Skip to content

Update error response URL for project settings #7613

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 15, 2025
Merged

Update error response URL for project settings #7613

merged 1 commit into from
Jul 15, 2025
+11 −6

Conversation

@jnsdls
Copy link
Member

@jnsdls jnsdls commented Jul 14, 2025
edited by coderabbitai bot
Loading

Update error response URL in service-utils

This PR updates the error response URLs in the service-utils package to point to the project-specific settings page instead of the generic API key creation page. The new URLs follow the format https://thirdweb.com/${team.slug}/${project.slug}/settings, providing users with a direct link to manage restrictions for their specific project.

The changes affect error messages for:

  • Unauthorized domains
  • Unauthorized bundle IDs
  • Unauthorized services
  • Unauthorized service actions

Summary by CodeRabbit

  • Bug Fixes

    • Updated error messages for unauthorized access to provide project-specific URLs, directing users to the relevant project settings page for more accurate guidance.

  • Chores

    • Added documentation to track the patch update related to error response URLs.

PR-Codex overview

This PR updates the error messages in the service-utils package to provide more specific URLs for project settings instead of the general API key creation page, enhancing clarity for users regarding restrictions.

Detailed summary

  • Updated errorMessage in authorizeClient for unauthorized domain to link to project settings.
  • Updated errorMessage in authorizeClient for unauthorized Bundle ID to link to project settings.
  • Updated errorMessage in authorizeService for unauthorized service to link to project settings.
  • Updated errorMessage in authorizeService for unauthorized action to link to project settings.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

@vercel
Copy link

vercel bot commented Jul 14, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
docs-v2 ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 15, 2025 0:21am
nebula ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 15, 2025 0:21am
thirdweb_playground ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 15, 2025 0:21am
thirdweb-www ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 15, 2025 0:21am
wallet-ui ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 15, 2025 0:21am

@changeset-bot
Copy link

changeset-bot bot commented Jul 14, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 34d2fdd

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@thirdweb-dev/service-utils Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jul 14, 2025
edited
Loading

Walkthrough

The changes update error messages across several authorization-related modules to provide project-specific URLs in their responses. Instead of generic dashboard or API key creation links, the error messages now include URLs with the relevant team and project slugs, guiding users to the specific project settings page. No logic or public API changes were made.

Changes

File(s) Change Summary
.changeset/ninety-heads-work.md Added a changeset documenting a patch update for project-specific error response URLs in @thirdweb-dev/service-utils.
packages/service-utils/src/core/authorize/client.ts
packages/service-utils/src/core/authorize/service.ts		 Updated error messages to include project-specific settings URLs using team and project slugs.
packages/service-utils/src/core/authorize/client.test.ts Updated test assertions to match new error message formats with project-specific URLs.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant AuthorizeService
    participant Project

    Client->>AuthorizeService: Request authorization (with domain/bundle ID/service)
    AuthorizeService->>Project: Validate authorization
    Project-->>AuthorizeService: Respond with authorization status
    alt Unauthorized
        AuthorizeService-->>Client: Return error with project-specific settings URL
    else Authorized
        AuthorizeService-->>Client: Return success response
    end
Loading
📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 71efe7a and 34d2fdd.

📒 Files selected for processing (4)
  • .changeset/ninety-heads-work.md (1 hunks)
  • packages/service-utils/src/core/authorize/client.test.ts (2 hunks)
  • packages/service-utils/src/core/authorize/client.ts (2 hunks)
  • packages/service-utils/src/core/authorize/service.ts (2 hunks)
🚧 Files skipped from review as they are similar to previous changes (4)
  • packages/service-utils/src/core/authorize/service.ts
  • .changeset/ninety-heads-work.md
  • packages/service-utils/src/core/authorize/client.ts
  • packages/service-utils/src/core/authorize/client.test.ts
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)
  • GitHub Check: E2E Tests (pnpm, esbuild)
  • GitHub Check: E2E Tests (pnpm, vite)
  • GitHub Check: E2E Tests (pnpm, webpack)
  • GitHub Check: Unit Tests
  • GitHub Check: Size
  • GitHub Check: Build Packages
  • GitHub Check: Lint Packages
  • GitHub Check: Analyze (javascript)
✨ Finishing Touches
  • 📝 Generate Docstrings
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@jnsdls jnsdls marked this pull request as ready for review July 14, 2025 21:43
@jnsdls Graphite App
Copy link
Member Author

jnsdls commented Jul 14, 2025
edited
Loading

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

  • merge-queue - adds this PR to the back of the merge queue
  • hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

