Remove old AuthorizationError.

rkistner · rkistner · commit 563a96e243bc · 2025-05-07T13:46:30.000+02:00
diff --git a/libs/lib-services/src/router/endpoint.ts b/libs/lib-services/src/router/endpoint.ts
@@ -17,7 +17,7 @@ export const executeEndpoint = async <I, O, C, P extends EndpointHandlerPayload<
   const authorizer_response = await endpoint.authorize?.(payload);
   if (authorizer_response && !authorizer_response.authorized) {
     if (authorizer_response.error == null) {
-      throw new errors.AuthorizationError2(errors.ErrorCode.PSYNC_S2101, 'Authorization failed');
+      throw new errors.AuthorizationError(errors.ErrorCode.PSYNC_S2101, 'Authorization failed');
     }
     throw authorizer_response.error;
   }
diff --git a/modules/module-postgres/src/auth/SupabaseKeyCollector.ts b/modules/module-postgres/src/auth/SupabaseKeyCollector.ts
@@ -4,7 +4,7 @@ import * as pgwire from '@powersync/service-jpgwire';
 import * as jose from 'jose';
 
 import * as types from '../types/types.js';
-import { AuthorizationError2, ErrorCode } from '@powersync/lib-services-framework';
+import { AuthorizationError, ErrorCode } from '@powersync/lib-services-framework';
 
 /**
  * Fetches key from the Supabase database.
@@ -45,7 +45,7 @@ export class SupabaseKeyCollector implements auth.KeyCollector {
       row = rows[0] as any;
     } catch (e) {
       if (e.message?.includes('unrecognized configuration parameter')) {
-        throw new AuthorizationError2(
+        throw new AuthorizationError(
           ErrorCode.PSYNC_S2201,
           'No JWT secret found in Supabase database. Manually configure the secret.'
         );
@@ -58,7 +58,7 @@ export class SupabaseKeyCollector implements auth.KeyCollector {
       return {
         keys: [],
         errors: [
-          new AuthorizationError2(
+          new AuthorizationError(
             ErrorCode.PSYNC_S2201,
             'No JWT secret found in Supabase database. Manually configure the secret.'
           )
diff --git a/packages/rsocket-router/src/router/ReactiveSocketRouter.ts b/packages/rsocket-router/src/router/ReactiveSocketRouter.ts
@@ -72,7 +72,7 @@ export class ReactiveSocketRouter<C> {
           // Throwing an exception in this context will be returned to the client side request
           if (!payload.metadata) {
             // Meta data is required for endpoint handler path matching
-            throw new errors.AuthorizationError('No context meta data provided');
+            throw new errors.AuthorizationError(ErrorCode.PSYNC_S2101, 'No context meta data provided');
           }
 
           const context = await params.contextProvider(payload.metadata!);
@@ -167,7 +167,7 @@ export async function handleReactiveStream<Context>(
     });
     if (!isAuthorized.authorized) {
       return exitWithError(
-        isAuthorized.error ?? new errors.AuthorizationError2(ErrorCode.PSYNC_S2101, 'Authorization failed')
+        isAuthorized.error ?? new errors.AuthorizationError(ErrorCode.PSYNC_S2101, 'Authorization failed')
       );
     }
   }
diff --git a/packages/service-core/src/auth/CachedKeyCollector.ts b/packages/service-core/src/auth/CachedKeyCollector.ts
@@ -3,7 +3,7 @@ import timers from 'timers/promises';
 import { KeySpec } from './KeySpec.js';
 import { LeakyBucket } from './LeakyBucket.js';
 import { KeyCollector, KeyResult } from './KeyCollector.js';
-import { AuthorizationError2 } from '@powersync/lib-services-framework';
+import { AuthorizationError } from '@powersync/lib-services-framework';
 import { mapAuthConfigError } from './utils.js';
 
 /**
@@ -41,7 +41,7 @@ export class CachedKeyCollector implements KeyCollector {
    */
   private keyExpiry = 3600000;
 
-  private currentErrors: AuthorizationError2[] = [];
+  private currentErrors: AuthorizationError[] = [];
   /**
    * Indicates a "fatal" error that should be retried.
    */
diff --git a/packages/service-core/src/auth/CompoundKeyCollector.ts b/packages/service-core/src/auth/CompoundKeyCollector.ts
@@ -1,7 +1,7 @@
 import * as jose from 'jose';
 import { KeySpec } from './KeySpec.js';
 import { KeyCollector, KeyResult } from './KeyCollector.js';
-import { AuthorizationError2 } from '@powersync/lib-services-framework';
+import { AuthorizationError } from '@powersync/lib-services-framework';
 
