Skip to content

Commit e72c514

Browse files
authored
Merge pull request #4281 from sajdakabir/fix/4276-sanitize-webhook-error-responses
fix: stop leaking Drizzle SQL queries in webhook error responses (#4276)
2 parents 940d18a + f8c6c8f commit e72c514

3 files changed

Lines changed: 27 additions & 12 deletions

File tree

apps/dokploy/pages/api/deploy/[refreshToken].ts

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,15 @@ import type { DeploymentJob } from "@/server/queues/queue-types";
1212
import { myQueue } from "@/server/queues/queueSetup";
1313
import { deploy } from "@/server/utils/deploy";
1414

15+
/**
16+
* Log a webhook handler error server-side without leaking its shape to the HTTP
17+
* response. Drizzle errors carry the raw SQL query, column list and parameters,
18+
* so we never forward the error object to the client.
19+
*/
20+
export const logWebhookError = (context: string, error: unknown) => {
21+
console.error(context, error);
22+
};
23+
1524
/**
1625
* Helper function to get package_version from registry_package events
1726
*/
@@ -262,14 +271,15 @@ export default async function handler(
262271
);
263272
}
264273
} catch (error) {
265-
res.status(400).json({ message: "Error deploying Application", error });
274+
logWebhookError("Error deploying Application:", error);
275+
res.status(400).json({ message: "Error deploying Application" });
266276
return;
267277
}
268278

269279
res.status(200).json({ message: "Application deployed successfully" });
270280
} catch (error) {
271-
console.log(error);
272-
res.status(400).json({ message: "Error deploying Application", error });
281+
logWebhookError("Error deploying Application:", error);
282+
res.status(400).json({ message: "Error deploying Application" });
273283
}
274284
}
275285

apps/dokploy/pages/api/deploy/compose/[refreshToken].ts

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ import {
1212
extractCommittedPaths,
1313
extractHash,
1414
getProviderByHeader,
15+
logWebhookError,
1516
} from "../[refreshToken]";
1617

1718
export default async function handler(
@@ -195,13 +196,14 @@ export default async function handler(
195196
);
196197
}
197198
} catch (error) {
198-
res.status(400).json({ message: "Error deploying Compose", error });
199+
logWebhookError("Error deploying Compose:", error);
200+
res.status(400).json({ message: "Error deploying Compose" });
199201
return;
200202
}
201203

202204
res.status(200).json({ message: "Compose deployed successfully" });
203205
} catch (error) {
204-
console.log(error);
205-
res.status(400).json({ message: "Error deploying Compose", error });
206+
logWebhookError("Error deploying Compose:", error);
207+
res.status(400).json({ message: "Error deploying Compose" });
206208
}
207209
}

apps/dokploy/pages/api/deploy/github.ts

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,11 @@ import { applications, compose, github } from "@/server/db/schema";
1717
import type { DeploymentJob } from "@/server/queues/queue-types";
1818
import { myQueue } from "@/server/queues/queueSetup";
1919
import { deploy } from "@/server/utils/deploy";
20-
import { extractCommitMessage, extractHash } from "./[refreshToken]";
20+
import {
21+
extractCommitMessage,
22+
extractHash,
23+
logWebhookError,
24+
} from "./[refreshToken]";
2125

2226
export default async function handler(
2327
req: NextApiRequest,
@@ -197,10 +201,8 @@ export default async function handler(
197201
});
198202
return;
199203
} catch (error) {
200-
console.error("Error deploying applications on tag:", error);
201-
res
202-
.status(400)
203-
.json({ message: "Error deploying applications on tag", error });
204+
logWebhookError("Error deploying applications on tag:", error);
205+
res.status(400).json({ message: "Error deploying applications on tag" });
204206
return;
205207
}
206208
}
@@ -322,7 +324,8 @@ export default async function handler(
322324
}
323325
res.status(200).json({ message: `Deployed ${totalApps} apps` });
324326
} catch (error) {
325-
res.status(400).json({ message: "Error deploying Application", error });
327+
logWebhookError("Error deploying Application:", error);
328+
res.status(400).json({ message: "Error deploying Application" });
326329
}
327330
} else if (req.headers["x-github-event"] === "pull_request") {
328331
const prId = githubBody?.pull_request?.id;

0 commit comments

Comments
 (0)