X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/1aa4d0dc59fb118c6cf28fd71af366c1882da74b..refs/pull/2700/head:/app/Exceptions/Handler.php

diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php
index a979072e2..196897164 100644
--- a/app/Exceptions/Handler.php
+++ b/app/Exceptions/Handler.php
@@ -4,54 +4,67 @@ namespace BookStack\Exceptions;
 
 use Exception;
 use Illuminate\Auth\AuthenticationException;
+use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
+use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
-use Illuminate\Pipeline\Pipeline;
 use Illuminate\Validation\ValidationException;
-use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Symfony\Component\HttpKernel\Exception\HttpException;
-use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
-use Illuminate\Auth\Access\AuthorizationException;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 
 class Handler extends ExceptionHandler
 {
     /**
-     * A list of the exception types that should not be reported.
+     * A list of the exception types that are not reported.
      *
      * @var array
      */
     protected $dontReport = [
-        AuthorizationException::class,
-        HttpException::class,
-        ModelNotFoundException::class,
-        ValidationException::class,
+        NotFoundException::class,
+    ];
+
+    /**
+     * A list of the inputs that are never flashed for validation exceptions.
+     *
+     * @var array
+     */
+    protected $dontFlash = [
+        'password',
+        'password_confirmation',
     ];
 
     /**
      * Report or log an exception.
-     * This is a great spot to send exceptions to Sentry, Bugsnag, etc.
      *
-     * @param  \Exception $e
-     * @return mixed
+     * @param Exception $exception
+     * @return void
+     *
+     * @throws Exception
      */
-    public function report(Exception $e)
+    public function report(Exception $exception)
     {
-        return parent::report($e);
+        parent::report($exception);
     }
 
     /**
      * Render an exception into an HTTP response.
      *
      * @param  \Illuminate\Http\Request $request
-     * @param  \Exception $e
+     * @param Exception $e
      * @return \Illuminate\Http\Response
      */
     public function render($request, Exception $e)
     {
+        if ($this->isApiRequest($request)) {
+            return $this->renderApiException($e);
+        }
+
         // Handle notify exceptions which will redirect to the
         // specified location then show a notification message.
         if ($this->isExceptionType($e, NotifyException::class)) {
-            session()->flash('error', $this->getOriginalMessage($e));
+            $message = $this->getOriginalMessage($e);
+            if (!empty($message)) {
+                session()->flash('error', $message);
+            }
             return redirect($e->redirectLocation);
         }
 
@@ -65,49 +78,65 @@ class Handler extends ExceptionHandler
 
         // Handle 404 errors with a loaded session to enable showing user-specific information
         if ($this->isExceptionType($e, NotFoundHttpException::class)) {
-            return $this->loadErrorMiddleware($request, function ($request) use ($e) {
-                $message = $e->getMessage() ?: trans('errors.404_page_not_found');
-                return response()->view('errors/404', ['message' => $message], 404);
-            });
+            return \Route::respondWithRoute('fallback');
         }
 
         return parent::render($request, $e);
     }
 
     /**
-     * Load the middleware required to show state/session-enabled error pages.
-     * @param Request $request
-     * @param $callback
-     * @return mixed
+     * Check if the given request is an API request.
      */
-    protected function loadErrorMiddleware(Request $request, $callback)
+    protected function isApiRequest(Request $request): bool
     {
-        $middleware = (\Route::getMiddlewareGroups()['web_errors']);
-        return (new Pipeline($this->container))
-            ->send($request)
-            ->through($middleware)
-            ->then($callback);
+        return strpos($request->path(), 'api/') === 0;
+    }
+
+    /**
+     * Render an exception when the API is in use.
+     */
+    protected function renderApiException(Exception $e): JsonResponse
+    {
+        $code = $e->getCode() === 0 ? 500 : $e->getCode();
+        $headers = [];
+        if ($e instanceof HttpException) {
+            $code = $e->getStatusCode();
+            $headers = $e->getHeaders();
+        }
+
+        $responseData = [
+            'error' => [
+                'message' => $e->getMessage(),
+            ]
+        ];
+
+        if ($e instanceof ValidationException) {
+            $responseData['error']['validation'] = $e->errors();
+            $code = $e->status;
+        }
+
+        $responseData['error']['code'] = $code;
+        return new JsonResponse($responseData, $code, $headers);
     }
 
     /**
      * Check the exception chain to compare against the original exception type.
-     * @param Exception $e
-     * @param $type
-     * @return bool
      */
-    protected function isExceptionType(Exception $e, $type) {
+    protected function isExceptionType(Exception $e, string $type): bool
+    {
         do {
-            if (is_a($e, $type)) return true;
+            if (is_a($e, $type)) {
+                return true;
+            }
         } while ($e = $e->getPrevious());
         return false;
     }
 
     /**
      * Get original exception message.
-     * @param Exception $e
-     * @return string
      */
-    protected function getOriginalMessage(Exception $e) {
+    protected function getOriginalMessage(Exception $e): string
+    {
         do {
             $message = $e->getMessage();
         } while ($e = $e->getPrevious());