fix(core): update http error codes in authentication endpoints

core/api/src/domain/errors.ts

@@ -116,6 +116,9 @@ export class NoBtcWalletExistsForAccountError extends ValidationError {}
 export class InvalidQuizQuestionIdError extends ValidationError {}
 export class QuizClaimedTooEarlyError extends ValidationError {}
 export class MissingIPMetadataError extends ValidationError {}
+export class UndefiniedIPError extends ValidationError {
+  level = ErrorLevel.Critical
+}
 
 export class InvalidIpMetadataError extends ValidationError {
   level = ErrorLevel.Critical

core/api/src/graphql/error-map.ts

@@ -658,6 +658,7 @@ export const mapError = (error: ApplicationError): CustomGraphQLError => {
     case "PhoneCarrierTypeNotAllowedError":
     case "PhoneCountryNotAllowedError":
     case "MissingIPMetadataError":
+    case "UndefiniedIPError":
     case "UnauthorizedIPMetadataASNError":
     case "InvalidAccountStatusError":
     case "InvalidOnChainAddress":

core/api/src/servers/authentication/index.ts

@@ -10,12 +10,14 @@ import { registerCaptchaGeetest } from "@/app/captcha"
 
 import { UNSECURE_IP_FROM_REQUEST_OBJECT } from "@/config"
 
+import { ErrorLevel } from "@/domain/shared"
 import { parseIps } from "@/domain/accounts-ips"
 import { checkedToEmailCode, validOneTimeAuthCodeValue } from "@/domain/authentication"
 import {
   EmailCodeInvalidError,
   EmailValidationSubmittedTooOftenError,
 } from "@/domain/authentication/errors"
+import { UndefiniedIPError } from "@/domain/errors"
 import { UserLoginIpRateLimiterExceededError } from "@/domain/rate-limit/errors"
 import { parseErrorMessageFromUnknown } from "@/domain/shared"
 import { checkedToEmailAddress, checkedToPhoneNumber } from "@/domain/users"
@@ -41,16 +43,16 @@ authRouter.use((req: Request, res: Response, next: NextFunction) => {
   const ipString = UNSECURE_IP_FROM_REQUEST_OBJECT ? req.ip : req.headers["x-real-ip"]
   const ip = parseIps(ipString)
   if (!ip) {
-    recordExceptionInCurrentSpan({ error: "IP is not defined" })
-    return res.status(500).send({ error: "IP is not defined" })
+    recordExceptionInCurrentSpan({ error: new UndefiniedIPError() })
+    return res.status(400).send({ error: "IP is not defined" })
   }
   req["originalIp"] = ip as IpAddress
 
   next()
 })
 
 authRouter.use((req: Request, res: Response, next: NextFunction) => {
-  const routeName = req?.url || "unknownRoute" // Extract route from request, fallback to 'unknownRoute'
+  const routeName = req?.url || "unknownRoute"
   const spanName = `servers.authRouter.${routeName}`
 
   const span = tracer.startSpan(spanName)
@@ -95,14 +97,14 @@ authRouter.post("/create/device-account", async (req: Request, res: Response) =>
     })
     if (authToken instanceof Error) {
       recordExceptionInCurrentSpan({ error: authToken })
-      return res.status(500).send({ error: authToken.message })
+      return res.status(401).send({ error: authToken.message })
     }
     addAttributesToCurrentSpan({ "login.deviceAccount": deviceId })
     return res.status(200).send({
       result: authToken,
     })
   } catch (err) {
-    recordExceptionInCurrentSpan({ error: err })
+    recordExceptionInCurrentSpan({ error: err, level: ErrorLevel.Critical })
     return res.status(500).send({ error: parseErrorMessageFromUnknown(err) })
   }
 })
@@ -127,14 +129,14 @@ authRouter.post("/email/code", async (req: Request, res: Response) => {
     const emailLoginId = await Authentication.requestEmailCode({ email, ip })
     if (emailLoginId instanceof Error) {
       recordExceptionInCurrentSpan({ error: emailLoginId.message })
-      return res.status(500).send({ error: emailLoginId.message })
+      return res.status(400).send({ error: emailLoginId.message })
     }
     return res.status(200).send({
       result: emailLoginId,
     })
   } catch (err) {
-    recordExceptionInCurrentSpan({ error: err })
-    return res.status(500).send({ error: err })
+    recordExceptionInCurrentSpan({ error: err, level: ErrorLevel.Critical })
+    return res.status(500).send({ error: parseErrorMessageFromUnknown(err) })
   }
 })
 
@@ -180,14 +182,14 @@ authRouter.post("/email/login", async (req: Request, res: Response) => {
     }
     if (result instanceof Error) {
       recordExceptionInCurrentSpan({ error: result })
-      return res.status(500).send({ error: result.message })
+      return res.status(400).send({ error: result.message })
     }
     const { authToken, totpRequired, id } = result
     return res.status(200).send({
       result: { authToken, totpRequired, id },
     })
   } catch (err) {
-    recordExceptionInCurrentSpan({ error: err })
+    recordExceptionInCurrentSpan({ error: err, level: ErrorLevel.Critical })
     return res.status(500).send({ error: parseErrorMessageFromUnknown(err) })
   }
 })
@@ -233,19 +235,21 @@ authRouter.post("/totp/validate", async (req: Request, res: Response) => {
     }
     if (result instanceof Error) {
       recordExceptionInCurrentSpan({ error: result })
-      return res.status(500).send({ error: result.message })
+      return res.status(400).send({ error: result.message })
     }
     return res.status(200).send()
   } catch (err) {
-    recordExceptionInCurrentSpan({ error: err })
+    recordExceptionInCurrentSpan({ error: err, level: ErrorLevel.Critical })
     return res.status(500).send({ error: parseErrorMessageFromUnknown(err) })
   }
 })
 
 authRouter.post("/phone/captcha", async (req: Request, res: Response) => {
   const result = await registerCaptchaGeetest()
-  if (result instanceof Error)
+  if (result instanceof Error) {
+    recordExceptionInCurrentSpan({ error: result, level: ErrorLevel.Critical })
     return res.status(500).json({ error: "error creating challenge" })
+  }
 
   const { success, gt, challenge, newCaptcha } = result
 
@@ -361,7 +365,7 @@ authRouter.post("/phone/login", async (req: Request, res: Response) => {
     ip,
   })
   if (loginResp instanceof Error) {
-    return res.status(500).send({ error: mapError(loginResp).message })
+    return res.status(401).send({ error: mapError(loginResp).message })
   }
 
   const { authToken, totpRequired, id } = loginResp