fix(billing): address review nits — 402 catch-all + null-check consistency

PierreBrisorgueil · PierreBrisorgueil · commit f26349e2bb14 · 2026-05-31T21:19:32.000+02:00
- 402 catch-all in requireQuota middleware no longer surfaces
  err.message verbatim. The service only throws known types today
  (PAYMENT_PAST_DUE / METER_EXHAUSTED) which are mapped explicitly
  above; an unknown 402 sub-type added later would leak the message.
  Send a generic "Payment required" phrase instead — new sub-types
  must be mapped explicitly above the catch-all.
- billing.quota.service.js: normalize the null-check style on the
  active plan lookup. Both branches treat "plan not configured" the
  same way; pick the !activePlan shape to match the freePlan branch
  above.

All 1666 billing unit tests pass.
diff --git a/modules/billing/middlewares/billing.requireQuota.js b/modules/billing/middlewares/billing.requireQuota.js
@@ -66,7 +66,10 @@ function requireQuota(resource, action) {
         if (details?.type === 'METER_EXHAUSTED') {
           return responses.error(res, 402, 'Payment Required', 'Meter exhausted')(details);
         }
-        return responses.error(res, 402, 'Payment Required', err.message)(details);
+        // Defensive: an unknown 402 sub-type would leak err.message verbatim.
+        // The service only throws known types today, so send the generic phrase
+        // instead — any future 402 type must be mapped explicitly above.
+        return responses.error(res, 402, 'Payment Required', 'Payment required')(details);
       }
       if (err.status === 429) {
         return responses.error(res, 429, 'Quota exceeded', 'You have reached the usage limit for this resource')(details);
diff --git a/modules/billing/services/billing.quota.service.js b/modules/billing/services/billing.quota.service.js
@@ -125,7 +125,7 @@ async function assertCanExecute({ orgId, organization, user, resource, action })
       // No BillingUsage doc yet — fall back to plan quota
       const planId = subscription?.plan ?? getDefaultPlanId();
       const activePlan = BillingPlanService.getActivePlan(planId);
-      if (activePlan === null || activePlan === undefined) {
+      if (!activePlan) {
         throw new AppError('Billing plan configuration is temporarily unavailable', {
           status: 503,
           details: { type: 'PLAN_NOT_CONFIGURED', planId },

Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,10 @@ function requireQuota(resource, action) {`
`66`	`66`	`if (details?.type === 'METER_EXHAUSTED') {`
`67`	`67`	`return responses.error(res, 402, 'Payment Required', 'Meter exhausted')(details);`
`68`	`68`	`}`
`69`		`- return responses.error(res, 402, 'Payment Required', err.message)(details);`
	`69`	`+ // Defensive: an unknown 402 sub-type would leak err.message verbatim.`
	`70`	`+ // The service only throws known types today, so send the generic phrase`
	`71`	`+ // instead — any future 402 type must be mapped explicitly above.`
	`72`	`+ return responses.error(res, 402, 'Payment Required', 'Payment required')(details);`
`70`	`73`	`}`
`71`	`74`	`if (err.status === 429) {`
`72`	`75`	`return responses.error(res, 429, 'Quota exceeded', 'You have reached the usage limit for this resource')(details);`