feat: improve client error handing (#383)

* feat: improve clients error handing

* feat: improve logic + add tests

* refactor: rework a little + improvements

* chore: remove useless test

Author: GuillaumeDecMeetsMore

clients/javascript/lib/baseClient.ts

@@ -12,6 +12,7 @@ import {
   NotFoundError,
   UnauthorizedError,
   UnprocessableEntityError,
+  sanitizeErrorData,
 } from './helpers/errors'
 
 /**
@@ -126,14 +127,20 @@ export abstract class NitteiBaseClient {
       // We handle the errors ourselves in the `handleStatusCode` call below
       // This is just in case
       if (error instanceof AxiosError) {
+        const sanitizedErrorData = sanitizeErrorData(
+          error?.response?.data ??
+            (error.cause as Error)?.message ??
+            error.message
+        )
         throw new Error(
-          `Request failed with ${error?.status ? `status code ${error.status}` : 'no status code'} (${error?.response?.data ?? (error.cause as Error)?.message ?? error.toJSON()})`
+          `Request failed with ${error?.status ? `status code ${error.status}` : 'no status code'} (${sanitizedErrorData})`
         )
       }
       // This might happen if we don't have any status code
-      throw new Error(
-        `Unknown error (no status code) (${(error as Error)?.message ?? error})`
+      const sanitizedErrorData = sanitizeErrorData(
+        (error as Error)?.message ?? String(error)
       )
+      throw new Error(`Unknown error (no status code) (${sanitizedErrorData})`)
     }
 
     if (!res) {
@@ -261,30 +268,33 @@ export abstract class NitteiBaseClient {
    */
   private handleStatusCode(res: AxiosResponse): void {
     if (res.status >= 500) {
+      const sanitizedErrorString = sanitizeErrorData(res.data)
       throw new Error(
-        `Internal server error, please try again later (${res.status}) (${res.data})`
+        `Internal server error, please try again later (${res.status}) (${sanitizedErrorString})`
       )
     }
 
     if (res.status >= 400) {
+      const sanitizedErrorData = sanitizeErrorData(res.data)
+
       if (res.status === 400) {
-        throw new BadRequestError(res.data)
+        throw new BadRequestError(sanitizedErrorData)
       }
       if (res.status === 401 || res.status === 403) {
-        throw new UnauthorizedError(res.data)
+        throw new UnauthorizedError(sanitizedErrorData)
       }
       if (res.status === 404) {
-        throw new NotFoundError(res.data)
+        throw new NotFoundError(sanitizedErrorData)
       }
       if (res.status === 409) {
-        throw new ConflictError(res.data)
+        throw new ConflictError(sanitizedErrorData)
       }
       if (res.status === 422) {
-        throw new UnprocessableEntityError(res.data)
+        throw new UnprocessableEntityError(sanitizedErrorData)
       }
 
       throw new Error(
-        `Request failed with status code ${res.status} (${res.data})`
+        `Request failed with status code ${res.status} (${sanitizedErrorData})`
       )
     }
   }

clients/javascript/lib/helpers/errors.ts

@@ -8,6 +8,7 @@ export class BadRequestError extends Error {
    */
   constructor(public apiMessage: string) {
     super('Bad request')
+    this.name = 'BadRequestError'
   }
 }
 
@@ -21,6 +22,7 @@ export class NotFoundError extends Error {
    */
   constructor(public apiMessage: string) {
     super('Not found')
+    this.name = 'NotFoundError'
   }
 }
 
@@ -34,6 +36,7 @@ export class UnauthorizedError extends Error {
    */
   constructor(public apiMessage: string) {
     super('Unauthorized')
+    this.name = 'UnauthorizedError'
   }
 }
 
@@ -48,6 +51,7 @@ export class ConflictError extends Error {
    */
   constructor(public apiMessage: string) {
     super('Conflict')
+    this.name = 'ConflictError'
   }
 }
 
@@ -62,5 +66,109 @@ export class UnprocessableEntityError extends Error {
    */
   constructor(public apiMessage: string) {
     super('Unprocessable entity')
+    this.name = 'UnprocessableEntityError'
   }
 }
+
+/**
+ * Sanitizes error response data to prevent leaking sensitive information
+ * while preserving useful error details for debugging
+ * @param data - error response data
+ * @returns error as a string
+ */
+export function sanitizeErrorData(data: unknown): string {
+  if (!data) {
+    return 'Unknown error'
+  }
+
+  // If it's already a string, check if it looks like sensitive data
+  if (typeof data === 'string') {
+    // Remove potential tokens, API keys, passwords, etc.
+    return data
+      .replace(
+        /(?:token|key|password|secret|auth)['":\s]*["']?[A-Za-z0-9+/=._-]{10,}["']?/gi,
+        '[REDACTED]'
+      )
+      .replace(/Bearer\s+[A-Za-z0-9+/=._-]+/gi, 'Bearer [REDACTED]')
+      .trim()
+  }
+
+  // If it's an object, extract safe error message
+  if (typeof data === 'object' && data !== null) {
+    const errorObj = data as Record<string, unknown>
+
+    // Common error message fields
+    const messageFields = [
+      'message',
+      'error',
+      'detail',
+      'description',
+      'reason',
+    ]
+
+    for (const field of messageFields) {
+      if (typeof errorObj[field] === 'string') {
+        return sanitizeErrorData(errorObj[field])
+      }
+    }
+
+    // If no message field found, return sanitized JSON string
+    try {
+      const sanitizedObj = sanitizeObject(errorObj)
+      return JSON.stringify(sanitizedObj)
+    } catch {
+      return 'Error parsing server response'
+    }
+  }
+
+  // For other types, convert to string safely
+  return String(data).replace(/[A-Za-z0-9+/=._-]{32,}/g, '[REDACTED]')
+}
+
+/**
+ * Recursively sanitizes an object, removing potentially sensitive values
+ * @param obj - object to sanitize
+ * @returns sanitized object
+ */
+function sanitizeObject(obj: Record<string, unknown>): Record<string, unknown> {
+  const sanitized: Record<string, unknown> = {}
+
+  for (const [key, value] of Object.entries(obj)) {
+    // Skip potentially sensitive keys
+    const sensitiveKeys = [
+      'token',
+      'key',
+      'password',
+      'secret',
+      'auth',
+      'authorization',
+      'credential',
+    ]
+    if (
+      sensitiveKeys.some(sensitiveKey =>
+        key.toLowerCase().includes(sensitiveKey)
+      )
+    ) {
+      sanitized[key] = '[REDACTED]'
+      continue
+    }
+
+    if (typeof value === 'string') {
+      sanitized[key] = sanitizeErrorData(value)
+    } else if (typeof value === 'object' && value !== null) {
+      if (Array.isArray(value)) {
+        sanitized[key] = value.map(item =>
+          typeof item === 'object' && item !== null
+            ? sanitizeObject(item as Record<string, unknown>)
+            : sanitizeErrorData(item)
+        )
+      } else {
+        sanitized[key] = sanitizeObject(value as Record<string, unknown>)
+      }
+    } else {
+      sanitized[key] = value
+    }
+  }
+
+  return sanitized
+}

clients/javascript/package.json

@@ -53,6 +53,7 @@
     "@types/uuid": "10.0.0",
     "jest": "30.2.0",
     "jsonwebtoken": "9.0.2",
+    "nock": "14.0.10",
     "ts-jest": "29.4.4",
     "tsup": "8.5.0",
     "tsx": "4.20.6",