From 388448f29823194a7e807c63df379321dfcbd0a2 Mon Sep 17 00:00:00 2001
From: MomentQYC <62551256+MomentQYC@users.noreply.github.com>
Date: Mon, 21 Aug 2023 16:21:57 +0800
Subject: [PATCH] feat: Removing stack trace info in production env (#11657)

* feat: Hiding stack traces in production env

* sytle

* style

* style

* add SPDX

* move ./error.js to ./misc/error.js

* revert: remove frontend changes

* feat: Hiding stack traces in production env

* feat: Hiding stack traces in production env

* revert

* revert

* revert

* change and fix

* revert

* fix queue endpoint test

---------

Co-authored-by: tamaina <tamaina@hotmail.co.jp>
Co-authored-by: Kagami Sascha Rosylight <saschanaz@outlook.com>
---
 .../backend/src/server/web/ClientServerService.ts    | 12 ++++++------
 packages/backend/test/e2e/fetch-resource.ts          | 12 +++++++++++-
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/packages/backend/src/server/web/ClientServerService.ts b/packages/backend/src/server/web/ClientServerService.ts
index 25f59914ff..56aa343632 100644
--- a/packages/backend/src/server/web/ClientServerService.ts
+++ b/packages/backend/src/server/web/ClientServerService.ts
@@ -148,18 +148,18 @@ export class ClientServerService {
 			if (url === bullBoardPath || url.startsWith(bullBoardPath + '/')) {
 				const token = request.cookies.token;
 				if (token == null) {
-					reply.code(401);
-					throw new Error('login required');
+					reply.code(401).send('Login required');
+					return;
 				}
 				const user = await this.usersRepository.findOneBy({ token });
 				if (user == null) {
-					reply.code(403);
-					throw new Error('no such user');
+					reply.code(403).send('No such user');
+					return;
 				}
 				const isAdministrator = await this.roleService.isAdministrator(user);
 				if (!isAdministrator) {
-					reply.code(403);
-					throw new Error('access denied');
+					reply.code(403).send('Access denied');
+					return;
 				}
 			}
 		});
diff --git a/packages/backend/test/e2e/fetch-resource.ts b/packages/backend/test/e2e/fetch-resource.ts
index 96683ce594..1cbfec3e5f 100644
--- a/packages/backend/test/e2e/fetch-resource.ts
+++ b/packages/backend/test/e2e/fetch-resource.ts
@@ -34,6 +34,8 @@ describe('Webリソース', () => {
 	let aliceGalleryPost: any;
 	let aliceChannel: any;
 
+	let bob: misskey.entities.MeSignup;
+
 	type Request = {
 		path: string,
 		accept?: string,
@@ -90,6 +92,8 @@ describe('Webリソース', () => {
 			fileIds: [aliceUploadedFile.body.id],
 		});
 		aliceChannel = await channel(alice, {});
+
+		bob = await signup({ username: 'alice' });
 	}, 1000 * 60 * 2);
 
 	afterAll(async () => {
@@ -163,9 +167,15 @@ describe('Webリソース', () => {
 	});
 
 	describe.each([{ path: '/queue' }])('$path', ({ path }) => {
+		test('はログインしないとGETできない。', async () => await notOk({
+			path,
+			status: 401,
+		}));
+
 		test('はadminでなければGETできない。', async () => await notOk({
 			path,
-			status: 500, // FIXME? 403ではない。
+			cookie: cookie(bob),
+			status: 403,
 		}));
 
 		test('はadminならGETできる。', async () => await ok({