openclawd/docfast
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: add global error handler + try/catch in recover & email-change routes (BUG-112)
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 19m57s
Details

Browse source
This commit is contained in:
OpenClaw Subagent 2026-03-17 17:10:36 +01:00
parent 2dfb0ac784
commit a3bba8f0d5
6 changed files with 469 additions and 166 deletions
Download patch file Download diff file Expand all files Collapse all files

190
src/routes/recover.ts
View file

@ -57,41 +57,47 @@ const recoverLimiter = rateLimit({
* description: Too many recovery attempts
*/
router.post("/", recoverLimiter, async (req: Request, res: Response) => {
const { email } = req.body || {};
try {
const { email } = req.body || {};
if (!email || typeof email !== "string" || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
res.status(400).json({ error: "A valid email address is required." });
return;
}
const cleanEmail = email.trim().toLowerCase();
const keys = getAllKeys();
const userKey = keys.find(k => k.email === cleanEmail);
if (!userKey) {
// DB fallback: cache may be stale in multi-replica setups
const dbResult = await queryWithRetry(
"SELECT key FROM api_keys WHERE email = $1 LIMIT 1",
[cleanEmail]
);
if (dbResult.rows.length > 0) {
const pending = await createPendingVerification(cleanEmail);
sendVerificationEmail(cleanEmail, pending.code).catch(err => {
logger.error({ err, email: cleanEmail }, "Failed to send recovery email");
});
logger.info({ email: cleanEmail }, "recover: cache miss, sent recovery via DB fallback");
if (!email || typeof email !== "string" || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
res.status(400).json({ error: "A valid email address is required." });
return;
}
const cleanEmail = email.trim().toLowerCase();
const keys = getAllKeys();
const userKey = keys.find(k => k.email === cleanEmail);
if (!userKey) {
// DB fallback: cache may be stale in multi-replica setups
const dbResult = await queryWithRetry(
"SELECT key FROM api_keys WHERE email = $1 LIMIT 1",
[cleanEmail]
);
if (dbResult.rows.length > 0) {
const pending = await createPendingVerification(cleanEmail);
sendVerificationEmail(cleanEmail, pending.code).catch(err => {
logger.error({ err, email: cleanEmail }, "Failed to send recovery email");
});
logger.info({ email: cleanEmail }, "recover: cache miss, sent recovery via DB fallback");
}
res.json({ status: "recovery_sent", message: "If an account exists for this email, a verification code has been sent." });
return;
}
const pending = await createPendingVerification(cleanEmail);
sendVerificationEmail(cleanEmail, pending.code).catch(err => {
logger.error({ err, email: cleanEmail }, "Failed to send recovery email");
});
res.json({ status: "recovery_sent", message: "If an account exists for this email, a verification code has been sent." });
return;
} catch (err: unknown) {
const reqId = (req as any).requestId || "unknown";
logger.error({ err, requestId: reqId }, "Unhandled error in POST /recover");
res.status(500).json({ error: "Internal server error" });
}
const pending = await createPendingVerification(cleanEmail);
sendVerificationEmail(cleanEmail, pending.code).catch(err => {
logger.error({ err, email: cleanEmail }, "Failed to send recovery email");
});
res.json({ status: "recovery_sent", message: "If an account exists for this email, a verification code has been sent." });
});
/**
@ -141,66 +147,72 @@ router.post("/", recoverLimiter, async (req: Request, res: Response) => {
* description: Too many failed attempts
*/
router.post("/verify", recoverLimiter, async (req: Request, res: Response) => {
const { email, code } = req.body || {};
try {
const { email, code } = req.body || {};
if (!email || !code) {
res.status(400).json({ error: "Email and code are required." });
return;
}
const cleanEmail = email.trim().toLowerCase();
const cleanCode = String(code).trim();
const result = await verifyCode(cleanEmail, cleanCode);
switch (result.status) {
case "ok": {
const keys = getAllKeys();
let userKey = keys.find(k => k.email === cleanEmail);
// DB fallback: cache may be stale in multi-replica setups
if (!userKey) {
logger.info({ email: cleanEmail }, "recover verify: cache miss, falling back to DB");
const dbResult = await queryWithRetry(
"SELECT key, tier, email, created_at, stripe_customer_id FROM api_keys WHERE email = $1 LIMIT 1",
[cleanEmail]
);
if (dbResult.rows.length > 0) {
const row = dbResult.rows[0];
userKey = {
key: row.key,
tier: row.tier as "free" | "pro",
email: row.email,
createdAt: row.created_at instanceof Date ? row.created_at.toISOString() : row.created_at,
stripeCustomerId: row.stripe_customer_id || undefined,
};
}
}
if (userKey) {
res.json({
status: "recovered",
apiKey: userKey.key,
tier: userKey.tier,
message: "Your API key has been recovered. Save it securely — it is shown only once.",
});
} else {
res.json({
status: "recovered",
message: "No API key found for this email.",
});
}
break;
if (!email || !code) {
res.status(400).json({ error: "Email and code are required." });
return;
}
case "expired":
res.status(410).json({ error: "Verification code has expired. Please request a new one." });
break;
case "max_attempts":
res.status(429).json({ error: "Too many failed attempts. Please request a new code." });
break;
case "invalid":
res.status(400).json({ error: "Invalid verification code." });
break;
const cleanEmail = email.trim().toLowerCase();
const cleanCode = String(code).trim();
const result = await verifyCode(cleanEmail, cleanCode);
switch (result.status) {
case "ok": {
const keys = getAllKeys();
let userKey = keys.find(k => k.email === cleanEmail);
// DB fallback: cache may be stale in multi-replica setups
if (!userKey) {
logger.info({ email: cleanEmail }, "recover verify: cache miss, falling back to DB");
const dbResult = await queryWithRetry(
"SELECT key, tier, email, created_at, stripe_customer_id FROM api_keys WHERE email = $1 LIMIT 1",
[cleanEmail]
);
if (dbResult.rows.length > 0) {
const row = dbResult.rows[0];
userKey = {
key: row.key,
tier: row.tier as "free" | "pro",
email: row.email,
createdAt: row.created_at instanceof Date ? row.created_at.toISOString() : row.created_at,
stripeCustomerId: row.stripe_customer_id || undefined,
};
}
}
if (userKey) {
res.json({
status: "recovered",
apiKey: userKey.key,
tier: userKey.tier,
message: "Your API key has been recovered. Save it securely — it is shown only once.",
});
} else {
res.json({
status: "recovered",
message: "No API key found for this email.",
});
}
break;
}
case "expired":
res.status(410).json({ error: "Verification code has expired. Please request a new one." });
break;
case "max_attempts":
res.status(429).json({ error: "Too many failed attempts. Please request a new code." });
break;
case "invalid":
res.status(400).json({ error: "Invalid verification code." });
break;
}
} catch (err: unknown) {
const reqId = (req as any).requestId || "unknown";
logger.error({ err, requestId: reqId }, "Unhandled error in POST /recover/verify");
res.status(500).json({ error: "Internal server error" });
}
});