From 0dfa3ef7731b27f2cc51d9e40ff16f916e8982a4 Mon Sep 17 00:00:00 2001
From: Bruce Berrios <58147810+Bruception@users.noreply.github.com>
Date: Sat, 27 Aug 2022 14:39:02 -0400
Subject: [PATCH] Urgent (#3457)

---
 backend/src/middlewares/error.ts      | 106 +++++++++++++++-----------
 backend/src/middlewares/rate-limit.ts |  10 ++-
 2 files changed, 67 insertions(+), 49 deletions(-)

diff --git a/backend/src/middlewares/error.ts b/backend/src/middlewares/error.ts
index 0f077848e..0b3634d11 100644
--- a/backend/src/middlewares/error.ts
+++ b/backend/src/middlewares/error.ts
@@ -12,57 +12,71 @@ async function errorHandlingMiddleware(
   res: Response,
   _next: NextFunction
 ): Promise<void> {
-  const monkeyError = error as MonkeyError;
+  try {
+    const monkeyError = error as MonkeyError;
 
-  const monkeyResponse = new MonkeyResponse();
-  monkeyResponse.status = 500;
-  monkeyResponse.data = {
-    errorId: monkeyError.errorId ?? uuidv4(),
-    uid: monkeyError.uid ?? req.ctx?.decodedToken?.uid,
-  };
+    const monkeyResponse = new MonkeyResponse();
+    monkeyResponse.status = 500;
+    monkeyResponse.data = {
+      errorId: monkeyError.errorId ?? uuidv4(),
+      uid: monkeyError.uid ?? req.ctx?.decodedToken?.uid,
+    };
 
-  if (/ECONNREFUSED.*27017/i.test(error.message)) {
-    monkeyResponse.message =
-      "Could not connect to the database. It may be down.";
-  } else if (error instanceof URIError || error instanceof SyntaxError) {
-    monkeyResponse.status = 400;
-    monkeyResponse.message = "Unprocessable request";
-  } else if (error instanceof MonkeyError) {
-    monkeyResponse.message = error.message;
-    monkeyResponse.status = error.status;
-  } else {
-    monkeyResponse.message = `Oops! Our monkeys dropped their bananas. Please try again later. - ${monkeyResponse.data.errorId}`;
-  }
-
-  await incrementBadAuth(req, res, monkeyResponse.status);
-
-  if (process.env.MODE !== "dev" && monkeyResponse.status >= 500) {
-    const { uid, errorId } = monkeyResponse.data;
-
-    try {
-      await Logger.logToDb(
-        "system_error",
-        `${monkeyResponse.status} ${error.message} ${error.stack}`,
-        uid
-      );
-      await db.collection<any>("errors").insertOne({
-        _id: errorId,
-        timestamp: Date.now(),
-        status: monkeyResponse.status,
-        uid,
-        message: error.message,
-        stack: error.stack,
-        endpoint: req.originalUrl,
-      });
-    } catch (e) {
-      Logger.error("Logging to db failed.");
-      Logger.error(e);
+    if (/ECONNREFUSED.*27017/i.test(error.message)) {
+      monkeyResponse.message =
+        "Could not connect to the database. It may be down.";
+    } else if (error instanceof URIError || error instanceof SyntaxError) {
+      monkeyResponse.status = 400;
+      monkeyResponse.message = "Unprocessable request";
+    } else if (error instanceof MonkeyError) {
+      monkeyResponse.message = error.message;
+      monkeyResponse.status = error.status;
+    } else {
+      monkeyResponse.message = `Oops! Our monkeys dropped their bananas. Please try again later. - ${monkeyResponse.data.errorId}`;
     }
-  } else {
-    Logger.error(`Error: ${error.message} Stack: ${error.stack}`);
+
+    await incrementBadAuth(req, res, monkeyResponse.status);
+
+    if (process.env.MODE !== "dev" && monkeyResponse.status >= 500) {
+      const { uid, errorId } = monkeyResponse.data;
+
+      try {
+        await Logger.logToDb(
+          "system_error",
+          `${monkeyResponse.status} ${error.message} ${error.stack}`,
+          uid
+        );
+        await db.collection<any>("errors").insertOne({
+          _id: errorId,
+          timestamp: Date.now(),
+          status: monkeyResponse.status,
+          uid,
+          message: error.message,
+          stack: error.stack,
+          endpoint: req.originalUrl,
+        });
+      } catch (e) {
+        Logger.error("Logging to db failed.");
+        Logger.error(e);
+      }
+    } else {
+      Logger.error(`Error: ${error.message} Stack: ${error.stack}`);
+    }
+
+    return handleMonkeyResponse(monkeyResponse, res);
+  } catch (e) {
+    Logger.error("Error handling middleware failed.");
+    Logger.error(e);
   }
 
-  return handleMonkeyResponse(monkeyResponse, res);
+  return handleMonkeyResponse(
+    new MonkeyResponse(
+      "Something went really wrong, please contact support.",
+      undefined,
+      500
+    ),
+    res
+  );
 }
 
 export default errorHandlingMiddleware;
diff --git a/backend/src/middlewares/rate-limit.ts b/backend/src/middlewares/rate-limit.ts
index 0b4329192..43c8dedf9 100644
--- a/backend/src/middlewares/rate-limit.ts
+++ b/backend/src/middlewares/rate-limit.ts
@@ -1,3 +1,4 @@
+import _ from "lodash";
 import MonkeyError from "../utils/error";
 import { Response, NextFunction } from "express";
 import { RateLimiterMemory } from "rate-limiter-flexible";
@@ -55,7 +56,7 @@ export async function badAuthRateLimiterHandler(
   res: Response,
   next: NextFunction
 ): Promise<void> {
-  if (!req.ctx.configuration.rateLimiting.badAuthentication.enabled) {
+  if (!_.get(req, "ctx.configuration.rateLimiting.badAuthentication.enabled")) {
     return next();
   }
 
@@ -81,8 +82,11 @@ export async function incrementBadAuth(
   res: Response,
   status: number
 ): Promise<void> {
-  const { enabled, penalty, flaggedStatusCodes } =
-    req.ctx.configuration.rateLimiting.badAuthentication;
+  const { enabled, penalty, flaggedStatusCodes } = _.get(
+    req,
+    "ctx.configuration.rateLimiting.badAuthentication",
+    {}
+  );
 
   if (!enabled || !flaggedStatusCodes.includes(status)) {
     return;