 export class CompoundKeyCollector implements KeyCollector {
   private collectors: KeyCollector[];
@@ -16,7 +16,7 @@ export class CompoundKeyCollector implements KeyCollector {
 
   async getKeys(): Promise<KeyResult> {
     let keys: KeySpec[] = [];
-    let errors: AuthorizationError2[] = [];
+    let errors: AuthorizationError[] = [];
     const promises = this.collectors.map((collector) =>
       collector.getKeys().then((result) => {
         keys.push(...result.keys);
diff --git a/packages/service-core/src/auth/KeyCollector.ts b/packages/service-core/src/auth/KeyCollector.ts
@@ -1,4 +1,4 @@
-import { AuthorizationError2 } from '@powersync/lib-services-framework';
+import { AuthorizationError } from '@powersync/lib-services-framework';
 import { KeySpec } from './KeySpec.js';
 
 export interface KeyCollector {
@@ -22,6 +22,6 @@ export interface KeyCollector {
 }
 
 export interface KeyResult {
-  errors: AuthorizationError2[];
+  errors: AuthorizationError[];
   keys: KeySpec[];
 }
diff --git a/packages/service-core/src/auth/KeyStore.ts b/packages/service-core/src/auth/KeyStore.ts
@@ -1,4 +1,4 @@
-import { logger, errors, AuthorizationError2, ErrorCode } from '@powersync/lib-services-framework';
+import { logger, errors, AuthorizationError, ErrorCode } from '@powersync/lib-services-framework';
 import * as jose from 'jose';
 import secs from '../util/secs.js';
 import { JwtPayload } from './JwtPayload.js';
@@ -69,7 +69,7 @@ export class KeyStore<Collector extends KeyCollector = KeyCollector> {
         return audiences.includes(a);
       })
     ) {
-      throw new AuthorizationError2(
+      throw new AuthorizationError(
         ErrorCode.PSYNC_S2105,
         `Unexpected "aud" claim value: ${JSON.stringify(tokenPayload.aud)}`,
         { sensitiveDetails: `Current configuration allows these audience values: ${JSON.stringify(audiences)}` }
@@ -82,15 +82,15 @@ export class KeyStore<Collector extends KeyCollector = KeyCollector> {
     // is too far into the future.
     const maxAge = keyOptions.maxLifetimeSeconds ?? secs(options.maxAge);
     if (tokenDuration > maxAge) {
-      throw new AuthorizationError2(
+      throw new AuthorizationError(
         ErrorCode.PSYNC_S2104,
         `Token must expire in a maximum of ${maxAge} seconds, got ${tokenDuration}s`
       );
     }
 
     const parameters = tokenPayload.parameters;
     if (parameters != null && (Array.isArray(parameters) || typeof parameters != 'object')) {
-      throw new AuthorizationError2(ErrorCode.PSYNC_S2101, `Payload parameters must be an object`);
+      throw new AuthorizationError(ErrorCode.PSYNC_S2101, `Payload parameters must be an object`);
     }
 
     return tokenPayload as JwtPayload;
@@ -119,7 +119,7 @@ export class KeyStore<Collector extends KeyCollector = KeyCollector> {
       for (let key of keys) {
         if (key.kid == kid) {
           if (!key.matchesAlgorithm(header.alg)) {
-            throw new AuthorizationError2(ErrorCode.PSYNC_S2101, `Unexpected token algorithm ${header.alg}`, {
+            throw new AuthorizationError(ErrorCode.PSYNC_S2101, `Unexpected token algorithm ${header.alg}`, {
               sensitiveDetails: `Key kid: ${key.source.kid}, alg: ${key.source.alg}, kty: ${key.source.kty}`
             });
           }
@@ -154,7 +154,7 @@ export class KeyStore<Collector extends KeyCollector = KeyCollector> {
         logger.error(`Failed to refresh keys`, e);
       });
 
-      throw new AuthorizationError2(
+      throw new AuthorizationError(
         ErrorCode.PSYNC_S2101,
         'Could not find an appropriate key in the keystore. The key is missing or no key matched the token KID',
         {
diff --git a/packages/service-core/src/auth/RemoteJWKSCollector.ts b/packages/service-core/src/auth/RemoteJWKSCollector.ts
@@ -4,7 +4,7 @@ import * as jose from 'jose';
 import fetch from 'node-fetch';
 
 import {
-  AuthorizationError2,
+  AuthorizationError,
   ErrorCode,
   LookupOptions,
   makeHostnameLookupFunction,
@@ -63,7 +63,7 @@ export class RemoteJWKSCollector implements KeyCollector {
     });
 
