fix(graphql): errors should not result in internal error (#120)

ComfortablyCoding · web-flow · commit 66b9d2789c30 · 2023-11-19T11:17:44.000-05:00
diff --git a/package.json b/package.json
@@ -27,10 +27,10 @@
 	},
 	"dependencies": {
 		"@sindresorhus/slugify": "1.1.0",
-		"lodash": "^4.17.21",
-		"yup": "^0.32.9",
 		"@strapi/strapi": "^4.14.0",
-		"@strapi/utils": "^4.14.0"
+		"@strapi/utils": "^4.14.0",
+		"lodash": "^4.17.21",
+		"yup": "^0.32.9"
 	},
 	"devDependencies": {
 		"eslint": "^8.53.0",
diff --git a/server/graphql/types.js b/server/graphql/types.js
@@ -3,6 +3,7 @@ const { getPluginService } = require('../utils/getPluginService');
 const { isValidFindSlugParams } = require('../utils/isValidFindSlugParams');
 const { hasRequiredModelScopes } = require('../utils/hasRequiredModelScopes');
 const { sanitizeOutput } = require('../utils/sanitizeOutput');
+const { ForbiddenError, ValidationError } = require('@strapi/utils').errors;
 
 const getCustomTypes = (strapi, nexus) => {
 	const { naming } = getPluginService('utils', 'graphql');
@@ -54,16 +55,23 @@ const getCustomTypes = (strapi, nexus) => {
 						const { modelName, slug, publicationState } = args;
 						const { auth } = ctx.state;
 
-						isValidFindSlugParams({
-							modelName,
-							slug,
-							modelsByName,
-							publicationState,
-						});
-
+						try {
+							isValidFindSlugParams({
+								modelName,
+								slug,
+								modelsByName,
+								publicationState,
+							});
+						} catch (error) {
+							throw new ValidationError(error.message);
+						}
 						const { uid, field, contentType } = modelsByName[modelName];
 
-						await hasRequiredModelScopes(strapi, uid, auth);
+						try {
+							await hasRequiredModelScopes(strapi, uid, auth);
+						} catch (error) {
+							throw new ForbiddenError();
+						}
 
 						// build query
 						let query = {