@jnsdls jnsdls requested a review from a team as a code owner July 14, 2025 21:43
@codecov
Copy link

codecov bot commented Jul 14, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 56.44%. Comparing base (a7544f7) to head (34d2fdd).
Report is 2 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #7613   +/-   ##
=======================================
  Coverage   56.44%   56.44%           
=======================================
  Files         906      906           
  Lines       58126    58126           
  Branches     4228     4228           
=======================================
  Hits        32811    32811           
  Misses      25205    25205           
  Partials      110      110
Flag Coverage Δ
packages 56.44% <ø> (ø)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

coderabbitai[bot]
coderabbitai bot reviewed Jul 14, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (4)
packages/service-utils/src/core/authorize/service.ts (1)

44-47: Extract a reusable helper for project-settings URLs

The two error messages duplicate the string interpolation logic for
https://thirdweb.com/${team.slug}/${project.slug}/settings.
Consider a small util (e.g. getProjectSettingsUrl(team, project)) to:

  1. keep messages DRY,
  2. ensure future path format changes are applied in one place,
  3. allow optional encodeURIComponent on slugs to guard against unexpected chars.

This would also let you update the earlier generic link at line 23 for consistency.

Also applies to: 58-61

packages/service-utils/src/core/authorize/client.ts (1)

62-66: Duplicate string interpolation → same helper would reduce brittleness

The dynamic project-settings URL appears in both domain and bundle-ID branches.
A shared helper placed in utils/url.ts (or similar) would:

  • eliminate repetition across client.ts, service.ts, and tests,
  • centralise URL-encoding / path changes,
  • shorten the if-branches to focus on core auth logic.

Example:

-import …;
+import { projectSettingsUrl } from "../utils/url.js";-errorMessage: `Invalid request: Unauthorized domain: ${origin}. You can view the restrictions for this project at https://thirdweb.com/${team.slug}/${project.slug}/settings`,
+errorMessage: `Invalid request: Unauthorized domain: ${origin}. You can view the restrictions for this project at ${projectSettingsUrl(team, project)}`,

Also applies to: 81-85

packages/service-utils/src/core/authorize/client.test.ts (1)

81-84: Prefer partial-match assertions to reduce test fragility

Asserting the entire error string causes tests to fail on any copy tweak or
URL change. Instead use:

expect(result.errorMessage).toContain("Unauthorized Bundle ID: com.foo.bar");
expect(result.errorMessage).toContain("/test-team/test-project/settings");

Same for the domain test below.
This keeps intent clear while decoupling tests from wording minutiae.

Also applies to: 102-105

.changeset/ninety-heads-work.md (1)

1-5: Expand the changeset summary

A one-liner like “update error response url” doesn’t convey impact.
Consider mentioning that error messages now contain project-specific settings
links, affecting authorize/{client,service}.ts and related tests.
Helps downstream consumers understand the patch without diffing.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bd3d645 and 71efe7a.

📒 Files selected for processing (4)
  • .changeset/ninety-heads-work.md (1 hunks)
  • packages/service-utils/src/core/authorize/client.test.ts (2 hunks)
  • packages/service-utils/src/core/authorize/client.ts (2 hunks)
  • packages/service-utils/src/core/authorize/service.ts (2 hunks)
🧰 Additional context used
📓 Path-based instructions (2)
**/*.{ts,tsx}

Instructions used from:

Sources:
📄 CodeRabbit Inference Engine

  • CLAUDE.md
**/*.test.{ts,tsx}

Instructions used from:

Sources:
📄 CodeRabbit Inference Engine

  • CLAUDE.md
🧠 Learnings (5)
📓 Common learnings 
Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-06-30T10:25:29.488Z
Learning: Surface breaking changes prominently in PR descriptions

Learnt from: MananTank
PR: thirdweb-dev/js#7315
File: apps/dashboard/src/app/(app)/team/[team_slug]/[project_slug]/(sidebar)/assets/create/nft/launch-nft.tsx:155-160
Timestamp: 2025-06-10T00:46:58.580Z
Learning: In the dashboard application, the route structure for team and project navigation is `/team/[team_slug]/[project_slug]/...` without a `/project/` segment. Contract links should be formatted as `/team/${teamSlug}/${projectSlug}/contract/${chainId}/${contractAddress}`.

Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-06-30T10:25:29.489Z
Learning: Applies to apps/{dashboard,playground-web}/**/*.{tsx,ts} : Server Side Data Fetching: Use `Authorization: Bearer` header – never embed tokens in URLs

Learnt from: CR
PR: thirdweb-dev/js#0
File: .cursor/rules/dashboard.mdc:0-0
Timestamp: 2025-06-30T10:26:04.389Z
Learning: Applies to dashboard/**/api/**/*.{ts,tsx} : Pass the token in the `Authorization: Bearer` header – never embed it in the URL.

Learnt from: MananTank
PR: thirdweb-dev/js#7152
File: apps/dashboard/src/app/(app)/team/[team_slug]/[project_slug]/contract/[chainIdOrSlug]/[contractAddress]/nfts/page.tsx:20-20
Timestamp: 2025-05-26T16:26:58.068Z
Learning: In team/project contract pages under routes like `/team/[team_slug]/[project_slug]/contract/[chainIdOrSlug]/[contractAddress]/*`, users are always logged in by design. The hardcoded `isLoggedIn={true}` prop in these pages is intentional and correct, not a bug to be fixed.
packages/service-utils/src/core/authorize/client.test.ts (8) 
Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-06-30T10:25:29.489Z
Learning: Applies to apps/{dashboard,playground-web}/**/*.{tsx,ts} : Server Side Data Fetching: Use `Authorization: Bearer` header – never embed tokens in URLs

Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-06-30T10:25:29.488Z
Learning: Applies to test/src/test-wallets.ts : Predefined test accounts are in `test/src/test-wallets.ts`

Learnt from: CR
PR: thirdweb-dev/js#0
File: .cursor/rules/dashboard.mdc:0-0
Timestamp: 2025-06-30T10:26:04.389Z
Learning: Applies to dashboard/**/api/**/*.{ts,tsx} : Pass the token in the `Authorization: Bearer` header – never embed it in the URL.

Learnt from: CR
PR: thirdweb-dev/js#0
File: .cursor/rules/dashboard.mdc:0-0
Timestamp: 2025-06-30T10:26:04.389Z
Learning: Applies to dashboard/**/api/**/*.{ts,tsx} : Prefix files with `import "server-only";` so they never end up in the client bundle.

Learnt from: CR
PR: thirdweb-dev/js#0
File: .cursor/rules/dashboard.mdc:0-0
Timestamp: 2025-06-30T10:26:04.389Z
Learning: Applies to dashboard/**/api/**/*.{ts,tsx} : Export default async functions without `'use client';` – they run on the Node edge.

Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-06-30T10:25:29.489Z
Learning: Applies to apps/{dashboard,playground-web}/**/*.{tsx,ts} : Client Side Data Fetching: Keep tokens secret via internal API routes or server actions

Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-06-30T10:25:29.489Z
Learning: Applies to src/extensions/**/*.{ts,tsx} : Auto-generated contracts from ABI definitions in extensions

Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-06-30T10:25:29.488Z
Learning: Applies to **/*.test.{ts,tsx} : Keep tests deterministic and side-effect free
.changeset/ninety-heads-work.md (1) 
Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-06-30T10:25:29.488Z
Learning: Surface breaking changes prominently in PR descriptions
packages/service-utils/src/core/authorize/client.ts (2) 
Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-06-30T10:25:29.489Z
Learning: Applies to apps/{dashboard,playground-web}/**/*.{tsx,ts} : Server Side Data Fetching: Use `Authorization: Bearer` header – never embed tokens in URLs

Learnt from: CR
PR: thirdweb-dev/js#0
File: .cursor/rules/dashboard.mdc:0-0
Timestamp: 2025-06-30T10:26:04.389Z
Learning: Applies to dashboard/**/api/**/*.{ts,tsx} : Pass the token in the `Authorization: Bearer` header – never embed it in the URL.
packages/service-utils/src/core/authorize/service.ts (5) 
Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-06-30T10:25:29.489Z
Learning: Applies to apps/{dashboard,playground-web}/**/*.{tsx,ts} : Server Side Data Fetching: Use `Authorization: Bearer` header – never embed tokens in URLs

Learnt from: CR
PR: thirdweb-dev/js#0
File: .cursor/rules/dashboard.mdc:0-0
Timestamp: 2025-06-30T10:26:04.389Z
Learning: Applies to dashboard/**/api/**/*.{ts,tsx} : Pass the token in the `Authorization: Bearer` header – never embed it in the URL.

