diff --git a/.changeset/blue-mice-prove.md b/.changeset/blue-mice-prove.md new file mode 100644 index 00000000000..aebb604c1bd --- /dev/null +++ b/.changeset/blue-mice-prove.md @@ -0,0 +1,5 @@ +--- +"@thirdweb-dev/service-utils": patch +--- + +Better error messages for 403 responses diff --git a/packages/service-utils/src/core/authorize/service.test.ts b/packages/service-utils/src/core/authorize/service.test.ts index 01d725e7d51..092c5e9a8d7 100644 --- a/packages/service-utils/src/core/authorize/service.test.ts +++ b/packages/service-utils/src/core/authorize/service.test.ts @@ -31,8 +31,8 @@ describe("authorizeService", () => { // biome-ignore lint/suspicious/noExplicitAny: test only ) as any; expect(result.authorized).toBe(false); - expect(result.errorMessage).toBe( - "Invalid request: Unauthorized service: nebula. You can view the restrictions for this team in your dashboard: https://thirdweb.com", + expect(result.errorMessage).toContain( + "Invalid request: Unauthorized service: nebula", ); expect(result.errorCode).toBe("SERVICE_UNAUTHORIZED"); expect(result.status).toBe(403); @@ -52,8 +52,8 @@ describe("authorizeService", () => { // biome-ignore lint/suspicious/noExplicitAny: test only ) as any; expect(result.authorized).toBe(false); - expect(result.errorMessage).toBe( - "Invalid request: Unauthorized action: storage unauthorized-action. You can view the restrictions on this API key in your dashboard: https://thirdweb.com/create-api-key", + expect(result.errorMessage).toContain( + "Invalid request: Unauthorized action: storage unauthorized-action", ); expect(result.errorCode).toBe("SERVICE_ACTION_UNAUTHORIZED"); expect(result.status).toBe(403); diff --git a/packages/service-utils/src/core/authorize/service.ts b/packages/service-utils/src/core/authorize/service.ts index 6f2265e70a2..8bd686ce75f 100644 --- a/packages/service-utils/src/core/authorize/service.ts +++ b/packages/service-utils/src/core/authorize/service.ts @@ -19,7 +19,7 @@ export function authorizeService( if (!team.enabledScopes.includes(serviceConfig.serviceScope)) { return { authorized: false, - errorMessage: `Invalid request: Unauthorized service: ${serviceConfig.serviceScope}. You can view the restrictions for this team in your dashboard: https://thirdweb.com`, + errorMessage: `Invalid request: Unauthorized service: ${serviceConfig.serviceScope} for team: ${team.name} (${team.id}). You can view the restrictions for this team in your dashboard: https://thirdweb.com`, errorCode: "SERVICE_UNAUTHORIZED", status: 403, }; @@ -42,7 +42,7 @@ export function authorizeService( if (!service) { return { authorized: false, - errorMessage: `Invalid request: Unauthorized service: ${serviceConfig.serviceScope}. You can view the restrictions on this project in your dashboard: https://thirdweb.com`, + errorMessage: `Invalid request: Unauthorized service: ${serviceConfig.serviceScope} for project: ${project.name} (${project.publishableKey}). You can view the restrictions on this project in your dashboard: https://thirdweb.com`, errorCode: "SERVICE_UNAUTHORIZED", status: 403, }; @@ -56,7 +56,7 @@ export function authorizeService( if (!isActionAllowed) { return { authorized: false, - errorMessage: `Invalid request: Unauthorized action: ${serviceConfig.serviceScope} ${serviceConfig.serviceAction}. You can view the restrictions on this API key in your dashboard: https://thirdweb.com/create-api-key`, + errorMessage: `Invalid request: Unauthorized action: ${serviceConfig.serviceScope} ${serviceConfig.serviceAction} for project: ${project.name} (${project.publishableKey}). You can view the restrictions on this API key in your dashboard: https://thirdweb.com/create-api-key`, errorCode: "SERVICE_ACTION_UNAUTHORIZED", status: 403, };