I have a register function inside my Express application to create a new user. Inside this function there are a few tasks: create the user in Auth0, send an email, send a response to the client.
I want to be able to catch the errors coming from Auth0 or Postmark to send back specific errors to the client and log them to the console. I though I could achieve this by adding a catch to an await function (I want to avoid a waterfall of .then() and .catch() blocks). This sends the error to the client but doesn't stop the code from executing. The email part is still trying to execute while the user object is undefined and I'm getting the error Cannot set headers after they are sent to the client.
How can I fix this by keeping the async/await functionality and keep the seperate error handling for each action?
Register function
export const register = asyncHandler(async (req, res, next) => {
// Create user in Auth0
const user = await auth0ManagementClient.createUser({
email: req.body.email,
password: generateToken(12),
verify_email: false,
connection: 'auth0-database-connection'
}).catch((error) => {
const auth0_error = {
title: error.name,
description: error.message,
status_code: error.statusCode
}
console.log(auth0_error);
if(error.statusCode >= 400 && error.statusCode < 500) {
return next(new ErrorResponse('Unable to create user', `We were unable to complete your registration. ${error.message}`, error.statusCode, 'user_creation_failed'));
} else {
return next(new ErrorResponse('Internal server error', `We have issues on our side. Please try again`, 500, 'internal_server_error'));
}
});
// Send welcome mail
await sendWelcomeEmail(user.email)
.catch((error) => {
const postmark_error = {
description: error.Message,
status_code: error.ErrorCode
}
console.log(postmark_error);
if(error.statusCode >= 400 && error.statusCode < 500) {
return next(new ErrorResponse('Unable to send welcome email', `We were unable to send a welcome email to you`, error.statusCode, 'welcome_email_failed'));
} else {
return next(new ErrorResponse('Internal server error', `We have issues on our side. Please try again`, 500, 'internal_server_error'));
}
});
res.status(201).json({
message: 'User succesfully registered. Check your mailbox to verify your account and continue the onboarding.',
data: {
user
}
});
});
asyncHandler.js
const asyncHandler = fn => ( req, res, next) => Promise.resolve(fn(req, res, next)).catch(next);
export default asyncHandler;
I'd use try/catch blocks, but declare the user variable outside the try scope.
async function handler(req, res, next) {
let user;
try {
user = await auth0ManagementClient.createUser(...);
} catch (error) {
return next(new ErrorResponse(...));
}
try {
await sendWelcomeEmail(user.email);
} catch (error) {
return next(new ErrorResponse(...));
}
res.status(201).json(...);
}
return will only terminate the current function. Here, the function that gets terminated by the return is the .catch() callback.
In your example and if you want to stick to using Promise.then().catch() you can check for the user value as the catch() callback will return its value in it.
The easier way would be to use try/catch blocks to interrupt the whole controller with the return statement.
Related
Node.js CODE
exports.user = async (req, res) => {
try {
const { wallet } = req.body;
if (!wallet) {
res.status(400).json({ error: "Not logged in" });
return;
} else {
user = User.findone(wallet);
// if user is not found then create a new user and mark as loggged In
if (!user) {
User.create({
user: wallet,
});
}
// if user found then create a session token and mark as logged
in
res.send({
user: wallet,
});
}
} catch (error) {
console.log(`ERROR::`, error);
}
};
REACTJs CODE
// post call/update
const axiosCall = async () => {
// core login will give a unique username by fulling a transcation
// core.login i dont have any control
const userAccount = await core.login();
try {
const res = await Axios.post(`${API}/user`, userAccount, dataToken);
setData({
...data,
error: "",
success: res.data.message,
});
} catch (error) {
setData({
...data,
error: error.response.data.error,
});
}
};
Now here the problem occurs when some one could modify userAccount in the front-end or someone could send a body with wallet: anything to my route localhost:3000/api/user
There is no option for me to check if some actually used core.login(); to get the wallet address.
So is there any solution?
I was thinking to allow only my server IP or localhost to hit the route localhost:3000/api/user and is that even possible?
Also there is another issue anyone could modify userAccount in front-end.
I have a challenge where I can't really make a decision on how to deal with HTTP responses / Errors in my services and controllers in my Express API. My goal is to have the services be responsible for one thing only and not deal with HTTP at all. Atleast that's my thought.
I would love some feedback on my approach...
