Robustness: top-level error handling, API timeout, token validation

- Wrap all three handlers in top-level try/catch that fails open
- Add 2000ms Promise.race timeout on API calls in viewer request
- Validate token format before API call (must contain a digit)

Co-Authored-By: Claude (claude-opus-4-6) <noreply@anthropic.com>

Author: luke-owen-crowdhandler

dist/originOverride.zip

@@ -6,6 +6,8 @@ const http_helpers = require("./helpers/http");
 require("source-map-support").install();
 
 module.exports.originResponse = async (event) => {
+  let response = event.Records[0].cf.response;
+  try {
   let APIDomain;
   let crowdhandlerResponseID;
   let crowdhandlerToken;
@@ -14,7 +16,6 @@ module.exports.originResponse = async (event) => {
 
   // Infer useful information from the request event and save it
   let request = event.Records[0].cf.request;
-  let response = event.Records[0].cf.response;
   const requestHeaders = request.headers;
   const uri = request.uri;
 
@@ -108,4 +109,8 @@ module.exports.originResponse = async (event) => {
     }
   }
   return response;
+  } catch (error) {
+    console.error('[CH] Unhandled error in originResponse - failing open:', error);
+    return response;
+  }
 };

dist/originResponse.zip

@@ -6,6 +6,8 @@ const http_helpers = require("./helpers/http");
 require("source-map-support").install();
 
 module.exports.viewerRequest = async (event) => {
+  let request = event.Records[0].cf.request;
+  try {
   // Environment Setup
   const APIDomain = "CROWDHANDLER_API_DOMAIN";
   // If  failtrust is false, users that fail to check-in with CrowdHandler will be sent to waiting room.
@@ -18,7 +20,6 @@ module.exports.viewerRequest = async (event) => {
   const whitelabel = true;
 
   // Extract request Meta Information
-  let request = event.Records[0].cf.request;
   let requestHeaders = request.headers;
   const host = requestHeaders.host[0].value;
 
@@ -139,6 +140,13 @@ module.exports.viewerRequest = async (event) => {
     tokenSource = 'new';
   }
 
+  // Validate token format - must contain at least one digit
+  const validToken = /(.*\d+.*)/;
+  if (token && !validToken.test(token)) {
+    token = null;
+    tokenSource = 'new';
+  }
+
   if (freshlyPromoted) {
     let redirectLocation
     if (queryString) {
@@ -157,9 +165,17 @@ module.exports.viewerRequest = async (event) => {
     };
     let response;
 
-    if (token) {
-      try {
-        response = await http_helpers.httpGET({
+    let timeoutHandle;
+    const timeoutPromise = new Promise((_, reject) => {
+      timeoutHandle = setTimeout(() => {
+        reject(new Error('API Communication Timed Out!'));
+      }, http_helpers.API_TIMEOUT_MS);
+    });
+
+    try {
+      let apiCall;
+      if (token) {
+        apiCall = http_helpers.httpGET({
           headers: headers,
           hostname: APIDomain,
           method: "GET",
@@ -168,15 +184,8 @@ module.exports.viewerRequest = async (event) => {
           )}&lang=${encodeURIComponent(language)}`,
           port: 443,
         });
-      } catch (error) {
-        console.error('CrowdHandler API GET failed:', error);
-        response = error;
-      } finally {
-        return response;
-      }
-    } else {
-      try {
-        response = await http_helpers.httpPOST(
+      } else {
+        apiCall = http_helpers.httpPOST(
           {
             headers: headers,
             hostname: APIDomain,
@@ -191,12 +200,14 @@ module.exports.viewerRequest = async (event) => {
             lang: language,
           })
         );
-      } catch (error) {
-        console.error('CrowdHandler API POST failed:', error);
-        response = error;
-      } finally {
-        return response;
       }
+      response = await Promise.race([apiCall, timeoutPromise]);
+    } catch (error) {
+      console.error('CrowdHandler API call failed:', error.message || error);
+      response = error;
+    } finally {
+      clearTimeout(timeoutHandle);
+      return response;
     }
   }
 
@@ -299,4 +310,8 @@ module.exports.viewerRequest = async (event) => {
   }
 
   return request;
+  } catch (error) {
+    console.error('[CH] Unhandled error in viewerRequest - failing open:', error);
+    return request;
+  }
 };

dist/viewerRequest.zip

@@ -5,8 +5,9 @@ const helpers = require("./helpers/misc");
 require("source-map-support").install();
 
 module.exports.viewerResponse = (event, context, callback) => {
-  const request = event.Records[0].cf.request;
   const response = event.Records[0].cf.response;
+  try {
+  const request = event.Records[0].cf.request;
   const requestHeaders = request.headers;
   const uri = request.uri;
 
@@ -53,4 +54,8 @@ module.exports.viewerResponse = (event, context, callback) => {
   });
 
   return callback(null, response);
+  } catch (error) {
+    console.error('[CH] Unhandled error in viewerResponse - failing open:', error);
+    return callback(null, response);
+  }
 };

dist/viewerResponse.zip

@@ -1,5 +1,7 @@
 const https = require("https");
 
+export const API_TIMEOUT_MS = 2000;
+
 // Server error response (5xx, network errors) - respects failTrust setting
 const dummyResponseData = {
   result: {