Merge pull request #618 from felleslosninger/EIN-4937-html-feilrespons

EIN-4937: Add `/error` endpoint

Author: gne

src/main/java/no/einnsyn/backend/common/exceptions/models/TooManyRequestsException.java

@@ -0,0 +1,36 @@
+// Auto-generated from our API specification
+// https://github.com/felleslosninger/einnsyn-api-spec
+
+package no.einnsyn.backend.common.exceptions.models;
+
+import lombok.Getter;
+import no.einnsyn.backend.common.responses.models.ErrorResponse;
+
+@Getter
+public class TooManyRequestsException extends EInnsynException {
+
+  public TooManyRequestsException(String message, Throwable cause) {
+    super(message, cause, "tooManyRequests");
+  }
+
+  public TooManyRequestsException(String message) {
+    super(message, "tooManyRequests");
+  }
+
+  @Override
+  public ErrorResponse toClientResponse() {
+    return new ClientResponse(this.getMessage());
+  }
+
+  @Getter
+  public static class ClientResponse implements ErrorResponse {
+    protected final String type = "tooManyRequests";
+
+    protected String message;
+
+    public ClientResponse(String message) {
+      super();
+      this.message = message;
+    }
+  }
+}

src/main/java/no/einnsyn/backend/error/ApiErrorController.java

@@ -0,0 +1,84 @@
+package no.einnsyn.backend.error;
+
+import com.google.gson.Gson;
+import jakarta.servlet.RequestDispatcher;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import no.einnsyn.backend.common.exceptions.models.AuthenticationException;
+import no.einnsyn.backend.common.exceptions.models.AuthorizationException;
+import no.einnsyn.backend.common.exceptions.models.BadRequestException;
+import no.einnsyn.backend.common.exceptions.models.ConflictException;
+import no.einnsyn.backend.common.exceptions.models.InternalServerErrorException;
+import no.einnsyn.backend.common.exceptions.models.MethodNotAllowedException;
+import no.einnsyn.backend.common.exceptions.models.NotFoundException;
+import no.einnsyn.backend.common.exceptions.models.TooManyRequestsException;
+import no.einnsyn.backend.common.responses.models.ErrorResponse;
+import org.springframework.boot.webmvc.error.ErrorController;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class ApiErrorController implements ErrorController {
+
+  private final Gson gson;
+
+  public ApiErrorController(Gson gson) {
+    this.gson = gson;
+  }
+
+  @RequestMapping("/error")
+  public void error(HttpServletRequest request, HttpServletResponse response) throws IOException {
+    var status = resolveStatus(request);
+    var path = (String) request.getAttribute(RequestDispatcher.ERROR_REQUEST_URI);
+    var message = resolveMessage(status, path, request);
+    var errorResponse = buildErrorResponse(status, message);
+
+    // This is a JSON API. Never let /error fall back to view resolution.
+    response.setStatus(status.value());
+    response.setCharacterEncoding(StandardCharsets.UTF_8.name());
+    response.setContentType(MediaType.APPLICATION_JSON_VALUE);
+    response.getWriter().write(gson.toJson(errorResponse));
+  }
+
+  private HttpStatus resolveStatus(HttpServletRequest request) {
+    var statusCode = request.getAttribute(RequestDispatcher.ERROR_STATUS_CODE);
+    if (statusCode instanceof Integer integerStatus) {
+      var status = HttpStatus.resolve(integerStatus);
+      if (status != null) {
+        return status;
+      }
+    }
+    return HttpStatus.INTERNAL_SERVER_ERROR;
+  }
+
+  private String resolveMessage(HttpStatus status, String path, HttpServletRequest request) {
+    var errorMessage = request.getAttribute(RequestDispatcher.ERROR_MESSAGE);
+    if (errorMessage instanceof String message && !message.isBlank()) {
+      return message;
+    }
+
+    if (status == HttpStatus.NOT_FOUND && StringUtils.hasText(path)) {
+      return "No handler found: " + path;
+    }
+
+    return status.getReasonPhrase();
+  }
+
+  private ErrorResponse buildErrorResponse(HttpStatus status, String message) {
+    return switch (status) {
+      case BAD_REQUEST -> new BadRequestException.ClientResponse(message);
+      case UNAUTHORIZED -> new AuthenticationException.ClientResponse(message);
+      case FORBIDDEN -> new AuthorizationException.ClientResponse(message);
+      case NOT_FOUND -> new NotFoundException.ClientResponse(message);
+      case METHOD_NOT_ALLOWED -> new MethodNotAllowedException.ClientResponse(message);
+      case CONFLICT -> new ConflictException.ClientResponse(message);
+      case TOO_MANY_REQUESTS -> new TooManyRequestsException.ClientResponse(message);
+      default -> new InternalServerErrorException.ClientResponse(message);
+    };
+  }
+}