I have added general error middlewares:
const errorResponder = (error, req, res, next) => {
if (error.statusCode && error.message) {
return res.status(error.statusCode).send(error.message);
}
if (error.statusCode) {
return res.status(error.statusCode).send();
}
if (error.message) {
return res.status(500).send(error.message);
}
return next(error); // Forward if above is't triggered
};
const errorFailSafe = (error, req, res, next) => {
console.log("Fail safe");
res.status(500).send("Something went wrong, we are digging into it!");
};
And then in my controller I unwrap what I need from the req and send to a service. Afterward I send the response back to the client.
findUser: async (req,res,next) => {
const userId = req.params.userId;
try {
// Call service
const user = await UserService.findOne(userId);
// Send user back to client
res.status(200).send(user);
} catch (error) {
return next(error)
}
}
In my service using Sequelize:
findOne: async (userId) => {
try {
let user = await db.users.findByPk(userId);
if (user == null) {
throw new NotFound("User not found");
}
return user;
} catch (error) {
throw error;
}
};
The NotFound error is a custom error class extending Error.
class NotFound extends Error {
constructor(message) {
super(message);
this.statusCode = 404;
}
}
module.exports = NotFound ;
Here I kinda break the seperation by having the Service deal with HTTP by calling NotFound.
I could change this so it's the Controller doing the check. Would that be better?
Any feedback would be appreciated. :)
To simplify the situation I'll just post the following controller for an express route which interactions with a Postgres Database. My question is about error handling. If an error occurs it will be caught within the catch clause. But how can I access the errors thrown by the database queries itself. If I make several await several queries and one of them fails I need probably to restore stuff in the database? For example if the insertion of the user in the user table is a success, but the following query of inserting the user in another table fails, I need to delete the user from the user table again. How does one model such flows?
//
// Register User
//
export const registerUser = async (request, response, next) => {
try {
const usersWithSameMail = await client.query(`SELECT * FROM public.users WHERE email = '${user.email}'`);
if(usersWithSameMail.rows.length > 0){
return response.status(403).json({"code": "ERROR", "message": "Email is already registered"})
} else {
await client.query(`
INSERT INTO public.users(first_name, last_name, email, password)
VALUES ('${user.first_name}', '${user.last_name}', '${user.email}', crypt('${user.password}', gen_salt('bf', 8)));
`);
// more await statements...
return response.status(200).json({"code": "INFO", "message": "Verification mail sent to user"});
}
} catch (error) {
return response.status(500).json({"code": "ERROR", "message": "Error occured while registering the user. Please try again."});
}
}```
You can use middlewares chaining your routes handler. In order to it work, you will have to change your current working code to use Single-responsibility principle. Do only one responsability per middleware and chain all handlers to work as one.
Lets say you want to insert new user, to perform this operation we should:
lookup if email is unique
hash password
Insert new user
return inserted data in postgres back as a response
Following the middleware chaining we should implement a function for each action and chain each action in route definition:
const postgres = require('../../lib/postgres');
const crypto = require('crypto');
exports.insertedData = (req, res) => {
res.status(200).json(req.employee);
};
exports.hashPassword = (req, res, next) => {
crypto.scrypt(req.body.password.toString(), 'salt', 256, (err, derivedKey) => {
if (err) {
return res.status(500).json({ errors: [{ location: req.path, msg: 'Could not hash password'}] });
}
req.body.kdfResult = derivedKey.toString('hex');
next();
});
};
exports.lookupEmailUnique = (req, res, next) => {
const sql = 'SELECT e.email FROM public.users e WHERE e.email=$1';
postgres.query(sql, [req.body.email], (err, result) => {
if (err) {
return res.status(500).json({ errors: [{ location: req.path, msg: 'Could not query database' }] });
}
if (result.rows.length > 0) {
return response.status(403).json({"code": "ERROR", "message": "Email is already registered"})
}
next()
});
}
exports.insertNewUser = (req, res, next) => {
const sql = 'INSERT INTO public.users(first_name, last_name, email, password) VALUES ($1,$2,$3,$4} RETURNING *';
postgres.query(sql, [req.body.first_name, req.body.last_name, req.body.email, req.body.kdfResult], (err, result) => {
if (err) {
return res.status(500).json({ errors: [{ location: req.path, msg: 'Could not query database'}] });
}
req.employee = result.rows[0];
next();
});
};
here is your route declaration:
const router = require('express').Router();
const userService = require('../controllers/user.controller');
router.post('/register', userService.lookupEmailUnique, userService.hashPassword, userService.insertNewUser, userService.insertedData);
module.exports = router;
Here in routes you are using the middeware to do the chaning, you only pass the control to next middleware if all conditions are met and has full control from database erros.
