Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
koa-better-error-handler
Advanced tools
A better error-handler for Lad and Koa. Makes `ctx.throw` awesome (best used with koa-404-handler)
A better error-handler for Lad and Koa. Makes
ctx.throw
awesome (best used with koa-404-handler)
ETIMEOUT
and EBADFAMILY
) and sends 408 Client Timeout error<ul>
for Mongoose validation errors with more than one messagectx.throw
beautiful messages (e.g. ctx.throw(404)
will output a beautiful error object :hibiscus:)text/html
, application/json
, and text
response typesnpm install --save koa-better-error-handler
You should probably be using this in combination with koa-404-handler too!
The package exports a function which accepts four arguments (in order):
cookiesKey
- defaults to false
logger
- defaults to console
useCtxLogger
- defaults to true
stringify
- defaults to fast-safe-stringify
(you can also use JSON.stringify
or another option here if preferred)If you pass a cookiesKey
then support for sessions will be added. You should always set this argument's value if you are using cookies and sessions (e.g. web server).
We recommend to use Cabin for your logger
and also you should use its middleware too, as it will auto-populate ctx.logger
for you to make context-based logs easy.
Note that this package only supports koa-generic-session
, and does not yet support koa-session-store
(see the code in index.js for more insight, pull requests are welcome).
No support for sessions, cookies, or flash messaging:
const errorHandler = require('koa-better-error-handler');
const Koa = require('koa');
const Router = require('koa-router');
const koa404Handler = require('koa-404-handler');
// initialize our app
const app = new Koa();
// override koa's undocumented error handler
app.context.onerror = errorHandler();
// specify that this is our api
app.context.api = true;
// use koa-404-handler
app.use(koa404Handler);
// set up some routes
const router = new Router();
// throw an error anywhere you want!
router.get('/404', ctx => ctx.throw(404));
router.get('/500', ctx => ctx.throw(500));
// initialize routes on the app
app.use(router.routes());
// start the server
app.listen(3000);
console.log('listening on port 3000');
Built-in support for sessions, cookies, and flash messaging:
const errorHandler = require('koa-better-error-handler');
const Koa = require('koa');
const redis = require('redis');
const RedisStore = require('koa-redis');
const session = require('koa-generic-session');
const flash = require('koa-connect-flash');
const convert = require('koa-convert');
const Router = require('koa-router');
const koa404Handler = require('koa-404-handler');
// initialize our app
const app = new Koa();
// define keys used for signing cookies
app.keys = ['foo', 'bar'];
// initialize redis store
const redisClient = redis.createClient();
redisClient.on('connect', () => app.emit('log', 'info', 'redis connected'));
redisClient.on('error', err => app.emit('error', err));
// define our storage
const redisStore = new RedisStore({
client: redisClient
});
// add sessions to our app
const cookiesKey = 'lad.sid';
app.use(
convert(
session({
key: cookiesKey,
store: redisStore
})
)
);
// add support for flash messages (e.g. `req.flash('error', 'Oops!')`)
app.use(convert(flash()));
// override koa's undocumented error handler
app.context.onerror = errorHandler(cookiesKey);
// use koa-404-handler
app.use(koa404Handler);
// set up some routes
const router = new Router();
// throw an error anywhere you want!
router.get('/404', ctx => ctx.throw(404));
router.get('/500', ctx => ctx.throw(500));
// initialize routes on the app
app.use(router.routes());
// start the server
app.listen(3000);
console.log('listening on port 3000');
Example Request:
curl -H "Accept: application/json" http://localhost/some-page-does-not-exist
Example Response:
{
"statusCode": 404,
"error": "Not Found",
"message":"Not Found"
}
As of v3.0.5, you can prevent an error from being automatically translated by setting the error property of no_translate
to have a value of true
:
function middleware(ctx) {
const err = Boom.badRequest('Uh oh!');
err.no_translate = true; // <----
ctx.throw(err);
}
If you specify app.context.api = true
or set ctx.api = true
, and if a Mongoose validation error message occurs that has more than one message (e.g. multiple fields were invalid) – then err.message
will be joined by a comma instead of by <li>
.
Therefore if you DO want your API error messages to return HTML formatted error lists for Mongoose validation, then set app.context.api = false
, ctx.api = false
, or simply make sure to not set them before using this error handler.
try {
// trigger manual validation
// (this allows us to have a 400 error code instead of 500)
await company.validate();
} catch (err) {
ctx.throw(Boom.badRequest(err));
}
With error lists:
{
"statusCode": 400,
"error": "Bad Request",
"message": "<ul class=\"text-left mb-0\"><li>Path `company_logo` is required.</li><li>Gig description must be 100-300 characters.</li></ul>"
}
Without error lists:
{
"statusCode":400,
"error":"Bad Request",
"message":"Path `company_logo` is required., Gig description must be 100-300 characters."
}
By default if ctx.api
is true, then html-to-text will be invoked upon the err.message
, thus converting all the HTML markup into text format.
You can also specify a base URI in the environment variable for rendering as process.env.ERROR_HANDLER_BASE_URL
, e.g. ERROR_HANDLER_BASE_URL=https://example.com
(omit trailing slash), and any HTML links such as <a href="/foo/bar/baz">Click here</a>
will be converted to [Click here][1]
with a [1]
link appended of https://example.com/foo/bar/baz
.
FAQs
A better error-handler for Lad and Koa. Makes `ctx.throw` awesome (best used with koa-404-handler)
The npm package koa-better-error-handler receives a total of 1,931 weekly downloads. As such, koa-better-error-handler popularity was classified as popular.
We found that koa-better-error-handler demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.