mirror of
https://github.com/danny-avila/LibreChat.git
synced 2025-09-22 08:12:00 +02:00
972402e029
* fix: sanitize HTTP params and do not send whole error objects backs * fix: prevent path traversal * fix: send custom error message for tokenizer route * chore: handle info exposure vector * chore(oauth): skip check due to false positive as oauth routes are rate-limited * chore(app): disable `x-powered-by` * chore: disable false positives or flagging of hardcoded secrets when they are fake values * chore: add path traversal safety check
40 lines
1.3 KiB
JavaScript
40 lines
1.3 KiB
JavaScript
const { logger } = require('~/config');
|
|
|
|
//handle duplicates
|
|
const handleDuplicateKeyError = (err, res) => {
|
|
logger.error('Duplicate key error:', err.keyValue);
|
|
const field = `${JSON.stringify(Object.keys(err.keyValue))}`;
|
|
const code = 409;
|
|
res
|
|
.status(code)
|
|
.send({ messages: `An document with that ${field} already exists.`, fields: field });
|
|
};
|
|
|
|
//handle validation errors
|
|
const handleValidationError = (err, res) => {
|
|
logger.error('Validation error:', err.errors);
|
|
let errors = Object.values(err.errors).map((el) => el.message);
|
|
let fields = `${JSON.stringify(Object.values(err.errors).map((el) => el.path))}`;
|
|
let code = 400;
|
|
if (errors.length > 1) {
|
|
errors = errors.join(' ');
|
|
res.status(code).send({ messages: `${JSON.stringify(errors)}`, fields: fields });
|
|
} else {
|
|
res.status(code).send({ messages: `${JSON.stringify(errors)}`, fields: fields });
|
|
}
|
|
};
|
|
|
|
// eslint-disable-next-line no-unused-vars
|
|
module.exports = (err, req, res, next) => {
|
|
try {
|
|
if (err.name === 'ValidationError') {
|
|
return (err = handleValidationError(err, res));
|
|
}
|
|
if (err.code && err.code == 11000) {
|
|
return (err = handleDuplicateKeyError(err, res));
|
|
}
|
|
} catch (err) {
|
|
logger.error('ErrorController => error', err);
|
|
res.status(500).send('An unknown error occurred.');
|
|
}
|
|
};
|