Skip to content

Commit 1ca4712

Browse files
committed
feat: add missing SAFE_ERROR_CODES for rate limiting and auth errors
Add error codes that are raised by constructive-db deployed functions but were missing from the production error masking allowlist: - IP_RATE_LIMITED (new — from rate_limits_module IP throttling) - PASSWORD_RESET_LOCKED_EXCEED_ATTEMPTS (password reset lockout) - CSRF_TOKEN_REQUIRED, INVALID_CSRF_TOKEN (CSRF validation) - TOTP_NOT_ENABLED (TOTP verification) - NULL_VALUES_DISALLOWED (reset_password validation) - OBJECT_NOT_FOUND (invite/object lookups) - LIMIT_REACHED (membership/invite limits) - REQUIRES_ONE_OWNER (ownership constraints) Without these, production clients would receive masked 'INTERNAL_SERVER_ERROR' instead of the actionable error codes.
1 parent 8a4291a commit 1ca4712

1 file changed

Lines changed: 13 additions & 0 deletions

File tree

graphql/server/src/middleware/graphile.ts

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,19 @@ const SAFE_ERROR_CODES = new Set([
3636
'INVITE_LIMIT',
3737
'INVITE_EMAIL_NOT_FOUND',
3838
'INVALID_CREDENTIALS',
39+
// CSRF
40+
'CSRF_TOKEN_REQUIRED',
41+
'INVALID_CSRF_TOKEN',
42+
// Rate limiting / throttling
43+
'IP_RATE_LIMITED',
44+
'PASSWORD_RESET_LOCKED_EXCEED_ATTEMPTS',
45+
// TOTP
46+
'TOTP_NOT_ENABLED',
47+
// Account / resource operations
48+
'NULL_VALUES_DISALLOWED',
49+
'OBJECT_NOT_FOUND',
50+
'LIMIT_REACHED',
51+
'REQUIRES_ONE_OWNER',
3952
// PublicKeySignature
4053
'FEATURE_DISABLED',
4154
'INVALID_PUBLIC_KEY',

0 commit comments

Comments
 (0)