feat: prevent code related bugs from showing to end-users, bump deps, fixed message rendering

Author: titanism

index.js

@@ -1,7 +1,7 @@
-const fs = require('fs');
-const path = require('path');
-const process = require('process');
-const { Buffer } = require('buffer');
+const fs = require('node:fs');
+const path = require('node:path');
+const process = require('node:process');
+const { Buffer } = require('node:buffer');
 
 const co = require('co');
 const Boom = require('@hapi/boom');
@@ -124,7 +124,7 @@ function errorHandler(
 
     if (!type) {
       err.status = 406;
-      err.message = translate(Boom.notAcceptable().output.payload);
+      err.message = translate(Boom.notAcceptable().output.payload.message);
     }
 
     const val = Number.parseInt(err.message, 10);
@@ -141,7 +141,7 @@ function errorHandler(
     ) {
       // redis errors (e.g. ioredis' MaxRetriesPerRequestError)
       err.status = 408;
-      err.message = translate(Boom.clientTimeout().output.payload);
+      err.message = translate(Boom.clientTimeout().output.payload.message);
     } else if (passportLocalMongooseErrorNames.has(err.name)) {
       // passport-local-mongoose support
       if (!err.no_translate) err.message = translate(err.message);
@@ -152,13 +152,26 @@ function errorHandler(
     } else if (err.name === 'MongooseError') {
       // parse mongoose (and mongodb connection errors)
       err.status = 408;
-      err.message = translate(Boom.clientTimeout().output.payload);
+      err.message = translate(Boom.clientTimeout().output.payload.message);
     } else if (
       err.name === 'ValidationError' &&
       Object.getPrototypeOf(err.constructor).name === 'MongooseError'
     ) {
       // parse mongoose validation errors
       err = parseValidationError(this, err, translate);
+    } else if (
+      // prevent code related bugs from
+      // displaying to users in production environments
+      // (and log as a fatal error)
+      err instanceof TypeError ||
+      err instanceof SyntaxError ||
+      err instanceof ReferenceError ||
+      err instanceof RangeError ||
+      err instanceof URIError ||
+      err instanceof EvalError
+    ) {
+      logger.fatal(err, { isCodeBug: true });
+      err.message = translate(Boom.internal().output.payload.message);
     }
 
     // check if we have a boom error that specified
@@ -169,7 +182,7 @@ function errorHandler(
       // check if this was a DNS error and if so
       // then set status code for retries appropriately
       err.status = 408;
-      err.message = translate(Boom.clientTimeout().output.payload);
+      err.message = translate(Boom.clientTimeout().output.payload.message);
     }
 
     if (!_isNumber(err.status)) err.status = 500;
@@ -210,7 +223,7 @@ function errorHandler(
     };
 
     switch (type) {
-      case 'html':
+      case 'html': {
         this.type = 'html';
 
         if (this.status === 404) {
@@ -291,14 +304,19 @@ function errorHandler(
         }
 
         break;
-      case 'json':
+      }
+
+      case 'json': {
         this.type = 'json';
         this.body = stringify(this.body, null, 2);
         break;
-      default:
+      }
+
+      default: {
         this.type = this.api ? 'json' : 'text';
         this.body = stringify(this.body, null, 2);
         break;
+      }
     }
 
     this.length = Buffer.byteLength(this.body);
@@ -310,14 +328,12 @@ function makeAPIFriendly(ctx, message) {
   return ctx.api
     ? convert(message, {
         wordwrap: false,
-        hideLinkHrefIfSameAsText: true,
         selectors: [
           {
             selector: 'a',
             options: {
-              baseUrl: process.env.ERROR_HANDLER_BASE_URL
-                ? process.env.ERROR_HANDLER_BASE_URL
-                : ''
+              hideLinkHrefIfSameAsText: true,
+              baseUrl: process.env.ERROR_HANDLER_BASE_URL || ''
             }
           },
           { selector: 'img', format: 'skip' }

package.json

@@ -36,7 +36,7 @@
     "capitalize": "^2.0.4",
     "co": "^4.6.0",
     "fast-safe-stringify": "^2.1.1",
-    "html-to-text": "^8.2.0",
+    "html-to-text": "^9.0.3",
     "humanize-string": "2",
     "lodash.iserror": "^3.1.1",
     "lodash.isfunction": "^3.0.9",
@@ -49,32 +49,32 @@
     "toidentifier": "^1.0.1"
   },
   "devDependencies": {
-    "@commitlint/cli": "^17.0.3",
-    "@commitlint/config-conventional": "^17.0.3",
-    "@koa/router": "^10.1.1",
-    "ava": "^4.3.0",
+    "@commitlint/cli": "^17.4.2",
+    "@commitlint/config-conventional": "^17.4.2",
+    "@koa/router": "^12.0.0",
+    "ava": "^5.1.1",
     "cross-env": "^7.0.3",
     "eslint-config-xo-lass": "^2.0.1",
     "fixpack": "^4.0.0",
     "get-port": "5",
-    "husky": "^8.0.1",
-    "koa": "^2.13.4",
+    "husky": "^8.0.3",
+    "koa": "^2.14.1",
     "koa-404-handler": "^0.1.0",
     "koa-basic-auth": "^4.0.0",
     "koa-connect-flash": "^0.1.2",
     "koa-convert": "^2.0.0",
     "koa-generic-session": "^2.3.0",
     "koa-redis": "^4.0.1",
-    "lint-staged": "^13.0.3",
-    "mongoose": "^6.4.2",
+    "lint-staged": "^13.1.0",
+    "mongoose": "^6.8.4",
     "nyc": "^15.1.0",
-    "redis": "^4.1.1",
+    "redis": "^4.5.1",
     "redis-errors": "^1.2.0",
     "remark-cli": "^11.0.0",
     "remark-preset-github": "^4.0.4",
-    "rimraf": "^3.0.2",
-    "supertest": "^6.2.3",
-    "xo": "^0.50.0"
+    "rimraf": "^4.1.1",
+    "supertest": "^6.3.3",
+    "xo": "^0.53.1"
   },
   "engines": {
     "node": ">= 14"

test/test.js

@@ -1,4 +1,4 @@
-const http = require('http');
+const http = require('node:http');
 
 const Koa = require('koa');
 const Router = require('@koa/router');