In my example I do not used the async/await but I can change my example to have a version using async/await.
example middleware with transaction
exports.deletePostagem = async (req, res, next) => {
try {
await postgres.query('BEGIN');
const sql2 = 'UPDATE comentario SET postagem = null WHERE postagem = $1';
await postgres.query(sql2, [req.params.id]);
const sql3 = 'DELETE FROM postagem WHERE id = $1';
await postgres.query(sql3, [req.params.id]);
await postgres.query('COMMIT');
res.status(204).json();
res.end();
} catch (err) {
await postgres.query('ROLLBACK');
return res.status(500).json({ errors: [{msg: 'Could not perform operation' }]})
}
}
I used this only as an example, but in my projects I always have a middeware for validate/sanitize the data that comes in request before using in database query prepared statements.
based on transaction documentation in node.js you can use rollback
export const registerUser = async (request, response, next) => {
try {
let error = null;
const client; // create a client, connect to the db
try {
await client.query("begin");
await client.query("first query");
await client.query("second query");
await client.query("third query");
await client.query("commit"); //do commit when is finished all queries
} catch (error) {
error = error;
await client.query("rollback");
} finally {
client.release(); // close the connection
}
if (error) {
return response.status(500).json({ message: error }); // error message
}
return response.status(200).json({ message: "My message" }); // success message
} catch (err) {
return response.status(500).json({ message: err });
}
}
I have the following code for signing up a user. Where I first validate the user input. Secondly I check to see if the user already exists, if yes it should return with response 400. If not go to step 3 and add the new user. Finally in step 4 return the newly created entry. Logically, it works and adds data to database correctly, however it always responds back with 'User already exists' on postman (from step 2) even if it's a new user which has correctly added the user to the db. Which makes me think the third step is being done before a response in step 2 can be sent, which would mean I have not chained the promise correctly. Also the new user is never sent back as response, which I think is because I have not used Promise.then() together with user.save() correctly. I also get the following error (posted after the code), which I understand means I am trying to send a second response after a first has already been sent. I can solve this problem with async and await but want to learn how to do it this way. Thanks, any help is appreciated.
const { User, validateUser } = require('../models/userModel');
const mongoose = require('mongoose');
const express = require('express');
const router = express.Router();
router.post('/', (req, res) => {
return Promise.resolve()
.then(() => {
//Step 1: validae the user input and if there is an error, send 400 res and error message
console.log('My user post body req::', req.body);
const { error } = validateUser(req.body); //this is using Joi.validate() which has a error property if errors are found
if (error) {
return res.status(400).send(error.details[0].message);
}
})
.then(() => {
//step 2: check if user already exists, if yes send res 400
let user = User.findOne({ email: req.body.email });
if (user) {
return res.status(400).send('User already exists');
}
})
.then(() => {
//Step 3: enter new user into the database
user = new User({
name: req.body.name,
email: req.body.email,
password: req.body.password
});
return user.save();
})
.then((result) => {
//step 4: return the newly added user
return res.status(200).send(result);
})
.catch((error) => {
console.log('Error Adding new User', error);
});
});
module.exports = router;
I get the following error message from the catch. Even though I am I am returning with every response
Error Adding new User Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client
at ServerResponse.setHeader (_http_outgoing.js:494:11)
at ServerResponse.header (/home/ssaquif/WebDevProjects/movie-reviews-backend/node_modules/express/lib/response.js:771:10)
at ServerResponse.send (/home/ssaquif/WebDevProjects/movie-reviews-backend/node_modules/express/lib/response.js:170:12)
at ServerResponse.json (/home/ssaquif/WebDevProjects/movie-reviews-backend/node_modules/express/lib/response.js:267:15)
at ServerResponse.send (/home/ssaquif/WebDevProjects/movie-reviews-backend/node_modules/express/lib/response.js:158:21)
at /home/ssaquif/WebDevProjects/movie-reviews-backend/routes/users.js:35:27
at processTicksAndRejections (internal/process/task_queues.js:93:5) {
code: 'ERR_HTTP_HEADERS_SENT'
You don't need to use Promise.resolve in your route.
You just need a chain of then blocks, in which you need to return a value to the next one.
