fix: return client customized error, if present, on auth fail in playground

max-kammerer · max-kammerer · commit 52fd8fe9cacf · 2024-10-19T08:22:31.000+02:00
fixes #CORE-1134
diff --git a/packages/cubejs-api-gateway/src/gateway.ts b/packages/cubejs-api-gateway/src/gateway.ts
@@ -2225,10 +2225,18 @@ class ApiGateway {
     if (this.playgroundAuthSecret) {
       const systemCheckAuthFn = this.createCheckAuthSystemFn();
       return async (ctx, authorization) => {
+        // TODO: separate two auth workflows
         try {
           await mainCheckAuthFn(ctx, authorization);
-        } catch (error) {
-          await systemCheckAuthFn(ctx, authorization);
+        } catch (mainAuthError) {
+          try {
+            await systemCheckAuthFn(ctx, authorization);
+          } catch (playgroundAuthError) {
+            if (mainAuthError instanceof CubejsHandlerError) {
+              throw mainAuthError;
+            }
+            throw playgroundAuthError;
+          }
         }
       };
     }
diff --git a/packages/cubejs-api-gateway/test/auth.test.ts b/packages/cubejs-api-gateway/test/auth.test.ts
@@ -299,6 +299,45 @@ describe('test authorization', () => {
     expectSecurityContext(handlerMock.mock.calls[0][0].context.authInfo);
   });
 
+  test('custom checkAuth with CubejsHandlerError fail in playground', async () => {
+    const loggerMock = jest.fn(() => {
+      //
+    });
+
+    const expectSecurityContext = (securityContext) => {
+      expect(securityContext.uid).toEqual(5);
+      expect(securityContext.iat).toBeDefined();
+      expect(securityContext.exp).toBeDefined();
+    };
+
+    const handlerMock = jest.fn((req, res) => {
+      expectSecurityContext(req.context.securityContext);
+      expectSecurityContext(req.context.authInfo);
+
+      res.status(200).end();
+    });
+
+    const playgroundAuthSecret = 'playgroundSecret';
+
+    const token = generateAuthToken({ uid: 5, }, {});
+
+    const { app } = createApiGateway(handlerMock, loggerMock, {
+      playgroundAuthSecret,
+      checkAuth: async (req: Request, auth?: string) => {
+        throw new CubejsHandlerError(409, 'Error', 'Custom error');
+      }
+    });
+
+    const res = await request(app)
+      .get('/test-auth-fake')
+      .set('Authorization', `Authorization: ${token}`)
+      .expect(409);
+
+    expect(res.body).toMatchObject({
+      error: 'Custom error'
+    });
+  });
+
   test('custom checkAuth with deprecated authInfo', async () => {
     const loggerMock = jest.fn(() => {
       //
