in production handle internal API errors gracefully

- still allow for useful errors during development
- let all own exceptions inherit from StandardError, the thing you should use for own errors...
pull/3338/head
Jan Sandbrink 9 years ago
parent 0fb3522196
commit f9cb083481
  1. 4
      app/controllers/repositories_controller.rb
  2. 1
      config/locales/en.yml
  3. 40
      lib/api/errors/internal_error.rb
  4. 6
      lib/api/root.rb

@ -32,9 +32,9 @@ require 'SVG/Graph/BarHorizontal'
require 'digest/sha1'
require_dependency 'open_project/scm/adapters'
class ChangesetNotFound < Exception
class ChangesetNotFound < StandardError
end
class InvalidRevisionParam < Exception
class InvalidRevisionParam < StandardError
end
class RepositoriesController < ApplicationController

@ -1791,6 +1791,7 @@ en:
code_403: "You are not authorized to access this resource."
code_404: "The requested resource could not be found."
code_409: "Couldn\'t update the resource because of conflicting modifications."
code_500: "An internal error has occured."
invalid_content_type: "Expected CONTENT-TYPE to be '%{content_type}' but got '%{actual}'."
invalid_format: "Invalid format for property '%{property}': Expected format like '%{expected_format}', but got '%{actual}'."
invalid_json: "The request could not be parsed as JSON."

@ -0,0 +1,40 @@
#-- encoding: UTF-8
#-- copyright
# OpenProject is a project management system.
# Copyright (C) 2012-2015 the OpenProject Foundation (OPF)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See doc/COPYRIGHT.rdoc for more details.
#++
module API
module Errors
class InternalError < ErrorBase
identifier 'urn:openproject-org:api:v3:errors:InternalServerError'
def initialize
super 500, I18n.t('api_v3.errors.code_500')
end
end
end
end

@ -176,6 +176,12 @@ module API
error_response ::API::Errors::Unauthenticated, headers: auth_headers
error_response ::API::Errors::ErrorBase, rescue_subclasses: true
# hide internal errors behind the same JSON response as all other errors
# only doing it in production to allow for easier debugging
if Rails.env.production?
error_response StandardError, ::API::Errors::InternalError.new, rescue_subclasses: true
end
# run authentication before each request
before do
authenticate

Loading…
Cancel
Save