Learnt from: CR
PR: thirdweb-dev/js#0
File: .cursor/rules/dashboard.mdc:0-0
Timestamp: 2025-06-30T10:26:04.389Z
Learning: Applies to dashboard/**/hooks/**/*.{ts,tsx} : Prefer API routes or server actions to keep tokens secret; the browser only sees relative paths.

Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-06-30T10:25:29.489Z
Learning: Applies to apps/{dashboard,playground-web}/**/*.{tsx,ts} : Client Side Data Fetching: Keep tokens secret via internal API routes or server actions

Learnt from: CR
PR: thirdweb-dev/js#0
File: .cursor/rules/dashboard.mdc:0-0
Timestamp: 2025-06-30T10:26:04.389Z
Learning: Applies to dashboard/**/api/**/*.{ts,tsx} : Accessing server-only environment variables or secrets.
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)
  • GitHub Check: E2E Tests (pnpm, vite)
  • GitHub Check: Size
  • GitHub Check: E2E Tests (pnpm, webpack)
  • GitHub Check: E2E Tests (pnpm, esbuild)
  • GitHub Check: Unit Tests
  • GitHub Check: Lint Packages
  • GitHub Check: Analyze (javascript)

@github-actions
Copy link
Contributor

github-actions bot commented Jul 14, 2025
edited
Loading

size-limit report 📦

Path Size Loading time (3g) Running time (snapdragon) Total time
thirdweb (esm) 63.25 KB (0%) 1.3 s (0%) 336 ms (+114.64% 🔺) 1.7 s
thirdweb (cjs) 353.31 KB (0%) 7.1 s (0%) 1.3 s (-0.72% 🔽) 8.4 s
thirdweb (minimal + tree-shaking) 5.7 KB (0%) 114 ms (0%) 147 ms (+1119.18% 🔺) 261 ms
thirdweb/chains (tree-shaking) 526 B (0%) 11 ms (0%) 49 ms (+1089.19% 🔺) 59 ms
thirdweb/react (minimal + tree-shaking) 19.59 KB (0%) 392 ms (0%) 94 ms (+349.69% 🔺) 486 ms

@jnsdls jnsdls mentioned this pull request Jul 14, 2025
Merged
@graphite-app
Copy link
Contributor

graphite-app bot commented Jul 15, 2025
edited
Loading

Merge activity

@jnsdls
Update error response URL for project settings (#7613)
34d2fdd 
# Update error response URL in service-utils

This PR updates the error response URLs in the service-utils package to point to the project-specific settings page instead of the generic API key creation page. The new URLs follow the format `https://thirdweb.com/${team.slug}/${project.slug}/settings`, providing users with a direct link to manage restrictions for their specific project.

The changes affect error messages for:
- Unauthorized domains
- Unauthorized bundle IDs
- Unauthorized services
- Unauthorized service actions

<!-- This is an auto-generated comment: release notes by coderabbit.ai -->

## Summary by CodeRabbit

* **Bug Fixes**
  * Updated error messages for unauthorized access to provide project-specific URLs, directing users to the relevant project settings page for more accurate guidance.

* **Chores**
  * Added documentation to track the patch update related to error response URLs.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
@graphite-app graphite-app bot force-pushed the Update_error_response_URL_for_project_settings branch from 71efe7a to 34d2fdd Compare July 15, 2025 00:12
@graphite-app graphite-app bot merged commit 34d2fdd into main Jul 15, 2025
24 checks passed
@graphite-app graphite-app bot deleted the Update_error_response_URL_for_project_settings branch July 15, 2025 00:22
@joaquim-verges joaquim-verges mentioned this pull request Jul 15, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

+1 more reviewer

@arcoraven arcoraven arcoraven approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@jnsdls jnsdls

Labels

packages

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jnsdls @arcoraven