fix: detailed error messages leak into production responses (#713)

* fix: detailed error messages leak into production responses * fix: typo in env util
postlight · Jun 18, 2017 · 0f406b5 · 0f406b5
1 parent 2327c13
commit 0f406b5
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 1 deletion.
diff --git a/src/packages/server/responder/test/responder.test.js b/src/packages/server/responder/test/responder.test.js
@@ -9,6 +9,7 @@ import { createRequest } from '../../request';
 import { createResponse } from '../../response';
 import { createResponder } from '../index';
 
+import setEnv from '../../../../../test/utils/set-env';
 import { getTestApp } from '../../../../../test/utils/get-test-app';
 
 const DOMAIN = 'http://localhost:4100';
@@ -198,6 +199,14 @@ describe('module "server/responder"', () => {
       });
 
       describe('- responding with an error', () => {
+        beforeEach(() => {
+          setEnv('development');
+        });
+
+        afterEach(() => {
+          setEnv('test');
+        });
+
         it('works with vanilla errors', async () => {
           const result = await test((req, res) => {
             const respond = createResponder(req, res);

diff --git a/src/packages/server/responder/utils/data-for.js b/src/packages/server/responder/utils/data-for.js
@@ -1,6 +1,7 @@
 // @flow
 import { VERSION } from '../../../jsonapi';
 import { STATUS_CODES } from '../../constants';
+import * as env from '../../../../utils/env';
 import type { JSONAPI$Document, JSONAPI$ErrorObject } from '../../../jsonapi'; // eslint-disable-line max-len, no-duplicate-imports
 
 /**
@@ -23,7 +24,7 @@ export default function dataFor(
     errData.title = title;
   }
 
-  if (err) {
+  if (err && env.isDevelopment()) {
     errData.detail = err.message;
   }
 

diff --git a/src/utils/env.js b/src/utils/env.js
@@ -0,0 +1,7 @@
+/* @flow */
+
+const isEnv = value => () => process.env.NODE_ENV === value;
+
+export const isDevelopment: () => boolean = isEnv('development');
+export const isProduction: () => boolean = isEnv('production');
+export const isTest: () => boolean = isEnv('test');
diff --git a/src/utils/test/env.test.js b/src/utils/test/env.test.js
@@ -0,0 +1,25 @@
+/* @flow */
+
+import { expect } from 'chai';
+import { afterEach, test } from 'mocha';
+
+import * as env from '../env';
+import setEnv from '../../../test/utils/set-env';
+
+afterEach(() => {
+  setEnv('test');
+});
+
+test('isDevelopment()', () => {
+  setEnv('development');
+  expect(env.isDevelopment()).to.be.true;
+});
+
+test('isProduction()', () => {
+  setEnv('production');
+  expect(env.isProduction()).to.be.true;
+});
+
+test('isTest()', () => {
+  expect(env.isTest()).to.be.true;
+});
diff --git a/test/utils/set-env.js b/test/utils/set-env.js
@@ -0,0 +1,9 @@
+/* @flow */
+
+type Environment = 'development'
+                 | 'production'
+                 | 'test';
+
+export default function setEnv(value: Environment): void {
+  global.process.env.NODE_ENV = value;
+}