src/main/java/no/einnsyn/backend/error/EInnsynExceptionHandler.java

@@ -14,6 +14,7 @@
 import no.einnsyn.backend.common.exceptions.models.MethodNotAllowedException;
 import no.einnsyn.backend.common.exceptions.models.NetworkException;
 import no.einnsyn.backend.common.exceptions.models.NotFoundException;
+import no.einnsyn.backend.common.exceptions.models.TooManyRequestsException;
 import no.einnsyn.backend.common.exceptions.models.TooManyUnverifiedOrdersException;
 import no.einnsyn.backend.common.exceptions.models.ValidationException;
 import no.einnsyn.backend.common.exceptions.models.ValidationException.FieldError;
@@ -222,6 +223,20 @@ public ResponseEntity<Object> handleConflictException(ConflictException ex) {
     return ResponseEntity.status(httpStatus).body(clientResponse);
   }
 
+  /**
+   * Too many requests.
+   *
+   * @param ex the exception
+   * @return the response entity
+   */
+  @ExceptionHandler(TooManyRequestsException.class)
+  public ResponseEntity<Object> handleTooManyRequestsException(TooManyRequestsException ex) {
+    var httpStatus = HttpStatus.TOO_MANY_REQUESTS;
+    logAndCountWarning(ex, httpStatus);
+    var clientResponse = ex.toClientResponse();
+    return ResponseEntity.status(httpStatus).body(clientResponse);
+  }
+
   /**
    * Too many unverified orders.
    *

src/test/java/no/einnsyn/backend/common/exceptions/ErrorResponseTest.java

@@ -4,6 +4,8 @@
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
+import com.google.gson.JsonObject;
+import java.util.stream.Stream;
 import no.einnsyn.backend.EinnsynControllerTestBase;
 import no.einnsyn.backend.common.exceptions.models.AuthenticationException;
 import no.einnsyn.backend.common.exceptions.models.AuthorizationException;
@@ -12,12 +14,17 @@
 import no.einnsyn.backend.common.exceptions.models.InternalServerErrorException;
 import no.einnsyn.backend.common.exceptions.models.MethodNotAllowedException;
 import no.einnsyn.backend.common.exceptions.models.NotFoundException;
+import no.einnsyn.backend.common.exceptions.models.TooManyRequestsException;
 import no.einnsyn.backend.common.exceptions.models.ValidationException;
 import no.einnsyn.backend.entities.arkiv.models.ArkivDTO;
 import no.einnsyn.backend.entities.arkivdel.models.ArkivdelDTO;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.test.context.ActiveProfiles;
@@ -47,6 +54,42 @@ void testNotFound() throws Exception {
     assertNotNull(errorResponse.getMessage());
   }
 
