Return GoCardless rate limit information on error

[matt-fidd]

Unfortunately we can only get this information from the error object from the nordigen-node package. This just adds a little more info to the error sent to the client.

Complimentary PR: actualbudget/actual#3895

[coderabbitai]

Walkthrough

The changes in this pull request focus on enhancing the error handling logic within the /transactions endpoint of the GoCardless application. A new code block has been introduced to extract rate limit headers from error responses, specifically filtering for headers that begin with http_x_ratelimit. This extracted data is incorporated into the error response sent to clients. The sendErrorResponse function has been updated to include these rateLimitHeaders in the response object, which is triggered under various error conditions. While the switch statement handling different error types remains unchanged, the inclusion of rate limit headers provides additional context in error situations related to rate limits. Overall, the modifications improve the error reporting mechanism without altering the core logic of the existing error handling.

Suggested labels

:sparkles: Merged

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)

src/app-gocardless/app-gocardless.js (2)

204-210: Add type checking and documentation for rate limit headers.

The header extraction logic is good, but could be more robust with additional safeguards.

Consider these improvements:

-      const headers = error.details?.response?.headers ?? {};
+      // Extract rate limit headers from the error response
+      const headers = error.details?.response?.headers;
+      if (typeof headers !== 'object' || headers === null) {
+        headers = {};
+      }

       const rateLimitHeaders = Object.fromEntries(
         Object.entries(headers).filter(([key]) =>
-          key.startsWith('http_x_ratelimit'),
+          key.toLowerCase().startsWith('http_x_ratelimit'),
         ),
       );

---

212-216: Consider selective inclusion of rate limit headers.

Currently, rate limit headers are included in all error responses, even for non-rate-limit related errors. This might lead to unnecessary response payload size.

Consider including rate limit headers only for rate limit related errors:

       const sendErrorResponse = (data) =>
         res.send({
           status: 'ok',
-          data: { ...data, details: error.details, rateLimitHeaders },
+          data: {
+            ...data,
+            details: error.details,
+            ...(data.error_type === 'RATE_LIMIT_EXCEEDED' && { rateLimitHeaders }),
+          },
         });

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 69a04a5 and 3aec8bd.

⛔ Files ignored due to path filters (1)

• upcoming-release-notes/509.md is excluded by !**/*.md

📒 Files selected for processing (1)

• src/app-gocardless/app-gocardless.js (1 hunks)

🔇 Additional comments (1)

src/app-gocardless/app-gocardless.js (1)

204-216: Verify the impact on error logging.

The changes add new fields to error responses. Let's verify the logging impact and ensure sensitive information isn't exposed.

✅ Verification successful

Let me analyze the error logging impact further by checking the error handling structure and response format.

---

Error logging changes are safe and well-structured

The changes to include rate limit headers in error responses follow existing patterns and maintain security:

• Error responses have a consistent structure with typed errors (error_type, error_code)
• Rate limit headers are extracted only from response headers, not containing sensitive data
• Error logging uses inspect() with proper error handling across different error types
• The exposed error.details is already part of the existing error response pattern

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for potential sensitive information in error logging

# Look for console.log statements with error objects
rg -A 5 "console\.log.*error" 

# Check for any existing rate limit header logging
rg -i "ratelimit|rate.?limit" 

Length of output: 4331

---

Script:

#!/bin/bash
# Check error response structure and handling
ast-grep --pattern 'sendErrorResponse({
  $$$
})'

# Check error details structure
ast-grep --pattern 'error.details'

# Inspect the inspect utility usage
rg -B 2 -A 2 "inspect\(.*error"

Length of output: 3978