I refactored your code like this:
router.post("/", (req, res) => {
//Step 1: validate the user input and if there is an error, send 400 res and error message
console.log("My user post body req::", req.body);
const { error } = validateUser(req.body);
if (error) {
return res.status(400).send(error.details[0].message);
}
//step 2: check if user already exists, if yes send res 400
User.findOne({ email: req.body.email })
.then(user => {
if (user) {
return res.status(400).send("User already exists");
}
return;
})
.then(() => {
//Step 3: enter new user into the database
let user = new User({
name: req.body.name,
email: req.body.email,
password: req.body.password
});
return user.save();
})
.then(result => {
//step 4: return the newly added user
return res.status(200).send(result);
})
.catch(error => {
console.log("Error Adding new User", error);
res.status(500).send("Error");
});
});
You will have a result like this when a user successfully registers:
{
"_id": "5dd65df52f7f615d8067150d",
"name": "ssaquif",
"email": "test#test.com",
"password": "123123",
"__v": 0
}
And when an existing email is used, the response will be like this with statusCode 400.
User already exists
You could solve this somehow by chaining promises correctly in a more complicated way, or you use async / await and get rid of all those problems:
router.post('/', async (req, res) => {
try {
//Step 1: validae the user input and if there is an error, send 400 res and error message
console.log('My user post body req::', req.body);
const { error } = validateUser(req.body); //this is using Joi.validate() which has a error property if errors are found
if (error) {
return res.status(400).send(error.details[0].message);
}
//step 2: check if user already exists, if yes send res 400
let user = await User.findOne({ email: req.body.email });
if (user) {
return res.status(400).send('User already exists');
}
//Step 3: enter new user into the database
user = new User({
name: req.body.name,
email: req.body.email,
password: req.body.password
});
await user.save();
//step 4: return the newly added user
return res.status(200).send(user);
} catch(error) {
// Report error internally
return res.status(500).send("Something bad happened");
}
});
The main problem with your code is that returning from a .then callback will continue executing the next .then callback. Therefore you try to set the headers status multiple times (but that's your smallest problem).
If you look at the error message "Cannot set headers after they are sent to the client" it means you are trying to send something over the response object twice which are not possible. Try log something right before each time you send something as a response and see which two are being called.
Instead of returning the res.status(400).send promise, try call it normally and then return a rejected promise or throw an error instead.
I'm scratching my head trying to figure out the best way to handle errors from specific user actions. I'm using Express as my web server and even though it works, for the most part, I am getting not-so-useful, generic error messages. For instance, in the code below, I get the Request failed with status code 400 error message on the client side for the first two conditions/exceptions in the try block.
How do I approach this in the following example?
Express Server-side Controller
async function voteInPoll (req, res) {
const { category, pollId } = req.params;
const { name, choiceId, voterId } = req.body;
try {
const poll = await Poll.findById(pollId);
// Check if user has already voted in poll
const hasVoted = poll.votedBy.some(voter => voter.equals(voterId));
if (!voterId) { // Check if user is authenticated
res
.sendStatus(400)
.json({ message: 'Sorry, you must be logged in to vote' });
} else if (voterId && hasVoted) {
res
.sendStatus(400)
.json({ message: 'Sorry, you can only vote once' });
} else {
const choice = await poll.choices.id(choiceId);
const votedChoice = { name, votes: choice.votes + 1 };
await choice.set(votedChoice);
await poll.votedBy.push(voterId);
poll.save();
res
.sendStatus(200)
.json({
message: 'Thank you for voting. Find other polls at: ',
poll,
});
}
} catch (error) {
throw new Error(error);
}
}
React/Redux Action
export const voteInPoll = (category, pollId, votedItem, voterId) => async dispatch => {
try {
const response = await axios.post(
`http://localhost:3050/polls/${category}/${pollId}/vote`,
{
...votedItem,
voterId,
}
);
dispatch({ type: store.polls.VOTE_SUCCESS, payload: response.data.poll });
} catch (error) {
console.log(error);
dispatch({ type: store.polls.VOTE_FAILURE, payload: error.message });
}
};
Edit
What I find rather bizarre is I get the expected error response sent, as seen below under the Network tab of Chrome's Developer tools.
You should not be using res.sendStatus(statusCode) because of the following as defined in the docs here:
Sets the response HTTP status code to statusCode and send its string representation as the response body.
The key thing about the above is:
and send its string representation as the response body.
So doing: res.sendStatus(400).json({ message: 'Oops 400!'}) will not give you a JSON response which is what you're expecting, but simply display:
Bad Request
Which is the string representation of the 400 HTTP status code: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#4xx_Client_errors
What you need to do is replace all of your res.sendStatus(..).json(..) with res.status(...).json(...) like so:
if (!voterId) { // Check if user is authenticated
res
.status(400)
.json({ message: 'Sorry, you must be logged in to vote' });
} else if (voterId && hasVoted) {
res
.status(400)
.json({ message: 'Sorry, you can only vote once' });
} else {
// ...
}
and so on.