && !context.user) {
21-
throw new Error('Unauthorized');
23+
throw new GraphQLError('Unauthorized', {
24+
extensions: {
25+
code: 'UNAUTHENTICATED',
26+
http: { status: 401 },
27+
},
28+
});
2229
}
2330
return func(root, args, context, info);
2431
};

modules/module-password/src/resolvers/mutation.ts

Lines changed: 25 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,13 +7,19 @@ import {
77
} from '@accounts/password';
88
import { AccountsServer, AccountsJsError } from '@accounts/server';
99
import { MutationResolvers } from '../models';
10+
import { GraphQLError } from 'graphql';
1011

1112
export const Mutation: MutationResolvers = {
1213
addEmail: async (_, { newEmail }, ctx) => {
1314
const { user, injector } = ctx;
1415

1516
if (!(user && user.id)) {
16-
throw new Error('Unauthorized');
17+
throw new GraphQLError('Unauthorized', {
18+
extensions: {
19+
code: 'UNAUTHENTICATED',
20+
http: { status: 401 },
21+
},
22+
});
1723
}
1824

1925
const userId = user.id;
@@ -25,7 +31,12 @@ export const Mutation: MutationResolvers = {
2531
const { user, injector } = ctx;
2632

2733
if (!(user && user.id)) {
28-
throw new Error('Unauthorized');
34+
throw new GraphQLError('Unauthorized', {
35+
extensions: {
36+
code: 'UNAUTHENTICATED',
37+
http: { status: 401 },
38+
},
39+
});
2940
}
3041

3142
const userId = user.id;
@@ -81,7 +92,12 @@ export const Mutation: MutationResolvers = {
8192

8293
// Make sure user is logged in
8394
if (!(user && user.id)) {
84-
throw new Error('Unauthorized');
95+
throw new GraphQLError('Unauthorized', {
96+
extensions: {
97+
code: 'UNAUTHENTICATED',
98+
http: { status: 401 },
99+
},
100+
});
85101
}
86102

87103
const userId = user.id;
@@ -94,7 +110,12 @@ export const Mutation: MutationResolvers = {
94110

95111
// Make sure user is logged in
96112
if (!(user && user.id)) {
97-
throw new Error('Unauthorized');
113+
throw new GraphQLError('Unauthorized', {
114+
extensions: {
115+
code: 'UNAUTHENTICATED',
116+
http: { status: 401 },
117+
},
118+
});
98119
}
99120

100121
const userId = user.id;

modules/module-password/src/resolvers/query.ts

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
import { GraphQLError } from 'graphql';
12
import { QueryResolvers } from '../models';
23
import { AccountsPassword } from '@accounts/password';
34

@@ -7,7 +8,12 @@ export const Query: QueryResolvers = {
78

89
// Make sure user is logged in
910
if (!(user && user.id)) {
10-
throw new Error('Unauthorized');
11+
throw new GraphQLError('Unauthorized', {
12+
extensions: {
13+
code: 'UNAUTHENTICATED',
14+
http: { status: 401 },
15+
},
16+
});
1117
}
1218

1319
// https://github.com/speakeasyjs/speakeasy/blob/master/index.js#L517

0 commit comments

Comments
 (0)