🔒 Improve SSH connection handling, enhance file transfer reliability, and update OAuth error handling and tests

2026-01-30 04:53:18 +00:00
parent ab595394be
commit 9fdfbb22d8
14 changed files with 218 additions and 103 deletions
--- a/code/websites/pokedex.online/server/oauth-proxy.js
+++ b/code/websites/pokedex.online/server/oauth-proxy.js
@@ -21,6 +21,25 @@ import {
  createHealthCheckMiddleware
 } from './utils/graceful-shutdown.js';

+async function safeParseJsonResponse(response) {
+  const rawText = await response.text();
+  if (!rawText) {
+    return { data: {}, rawText: '' };
+  }
+
+  try {
+    return { data: JSON.parse(rawText), rawText };
+  } catch (error) {
+    return {
+      data: {
+        error: 'Invalid JSON response from upstream',
+        raw: rawText.slice(0, 1000)
+      },
+      rawText
+    };
+  }
+}
+
 // Validate environment variables
 validateOrExit();

@@ -57,15 +76,16 @@ app.post('/oauth/token', async (req, res) => {
      const clientSecret = process.env.DISCORD_CLIENT_SECRET;
      const redirectUri = process.env.VITE_DISCORD_REDIRECT_URI;

-      if (!clientId || !clientSecret) {
+      if (!clientId || !clientSecret || !redirectUri) {
        logger.warn('Discord OAuth not configured', {
          hasClientId: !!clientId,
-          hasClientSecret: !!clientSecret
+          hasClientSecret: !!clientSecret,
+          hasRedirectUri: !!redirectUri
        });
        return res.status(503).json({
          error: 'Discord OAuth not configured',
          message:
-            'Set VITE_DISCORD_CLIENT_ID and DISCORD_CLIENT_SECRET environment variables'
+            'Set VITE_DISCORD_CLIENT_ID, DISCORD_CLIENT_SECRET, and VITE_DISCORD_REDIRECT_URI environment variables'
        });
      }

@@ -84,7 +104,7 @@ app.post('/oauth/token', async (req, res) => {
        })
      });

-      const data = await response.json();
+      const { data, rawText } = await safeParseJsonResponse(response);

      if (!response.ok) {
        logger.error('Discord token exchange failed', {
@@ -94,6 +114,17 @@ app.post('/oauth/token', async (req, res) => {
        return res.status(response.status).json(data);
      }

+      if (!data?.access_token) {
+        logger.error('Discord token exchange returned invalid payload', {
+          status: response.status,
+          raw: rawText.slice(0, 1000)
+        });
+        return res.status(502).json({
+          error: 'Invalid response from Discord',
+          raw: rawText.slice(0, 1000)
+        });
+      }
+
      logger.info('Discord token exchange successful');
      return res.json(data);
    }