set correct content type for error messages

zadam · Jun 30, 2022 · 3faae63 · 3faae63
1 parent fac9fef
commit 3faae63
Show file tree

Hide file tree

Showing 9 changed files with 71 additions and 27 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/src/routes/api/export.js b/src/routes/api/export.js
@@ -15,7 +15,9 @@ function exportBranch(req, res) {
         const message = `Cannot export branch ${branchId} since it does not exist.`;
         log.error(message);
 
-        res.status(500).send(message);
+        res.setHeader("Content-Type", "text/plain")
+            .status(500)
+            .send(message);
         return;
     }
 
@@ -41,7 +43,9 @@ function exportBranch(req, res) {
 
         log.error(message + e.stack);
 
-        res.status(500).send(message);
+        res.setHeader("Content-Type", "text/plain")
+            .status(500)
+            .send(message);
     }
 }
 

diff --git a/src/routes/api/files.js b/src/routes/api/files.js
@@ -48,7 +48,9 @@ function downloadNoteFile(noteId, res, contentDisposition = true) {
     const note = becca.getNote(noteId);
 
     if (!note) {
-        return res.status(404).send(`Note ${noteId} doesn't exist.`);
+        return res.setHeader("Content-Type", "text/plain")
+            .status(404)
+            .send(`Note ${noteId} doesn't exist.`);
     }
 
     if (note.isProtected && !protectedSessionService.isProtectedSessionAvailable()) {

diff --git a/src/routes/api/image.js b/src/routes/api/image.js
@@ -20,20 +20,22 @@ function returnImage(req, res) {
     }
 
     /**
-     * special "image" type. the canvas is actually type application/json 
+     * special "image" type. the canvas is actually type application/json
      * to avoid bitrot and enable usage as referenced image the svg is included.
      */
     if (image.type === 'canvas') {
         const content = image.getContent();
         try {
             const data = JSON.parse(content);
-            
+
             const svg = data.svg || '<svg />'
             res.set('Content-Type', "image/svg+xml");
             res.set("Cache-Control", "no-cache, no-store, must-revalidate");
             res.send(svg);
         } catch(err) {
-            res.status(500).send("there was an error parsing excalidraw to svg");
+            res.setHeader("Content-Type", "text/plain")
+                .status(500)
+                .send("there was an error parsing excalidraw to svg");
         }
     } else {
         res.set('Content-Type', image.mime);

diff --git a/src/routes/api/note_revisions.js b/src/routes/api/note_revisions.js
@@ -65,11 +65,15 @@ function downloadNoteRevision(req, res) {
     const noteRevision = becca.getNoteRevision(req.params.noteRevisionId);
 
     if (noteRevision.noteId !== req.params.noteId) {
-        return res.status(400).send(`Note revision ${req.params.noteRevisionId} does not belong to note ${req.params.noteId}`);
+        return res.setHeader("Content-Type", "text/plain")
+            .status(400)
+            .send(`Note revision ${req.params.noteRevisionId} does not belong to note ${req.params.noteId}`);
     }
 
     if (noteRevision.isProtected && !protectedSessionService.isProtectedSessionAvailable()) {
-        return res.status(401).send("Protected session not available");
+        return res.setHeader("Content-Type", "text/plain")
+            .status(401)
+            .send("Protected session not available");
     }
 
     const filename = getRevisionFilename(noteRevision);

diff --git a/src/routes/custom.js b/src/routes/custom.js
@@ -49,7 +49,9 @@ function handleRequest(req, res) {
             catch (e) {
                 log.error(`Custom handler ${note.noteId} failed with ${e.message}`);
 
-                res.status(500).send(e.message);
+                res.setHeader("Content-Type", "text/plain")
+                    .status(500)
+                    .send(e.message);
             }
         }
         else if (attr.name === 'customResourceProvider') {
@@ -65,7 +67,9 @@ function handleRequest(req, res) {
     const message = `No handler matched for custom ${path} request.`;
 
     log.info(message);
-    res.status(404).send(message);
+    res.setHeader("Content-Type", "text/plain")
+        .status(404)
+        .send(message);
 }
 
 function register(router) {

diff --git a/src/routes/routes.js b/src/routes/routes.js
@@ -120,6 +120,10 @@ function apiResultHandler(req, res, result) {
 
 function send(res, statusCode, response) {
     if (typeof response === 'string') {
+        if (statusCode >= 400) {
+            res.setHeader("Content-Type", "text/plain");
+        }
+
         res.status(statusCode).send(response);
 
         return response.length;
@@ -167,7 +171,9 @@ function route(method, path, middleware, routeHandler, resultHandler, transactio
                         .catch(e => {
                             log.error(`${method} ${path} threw exception: ` + e.stack);
 