     if (!res.ok) {
-      throw new AuthorizationError2(ErrorCode.PSYNC_S2204, `JWKS request failed with ${res.statusText}`, {
+      throw new AuthorizationError(ErrorCode.PSYNC_S2204, `JWKS request failed with ${res.statusText}`, {
         sensitiveDetails: `JWKS URL: ${this.url}`
       });
     }
@@ -81,7 +81,7 @@ export class RemoteJWKSCollector implements KeyCollector {
       return {
         keys: [],
         errors: [
-          new AuthorizationError2(ErrorCode.PSYNC_S2204, `JWKS request failed with ${res.statusText}`, {
+          new AuthorizationError(ErrorCode.PSYNC_S2204, `JWKS request failed with ${res.statusText}`, {
             sensitiveDetails: `JWKS URL: ${this.url}. Response:\n${JSON.stringify(data, null, 2)}`
           })
         ]
diff --git a/packages/service-core/src/auth/utils.ts b/packages/service-core/src/auth/utils.ts
@@ -1,34 +1,34 @@
-import { AuthorizationError2, ErrorCode } from '@powersync/lib-services-framework';
+import { AuthorizationError, ErrorCode } from '@powersync/lib-services-framework';
 import * as jose from 'jose';
 
-export function mapJoseError(error: jose.errors.JOSEError): AuthorizationError2 {
+export function mapJoseError(error: jose.errors.JOSEError): AuthorizationError {
   // TODO: improved message for exp issues, etc
   if (error.code === 'ERR_JWS_INVALID' || error.code === 'ERR_JWT_INVALID') {
-    throw new AuthorizationError2(ErrorCode.PSYNC_S2101, 'Token is not a well-formed JWT. Check the token format.', {
+    throw new AuthorizationError(ErrorCode.PSYNC_S2101, 'Token is not a well-formed JWT. Check the token format.', {
       details: error.message
     });
   }
-  return new AuthorizationError2(ErrorCode.PSYNC_S2101, error.message, { cause: error });
+  return new AuthorizationError(ErrorCode.PSYNC_S2101, error.message, { cause: error });
 }
 
-export function mapAuthError(error: any): AuthorizationError2 {
-  if (error instanceof AuthorizationError2) {
+export function mapAuthError(error: any): AuthorizationError {
+  if (error instanceof AuthorizationError) {
     return error;
   } else if (error instanceof jose.errors.JOSEError) {
     return mapJoseError(error);
   }
-  return new AuthorizationError2(ErrorCode.PSYNC_S2101, error.message, { cause: error });
+  return new AuthorizationError(ErrorCode.PSYNC_S2101, error.message, { cause: error });
 }
 
-export function mapJoseConfigError(error: jose.errors.JOSEError): AuthorizationError2 {
-  return new AuthorizationError2(ErrorCode.PSYNC_S2201, error.message, { cause: error });
+export function mapJoseConfigError(error: jose.errors.JOSEError): AuthorizationError {
+  return new AuthorizationError(ErrorCode.PSYNC_S2201, error.message, { cause: error });
 }
 
-export function mapAuthConfigError(error: any): AuthorizationError2 {
-  if (error instanceof AuthorizationError2) {
+export function mapAuthConfigError(error: any): AuthorizationError {
+  if (error instanceof AuthorizationError) {
     return error;
   } else if (error instanceof jose.errors.JOSEError) {
     return mapJoseConfigError(error);
   }
-  return new AuthorizationError2(ErrorCode.PSYNC_S2201, error.message, { cause: error });
+  return new AuthorizationError(ErrorCode.PSYNC_S2201, error.message, { cause: error });
 }
diff --git a/packages/service-core/src/routes/auth.ts b/packages/service-core/src/routes/auth.ts
@@ -4,7 +4,7 @@ import * as auth from '../auth/auth-index.js';
 import { ServiceContext } from '../system/ServiceContext.js';
 import * as util from '../util/util-index.js';
 import { BasicRouterRequest, Context, RequestEndpointHandlerPayload } from './router.js';
-import { AuthorizationError2, AuthorizationResponse, ErrorCode, ServiceError } from '@powersync/lib-services-framework';
+import { AuthorizationError, AuthorizationResponse, ErrorCode, ServiceError } from '@powersync/lib-services-framework';
 
 export function endpoint(req: BasicRouterRequest) {
   const protocol = req.headers['x-forwarded-proto'] ?? req.protocol;
@@ -105,7 +105,7 @@ export async function authorizeUser(context: Context, authHeader: string = ''):
   if (token == null) {
     return {
       authorized: false,
-      error: new AuthorizationError2(ErrorCode.PSYNC_S2106, 'Authentication required')
+      error: new AuthorizationError(ErrorCode.PSYNC_S2106, 'Authentication required')
     };
   }
 