+  @ParameterizedTest
+  @MethodSource("browserAcceptErrorResponses")
+  void testErrorResponsesWithBrowserAcceptHeaderReturnJson(
+      String endpoint, HttpStatus expectedStatus, String expectedType) throws Exception {
+    var headers = new HttpHeaders();
+    headers.setAccept(
+        MediaType.parseMediaTypes(
+            "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"));
+    var response = get(endpoint, headers);
+
+    assertEquals(expectedStatus, response.getStatusCode());
+    assertNotNull(response.getHeaders().getContentType());
+    assertTrue(MediaType.APPLICATION_JSON.isCompatibleWith(response.getHeaders().getContentType()));
+    var errorResponse = gson.fromJson(response.getBody(), JsonObject.class);
+    assertEquals(expectedType, errorResponse.get("type").getAsString());
+    assertNotNull(errorResponse.get("message"));
+  }
+
+  private static Stream<Arguments> browserAcceptErrorResponses() {
+    return Stream.of(
+        Arguments.of("/notfound", HttpStatus.NOT_FOUND, "notFound"),
+        Arguments.of("/validationTest/sendError/400", HttpStatus.BAD_REQUEST, "badRequest"),
+        Arguments.of(
+            "/validationTest/sendError/401", HttpStatus.UNAUTHORIZED, "authenticationError"),
+        Arguments.of("/validationTest/sendError/403", HttpStatus.FORBIDDEN, "authorizationError"),
+        Arguments.of(
+            "/validationTest/sendError/405", HttpStatus.METHOD_NOT_ALLOWED, "methodNotAllowed"),
+        Arguments.of("/validationTest/sendError/409", HttpStatus.CONFLICT, "conflict"),
+        Arguments.of(
+            "/validationTest/sendError/429", HttpStatus.TOO_MANY_REQUESTS, "tooManyRequests"),
+        Arguments.of(
+            "/validationTest/sendError/500",
+            HttpStatus.INTERNAL_SERVER_ERROR,
+            "internalServerError"));
+  }
+
   @Test
   void testMethodNotAllowedException() throws Exception {
     var journalpostJSON = getJournalpostJSON();
@@ -298,6 +341,16 @@ void testNotFoundException() throws Exception {
     assertNotNull(errorResponse.getMessage());
   }
 
+  @Test
+  void testTooManyRequestsException() throws Exception {
+    var response = get("/validationTest/tooManyRequests");
+    assertEquals(HttpStatus.TOO_MANY_REQUESTS, response.getStatusCode());
+    var errorResponse =
+        gson.fromJson(response.getBody(), TooManyRequestsException.ClientResponse.class);
+    assertEquals("tooManyRequests", errorResponse.getType());
+    assertNotNull(errorResponse.getMessage());
+  }
+
   @Test
   void testDataIntegrityViolationException() throws Exception {
     var response = get("/validationTest/dataIntegrityViolation");

src/test/java/no/einnsyn/backend/common/exceptions/ErrorResponseTestController.java

@@ -1,12 +1,16 @@
 package no.einnsyn.backend.common.exceptions;
 
+import jakarta.servlet.http.HttpServletResponse;
 import jakarta.validation.constraints.Min;
 import jakarta.validation.constraints.Pattern;
+import java.io.IOException;
 import no.einnsyn.backend.common.exceptions.models.BadRequestException;
 import no.einnsyn.backend.common.exceptions.models.NotFoundException;
+import no.einnsyn.backend.common.exceptions.models.TooManyRequestsException;
 import org.springframework.context.annotation.Profile;
 import org.springframework.dao.DataIntegrityViolationException;
 import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.transaction.TransactionSystemException;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -94,6 +98,12 @@ public ResponseEntity<String> testNotFound() throws NotFoundException {
     throw new NotFoundException("Simulated not found");
   }
 
+  /** Endpoint that throws a TooManyRequestsException. */
+  @GetMapping("/validationTest/tooManyRequests")
+  public ResponseEntity<String> testTooManyRequests() throws TooManyRequestsException {
+    throw new TooManyRequestsException("Simulated too many requests");
+  }
+
   /** Endpoint that throws a DataIntegrityViolationException. */
   @GetMapping("/validationTest/dataIntegrityViolation")
   public ResponseEntity<String> testDataIntegrityViolation() {
@@ -106,6 +116,18 @@ public ResponseEntity<String> testNoHandlerFound() throws NoHandlerFoundExceptio
     throw new NoHandlerFoundException("GET", "/nonexistent", new HttpHeaders());
   }
 
+  /** Endpoint that sends a configurable error status to exercise the /error controller path. */
+  @GetMapping("/validationTest/sendError/{statusCode}")
+  public void testSendError(@PathVariable Integer statusCode, HttpServletResponse response)
+      throws IOException {
+    var status = HttpStatus.resolve(statusCode);
+    if (status == null) {
+      throw new IllegalArgumentException("Unsupported status code: " + statusCode);
+    }
+
+    response.sendError(statusCode, "Simulated " + status);
+  }
+
   /**
    * Endpoint with @Min constraint with a blank message. When validation fails, the error has a
    * blank defaultMessage, triggering the codes fallback in resolveValidationMessage.