fix(api): wrap encryptSecret in try/catch to return proper JSON error (GRO-441) #221

Merged
groombook-engineer[bot] merged 3 commits from fix/gro-441-auth-provider-500 into main 2026-04-04 00:24:40 +00:00
3 changed files with 28 additions and 14 deletions
Showing only changes of commit 1c502bb165 - Show all commits
+1
View File
@@ -167,6 +167,7 @@ api.route("/impersonation", impersonationRouter);
api.route("/admin/settings", settingsRouter);
api.route("/admin/auth-provider", authProviderRouter);
api.route("/admin/seed", adminSeedRouter);
api.route("/admin/auth-provider", authProviderRouter);
api.route("/search", searchRouter);
const port = Number(process.env.PORT ?? 3000);
+26 -14
View File
@@ -69,22 +69,34 @@ authProviderRouter.put(
const db = getDb();
const body = c.req.valid("json");
const encryptedSecret = encryptSecret(body.clientSecret);
let encryptedSecret: string;
try {
encryptedSecret = encryptSecret(body.clientSecret);
} catch (err) {
const message = err instanceof Error ? err.message : "Unknown error";
return c.json({ error: `Failed to encrypt client secret: ${message}` }, 500);
}
// Upsert: delete existing rows then insert atomically
const [row] = await db.transaction(async (tx) => {
await tx.delete(authProviderConfig);
return tx.insert(authProviderConfig).values({
providerId: body.providerId,
displayName: body.displayName,
issuerUrl: body.issuerUrl,
internalBaseUrl: body.internalBaseUrl ?? null,
clientId: body.clientId,
clientSecret: encryptedSecret,
scopes: body.scopes,
enabled: true,
}).returning();
});
let row: typeof authProviderConfig.$inferSelect | undefined;
try {
[row] = await db.transaction(async (tx) => {
await tx.delete(authProviderConfig);
return tx.insert(authProviderConfig).values({
providerId: body.providerId,
displayName: body.displayName,
issuerUrl: body.issuerUrl,
internalBaseUrl: body.internalBaseUrl ?? null,
clientId: body.clientId,
clientSecret: encryptedSecret,
scopes: body.scopes,
enabled: true,
}).returning();
});
} catch (err) {
const message = err instanceof Error ? err.message : "Unknown error";
return c.json({ error: `Failed to persist auth provider config: ${message}` }, 500);
}
if (!row) return c.json({ error: "Failed to create auth provider config" }, 500);
+1
View File
@@ -3,6 +3,7 @@ import postgres from "postgres";
import * as schema from "./schema.js";
export * from "./schema.js";
export { encryptSecret, decryptSecret } from "./crypto.js";
export { and, asc, desc, eq, exists, gte, gt, ilike, inArray, lt, lte, ne, or, sql } from "drizzle-orm";
export { encryptSecret, decryptSecret } from "./crypto.js";