Default error handling #739
Comments
|
Hmm. Maybe we should have a default client-error-handling middleware feature. It's hard to know what users will want though - raw text? Json? Maybe based on However if you want to have response bodies for 5XX errors you will have to do that yourself. We will never do that, due to security issues with exposing internal error information. |
Fishrock123
changed the title
tide::Error
Ah I did not notice that. Yes this is expected, that is an intentional change that was, I believe, introduced in tide 0.12. This is, as started above, to prevent internal server errors from leaking out information to external clients. |
|
Not embedding the payload on 5XX responses makes sense but it would be nice to have a default handler for the other error responses. I'm not sure how to decide on what content type, maybe have some default content type configurable in the And thanks for updating the titel to be more descriptive! |
|
What I understood from this issue is that something like setting the response header on error from a middleware (in a way that's applied automatically to all routes using it) isn't possible yet, am I correct? |
This can be done by creating a middleware which matches all let mut app = tide::new();
app.with(MyMiddleware::new());
app.listen("localhost:8080").await?; |
Hmm, the waiting time is only acquirable from the rate limiter struct that's a member of my middleware, and only in the case when there actually is any rate limiting ( Unless there's a way of getting access to the middleware's data after the I could maybe have one static rate limiter but then the middleware can't be used on a per-route basis which could be desirable even though I specifically don't need it. Another option would be to use a mutable static container of rate limiters but I'd much rather not have to write any unsafe code. EDIT: I feel a bit stupid, I ended up just making a new response |
|
See also for reference https://github.com/eaze/preroll/blob/latest/src/middleware/json_error.rs |
|
Another option which I've been using is a simple utility for creating pub fn error<S, D>(status: S, message: &str, data: D) -> Response
where
S: TryInto<StatusCode> + Copy,
S::Error: Debug,
D: Serialize,
{
let json_blob = json!({
"status": "error",
"message": message,
"data": data
});
let body = Body::from_json(&json_blob).unwrap();
let mut resp = Response::builder(status).body(body).build();
let error = tide::Error::from_str(status, message.to_string());
resp.set_error(error);
resp
}
// In some handler
let resp = error(400, "You've done something wrong!", ());
Ok(resp)This allows us to construct error responses in handlers and return them as |
We recently bumped our Tide version from 0.8.1 to 0.14.0 which caused our response payloads/bodies for errors to be empty. This seems to be since we use
tide::Errors for our "web-facing" results and due to anIntoconversion that lose/discard the embedded error. In the tide::Result -> http_types::Response Into implementation, which discards the error that is converted into a Response here.From the discussion in #452, which seems to be very similar to our issue, I understand it as you want to prevent people from accidentally returning internal error messages/details by not creating the full response from the error?
It would be great to have some way of using
tide::Errorfor our user-facing errors without having to attach our ownAftermiddleware just to map the error message into the response body when ourtide::Erroralready contains all the necessary data (status code + error message). Thanks!The text was updated successfully, but these errors were encountered: