Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add note on default responses if extraction fails #1168

Closed
wants to merge 1 commit into from
Closed

Add note on default responses if extraction fails #1168

wants to merge 1 commit into from

Conversation

simon-amadeus
Copy link
Contributor

@simon-amadeus simon-amadeus commented Jul 15, 2022
edited

Motivation

The default error response for failed extractions may expose internal details, such as library paths.
This may expose internal details through a public interface without notice.

Edit: See this discussion to have more context.

Solution

Add note in the documentation about default response behavior, if extraction fails.

Fixes #1167

@simon-amadeus
Add note on default responses if extraction fails
ca5eaea 
This is useful in case one does not want to expose internal error
messages through the interface.

Fixes tokio-rs#1167
@davidpdrsn
Copy link
Member

Maybe it's more appropriate to mention here. wdyt?

@davidpdrsn davidpdrsn added A-axum T-docs Topic: documentation labels Jul 15, 2022
@simon-amadeus
Copy link
Contributor Author

Yes, I thought about it. Default behavior is sort-of mentioned here but I though one might skip reading this section if not interested in customizing responses.

Actually I digged a bit deeper into how default rejections are implemented and I saw, that library internals are only exposed when extracting query parameters.

impl std::fmt::Display for FailedToDeserializeQueryString {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        write!(
            f,
            "Failed to deserialize query string. Expected something of type `{}`. Error: {}",
            self.type_name, self.error,
        )
    }
}

For comparison, the default json response does not expose such details, even if a field is missing. It simply names the field in the response body:

Example of Json response:
Failed to deserialize the JSON body into the target type: missing field 'has_accepted_terms' at line 4 column 1

Example Query response:
Failed to deserialize query string. Expected something of type 'registration_service::routes::registrations::RequestParams'. Error: missing field 'email'

Just to avoid misunderstandings:
You really think it is necessary to include self.type_name in the error message?

@davidpdrsn
Copy link
Member

Yes, I thought about it. Default behavior is sort-of mentioned here but I though one might skip reading this section if not interested in customizing responses.

My experience is that people don't read the docs anyway and putting everything on the front page is a slippery slope 😛

You really think it is necessary to include self.type_name in the error message?

Ah you're right. Yeah we should probably remove the type name from Query's rejection. Wanna make a PR for that?

@simon-amadeus
Copy link
Contributor Author

Closing as this has been resolved by #1171

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
A-axum T-docs Topic: documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add documentation on default rejection behavior if extraction fails
2 participants
@simon-amadeus @davidpdrsn