diff --git a/packages/service-core/src/routes/configure-rsocket.ts b/packages/service-core/src/routes/configure-rsocket.ts
@@ -26,15 +26,15 @@ export function configureRSocket(router: ReactiveSocketRouter<Context>, options:
       const { token, user_agent } = RSocketContextMeta.decode(deserialize(data) as any);
 
       if (!token) {
-        throw new errors.AuthorizationError2(ErrorCode.PSYNC_S2106, 'No token provided');
+        throw new errors.AuthorizationError(ErrorCode.PSYNC_S2106, 'No token provided');
       }
 
       try {
         const extracted_token = getTokenFromHeader(token);
         if (extracted_token != null) {
           const { context, tokenError } = await generateContext(options.service_context, extracted_token);
           if (context?.token_payload == null) {
-            throw new errors.AuthorizationError2(ErrorCode.PSYNC_S2106, 'Authentication required');
+            throw new errors.AuthorizationError(ErrorCode.PSYNC_S2106, 'Authentication required');
           }
 
           if (!service_context.routerEngine) {
@@ -50,7 +50,7 @@ export function configureRSocket(router: ReactiveSocketRouter<Context>, options:
           };
         } else {
           // Token field is present, but did not contain a token.
-          throw new errors.AuthorizationError2(ErrorCode.PSYNC_S2106, 'No valid token provided');
+          throw new errors.AuthorizationError(ErrorCode.PSYNC_S2106, 'No valid token provided');
         }
       } catch (ex) {
         logger.error(ex);
diff --git a/packages/service-errors/src/errors.ts b/packages/service-errors/src/errors.ts
@@ -160,19 +160,6 @@ export class ReplicationAbortedError extends ServiceError {
 }
 
 export class AuthorizationError extends ServiceError {
-  static readonly CODE = ErrorCode.PSYNC_S2101;
-
-  constructor(errors: any) {
-    super({
-      code: AuthorizationError.CODE,
-      status: 401,
-      description: 'Authorization failed',
-      details: errors
-    });
-  }
-}
-
-export class AuthorizationError2 extends ServiceError {
   constructor(
     code: ErrorCode,
     description: string,

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ export const executeEndpoint = async <I, O, C, P extends EndpointHandlerPayload<`
`17`	`17`	`const authorizer_response = await endpoint.authorize?.(payload);`
`18`	`18`	`if (authorizer_response && !authorizer_response.authorized) {`
`19`	`19`	`if (authorizer_response.error == null) {`
`20`		`- throw new errors.AuthorizationError2(errors.ErrorCode.PSYNC_S2101, 'Authorization failed');`
	`20`	`+ throw new errors.AuthorizationError(errors.ErrorCode.PSYNC_S2101, 'Authorization failed');`
`21`	`21`	`}`
`22`	`22`	`throw authorizer_response.error;`
`23`	`23`	`}`
Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,7 @@ export class ReactiveSocketRouter<C> {`
`72`	`72`	`// Throwing an exception in this context will be returned to the client side request`
`73`	`73`	`if (!payload.metadata) {`
`74`	`74`	`// Meta data is required for endpoint handler path matching`
`75`		`- throw new errors.AuthorizationError('No context meta data provided');`
	`75`	`+ throw new errors.AuthorizationError(ErrorCode.PSYNC_S2101, 'No context meta data provided');`
`76`	`76`	`}`
`77`	`77`
`78`	`78`	`const context = await params.contextProvider(payload.metadata!);`
`@@ -167,7 +167,7 @@ export async function handleReactiveStream<Context>(`
`167`	`167`	`});`
`168`	`168`	`if (!isAuthorized.authorized) {`
`169`	`169`	`return exitWithError(`
`170`		`- isAuthorized.error ?? new errors.AuthorizationError2(ErrorCode.PSYNC_S2101, 'Authorization failed')`
	`170`	`+ isAuthorized.error ?? new errors.AuthorizationError(ErrorCode.PSYNC_S2101, 'Authorization failed')`
`171`	`171`	`);`
`172`	`172`	`}`
`173`	`173`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-import { AuthorizationError2 } from '@powersync/lib-services-framework';`
	`1`	`+import { AuthorizationError } from '@powersync/lib-services-framework';`
`2`	`2`	`import { KeySpec } from './KeySpec.js';`
`3`	`3`
`4`	`4`	`export interface KeyCollector {`
`@@ -22,6 +22,6 @@ export interface KeyCollector {`
`22`	`22`	`}`
`23`	`23`
`24`	`24`	`export interface KeyResult {`
`25`		`- errors: AuthorizationError2[];`
	`25`	`+ errors: AuthorizationError[];`
`26`	`26`	`keys: KeySpec[];`
`27`	`27`	`}`