fix: return proper unmasked 401 errors when unauthorized

accounts-js · Nov 13, 2023 · 9cecbdd · 9cecbdd
1 parent b784af6
commit 9cecbdd
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 6 deletions.
diff --git a/modules/module-core/src/utils/authenticated-resolver.ts b/modules/module-core/src/utils/authenticated-resolver.ts
@@ -1,3 +1,5 @@
+import { GraphQLError } from 'graphql';
+
 export const authenticated =
   <
     CustomRoot,
@@ -18,7 +20,12 @@ export const authenticated =
       return func(root, args, context, info);
     }
     if (!context.userId && !context.user) {
-      throw new Error('Unauthorized');
+      throw new GraphQLError('Unauthorized', {
+        extensions: {
+          code: 'UNAUTHENTICATED',
+          http: { status: 401 },
+        },
+      });
     }
     return func(root, args, context, info);
   };
diff --git a/modules/module-password/src/resolvers/mutation.ts b/modules/module-password/src/resolvers/mutation.ts
@@ -7,13 +7,19 @@ import {
 } from '@accounts/password';
 import { AccountsServer, AccountsJsError } from '@accounts/server';
 import { MutationResolvers } from '../models';
+import { GraphQLError } from 'graphql';
 
 export const Mutation: MutationResolvers = {
   addEmail: async (_, { newEmail }, ctx) => {
     const { user, injector } = ctx;
 
     if (!(user && user.id)) {
-      throw new Error('Unauthorized');
+      throw new GraphQLError('Unauthorized', {
+        extensions: {
+          code: 'UNAUTHENTICATED',
+          http: { status: 401 },
+        },
+      });
     }
 
     const userId = user.id;
@@ -25,7 +31,12 @@ export const Mutation: MutationResolvers = {
     const { user, injector } = ctx;
 
     if (!(user && user.id)) {
-      throw new Error('Unauthorized');
+      throw new GraphQLError('Unauthorized', {
+        extensions: {
+          code: 'UNAUTHENTICATED',
+          http: { status: 401 },
+        },
+      });
     }
 
     const userId = user.id;
@@ -81,7 +92,12 @@ export const Mutation: MutationResolvers = {
 
     // Make sure user is logged in
     if (!(user && user.id)) {
-      throw new Error('Unauthorized');
+      throw new GraphQLError('Unauthorized', {
+        extensions: {
+          code: 'UNAUTHENTICATED',
+          http: { status: 401 },
+        },
+      });
     }
 
     const userId = user.id;
@@ -94,7 +110,12 @@ export const Mutation: MutationResolvers = {
 
     // Make sure user is logged in
     if (!(user && user.id)) {
-      throw new Error('Unauthorized');
+      throw new GraphQLError('Unauthorized', {
+        extensions: {
+          code: 'UNAUTHENTICATED',
+          http: { status: 401 },
+        },
+      });
     }
 
     const userId = user.id;

diff --git a/modules/module-password/src/resolvers/query.ts b/modules/module-password/src/resolvers/query.ts
@@ -1,3 +1,4 @@
+import { GraphQLError } from 'graphql';
 import { QueryResolvers } from '../models';
 import { AccountsPassword } from '@accounts/password';
 
@@ -7,7 +8,12 @@ export const Query: QueryResolvers = {
 
     // Make sure user is logged in
     if (!(user && user.id)) {
-      throw new Error('Unauthorized');
+      throw new GraphQLError('Unauthorized', {
+        extensions: {
+          code: 'UNAUTHENTICATED',
+          http: { status: 401 },
+        },
+      });
     }
 
     // https://github.com/speakeasyjs/speakeasy/blob/master/index.js#L517