fix(webapp): obfuscate infra error message on token endpoint too

d-cs · d-cs · commit 15ea16285cdc · 2026-06-16T11:44:06.000+01:00
diff --git a/apps/webapp/app/routes/api.v1.token.ts b/apps/webapp/app/routes/api.v1.token.ts
@@ -7,6 +7,7 @@ import {
 import { generateErrorMessage } from "zod-error";
 import { logger } from "~/services/logger.server";
 import { getPersonalAccessTokenFromAuthorizationCode } from "~/services/personalAccessToken.server";
+import { clientSafeErrorMessage } from "~/utils/prismaErrors";
 
 export async function action({ request }: ActionFunctionArgs) {
   logger.info("Getting PersonalAccessToken from AuthorizationCode", { url: request.url });
@@ -45,7 +46,7 @@ export async function action({ request }: ActionFunctionArgs) {
         logger.error("Error getting PersonalAccessToken from AuthorizationCode", fields);
       }
 
-      return json({ error: error.message }, { status: 400 });
+      return json({ error: clientSafeErrorMessage(error) }, { status: 400 });
     }
 
     return json({ error: "Something went wrong" }, { status: 400 });

Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@ import {`
`7`	`7`	`import { generateErrorMessage } from "zod-error";`
`8`	`8`	`import { logger } from "~/services/logger.server";`
`9`	`9`	`import { getPersonalAccessTokenFromAuthorizationCode } from "~/services/personalAccessToken.server";`
	`10`	`+import { clientSafeErrorMessage } from "~/utils/prismaErrors";`
`10`	`11`
`11`	`12`	`export async function action({ request }: ActionFunctionArgs) {`
`12`	`13`	`logger.info("Getting PersonalAccessToken from AuthorizationCode", { url: request.url });`
`@@ -45,7 +46,7 @@ export async function action({ request }: ActionFunctionArgs) {`
`45`	`46`	`logger.error("Error getting PersonalAccessToken from AuthorizationCode", fields);`
`46`	`47`	`}`
`47`	`48`
`48`		`- return json({ error: error.message }, { status: 400 });`
	`49`	`+ return json({ error: clientSafeErrorMessage(error) }, { status: 400 });`
`49`	`50`	`}`
`50`	`51`
`51`	`52`	`return json({ error: "Something went wrong" }, { status: 400 });`