-                            res.status(500).send(e.message);
+                            res.setHeader("Content-Type", "text/plain")
+                                .status(500)
+                                .send(e.message);
                         });
                 }
                 else {
@@ -180,7 +186,9 @@ function route(method, path, middleware, routeHandler, resultHandler, transactio
         catch (e) {
             log.error(`${method} ${path} threw exception: ` + e.stack);
 
-            res.status(500).send(e.message);
+            res.setHeader("Content-Type", "text/plain")
+                .status(500)
+                .send(e.message);
         }
     });
 }

diff --git a/src/services/auth.js b/src/services/auth.js
@@ -88,17 +88,23 @@ function checkEtapiToken(req, res, next) {
 function reject(req, res, message) {
     log.info(`${req.method} ${req.path} rejected with 401 ${message}`);
 
-    res.status(401).send(message);
+    res.setHeader("Content-Type", "text/plain")
+        .status(401)
+        .send(message);
 }
 
 function checkCredentials(req, res, next) {
     if (!sqlInit.isDbInitialized()) {
-        res.status(400).send('Database is not initialized yet.');
+        res.setHeader("Content-Type", "text/plain")
+            .status(400)
+            .send('Database is not initialized yet.');
         return;
     }
 
     if (!passwordService.isPasswordSet()) {
-        res.status(400).send('Password has not been set yet. Please set a password and repeat the action');
+        res.setHeader("Content-Type", "text/plain")
+            .status(400)
+            .send('Password has not been set yet. Please set a password and repeat the action');
         return;
     }
 
@@ -109,7 +115,9 @@ function checkCredentials(req, res, next) {
     // username is ignored
 
     if (!passwordEncryptionService.verifyPassword(password)) {
-        res.status(401).send('Incorrect password');
+        res.setHeader("Content-Type", "text/plain")
+            .status(401)
+            .send('Incorrect password');
     }
     else {
         next();

diff --git a/src/share/routes.js b/src/share/routes.js
@@ -39,9 +39,9 @@ function register(router) {
         addNoIndexHeader(note, res);
 
         if (note.hasLabel('shareRaw') || ['image', 'file'].includes(note.type)) {
-            res.setHeader('Content-Type', note.mime);
+            res.setHeader('Content-Type', note.mime)
+                .send(note.getContent());
 
-            res.send(note.getContent());
             return;
         }
 
@@ -83,7 +83,9 @@ function register(router) {
         const note = shaca.getNote(noteId);
 
         if (!note) {
-            return res.status(404).send(`Note '${noteId}' not found`);
+            return res.setHeader("Content-Type", "text/plain")
+                .status(404)
+                .send(`Note '${noteId}' not found`);
         }
 
         addNoIndexHeader(note, res);
@@ -98,7 +100,9 @@ function register(router) {
         const note = shaca.getNote(noteId);
 
         if (!note) {
-            return res.status(404).send(`Note '${noteId}' not found`);
+            return res.setHeader("Content-Type", "text/plain")
+                .status(404)
+                .send(`Note '${noteId}' not found`);
         }
 
         addNoIndexHeader(note, res);
@@ -122,13 +126,17 @@ function register(router) {
         const image = shaca.getNote(req.params.noteId);
 
         if (!image) {
-            return res.status(404).send(`Note '${req.params.noteId}' not found`);
+            return res.setHeader('Content-Type', 'text/plain')
+                .status(404)
+                .send(`Note '${req.params.noteId}' not found`);
         }
         else if (!["image", "canvas"].includes(image.type)) {
-            return res.status(400).send("Requested note is not a shareable image");
+            return res.setHeader('Content-Type', 'text/plain')
+                .status(400)
+                .send("Requested note is not a shareable image");
         } else if (image.type === "canvas") {
             /**
-             * special "image" type. the canvas is actually type application/json 
+             * special "image" type. the canvas is actually type application/json
              * to avoid bitrot and enable usage as referenced image the svg is included.
              */
             const content = image.getContent();
@@ -141,7 +149,9 @@ function register(router) {
                 res.set("Cache-Control", "no-cache, no-store, must-revalidate");
                 res.send(svg);
             } catch(err) {
-                res.status(500).send("there was an error parsing excalidraw to svg");
+                res.setHeader('Content-Type', 'text/plain')
+                    .status(500)
+                    .send("there was an error parsing excalidraw to svg");
             }
         } else {
             // normal image
@@ -159,7 +169,9 @@ function register(router) {
         const note = shaca.getNote(noteId);
 
         if (!note) {
-            return res.status(404).send(`Note '${noteId}' not found`);
+            return res.setHeader('Content-Type', 'text/plain')
+                .status(404)
+                .send(`Note '${noteId}' not found`);
         }
 
         addNoIndexHeader(note, res);