fix: api routes should be able to return non-200 status (#1228)

OpenBeta · Nov 17, 2024 · a240164 · a240164
1 parent 6c6492b
commit a240164
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 10 deletions.
diff --git a/src/app/api/mobile/login/route.ts b/src/app/api/mobile/login/route.ts
@@ -18,7 +18,7 @@ async function postHandler (request: NextRequest): Promise<NextResponse> {
       throw new Error('Invalid payload')
     }
   } catch (error) {
-    return NextResponse.json({ error: 'Unexpected error', status: 400 })
+    return NextResponse.json({ error: 'Unexpected error' }, { status: 400 })
   }
 
   let response: Auth0.JSONApiResponse<Auth0.TokenSet> | undefined
@@ -30,12 +30,21 @@ async function postHandler (request: NextRequest): Promise<NextResponse> {
       audience: 'https://api.openbeta.io',
       realm: 'Username-Password-Authentication'
     })
-
-    return NextResponse.json({ data: response.data })
+    return NextResponse.json({ ...response.data }, { status: response.status })
   } catch (error) {
-    console.error('#### Auth0 error ####', error)
-    return NextResponse.json({ error: 'Unexpected auth error', status: 403 })
+    return errorHandler(error)
   }
 }
 
 export const POST = withMobileAuth(postHandler)
+
+/**
+ * Handle Auth0 errors
+ */
+export const errorHandler = (error: any): NextResponse => {
+  console.error('#### Auth0 error ####', error)
+  if (error instanceof Auth0.AuthApiError) {
+    return NextResponse.json({ error: error?.error_description ?? '' }, { status: error?.statusCode ?? 401 })
+  }
+  return NextResponse.json({ error: 'Unexpected auth error' }, { status: 401 })
+}
diff --git a/src/app/api/mobile/refreshToken/route.ts b/src/app/api/mobile/refreshToken/route.ts
@@ -2,6 +2,7 @@ import { NextRequest, NextResponse } from 'next/server'
 import * as Auth0 from 'auth0'
 import { auth0Client, isNullOrEmpty } from '@/js/auth/mobile'
 import { withMobileAuth } from '@/js/auth/withMobileAuth'
+import { errorHandler } from '../login/route'
 
 /**
  * Mobile refresh token handler
@@ -27,10 +28,9 @@ async function postHandler (request: NextRequest): Promise<any> {
       audience: 'https://api.openbeta.io'
     })
 
-    return NextResponse.json({ data: response.data })
+    return NextResponse.json({ ...response.data }, { status: response.status })
   } catch (error) {
-    console.error('#### Auth0 error ####', error)
-    return NextResponse.json({ error: 'Unexpected auth error', status: 403 })
+    return errorHandler(error)
   }
 }
 

diff --git a/src/js/auth/withMobileAuth.ts b/src/js/auth/withMobileAuth.ts
@@ -11,12 +11,12 @@ type Next13ApiHandler = (req: NextRequest) => Promise<NextResponse>
 export const withMobileAuth = (handler: Next13ApiHandler): Next13ApiHandler => {
   return async function (request: NextRequest) {
     if (request.method !== 'POST') {
-      return NextResponse.json({ message: 'Must send POST request', status: 405 })
+      return NextResponse.json({ message: 'Must send POST request' }, { status: 405 })
     }
     const authHeader = request.headers.get('Secret')
     if (mobileAuthSecret != null && authHeader === mobileAuthSecret) {
       return await handler(request)
     }
-    return NextResponse.json({ message: 'Unauthorized', status: 401 })
+    return NextResponse.json({ message: 'Unauthorized' }, { status: 401 })
   }
 }