🐛 Fixed label mutation errors being silently swallowed in the label picker (#28510)

fixes https://linear.app/ghost/issue/BER-3493/label-createedit-mutation-errors-are-silently-swallowed

- label create, edit and delete failures in the posts label picker gave no
  feedback: the client-side duplicate check only saw locally-loaded labels,
  rejections were silently swallowed, and renaming a label to an existing
  name returned an unhandled 500 instead of a validation error
- the API is now the single source of truth for label name validation:
  unique constraint violations map to a 422 on both add and edit
- error toasts never rendered in any shade-based admin app (Posts, members,
  Analytics) because the global error handler only emitted to the toast
  outlet mounted in Settings; it now routes each toast to whichever outlet
  the current screen has mounted, showing exactly one even when both exist
- the picker maps API outcomes to user intent: edit failures render inline,
  creating a name that already exists adopts and selects the existing
  label, and deleting an already-gone label counts as deleted
- review hardening: creation now selects the label against live selection
  state so a concurrent create cannot deselect it, and stays disabled until
  the duplicate-adoption lookup settles; adoption keys on the 422 status so
  permission errors surface instead of masquerading as success; NQL string
  escaping no longer doubles backslashes (NQL has no \\ escape) and is
  consolidated into one shared escapeNqlString helper; useFetchApi returns
  a stable callback

Author: rob-ghost

apps/admin-x-design-system/src/providers/design-system-provider.tsx

@@ -45,7 +45,7 @@ const DesignSystemProvider: React.FC<DesignSystemProviderProps> = ({fetchKoenigL
     return (
         <DesignSystemContext.Provider value={{isAnyTextFieldFocused, setFocusState, fetchKoenigLexical, darkMode}}>
             <GlobalDirtyStateProvider>
-                <Toaster />
+                <Toaster containerClassName="toast-outlet-react-hot-toast" />
                 <NiceModal.Provider>
                     {children}
                 </NiceModal.Provider>

apps/admin-x-framework/package.json

@@ -41,6 +41,11 @@
             "require": "./dist/utils/post-utils.cjs",
             "types": "./types/utils/post-utils.d.ts"
         },
+        "./utils/nql": {
+            "import": "./dist/utils/nql.js",
+            "require": "./dist/utils/nql.cjs",
+            "types": "./types/utils/nql.d.ts"
+        },
         "./vite": {
             "import": "./dist/vite.js",
             "require": "./dist/vite.cjs",
@@ -107,6 +112,7 @@
         "react": "catalog:",
         "react-dom": "catalog:",
         "react-hot-toast": "catalog:",
+        "sonner": "catalog:",
         "react-router": "catalog:"
     },
     "peerDependencies": {

apps/admin-x-framework/src/api/labels.ts

@@ -1,5 +1,9 @@
 import {InfiniteData} from '@tanstack/react-query';
 import {Meta, createInfiniteQuery, createMutation, createQuery, createQueryWithId} from '../utils/api/hooks';
+import {apiUrl, useFetchApi} from '../utils/api/fetch-api';
+import {escapeNqlString} from '../utils/nql';
+import {useCallback} from 'react';
+import {useQueryClient} from '@tanstack/react-query';
 
 export type Label = {
     id: string;
@@ -61,6 +65,23 @@ export const useCreateLabel = createMutation<LabelsResponseType, Pick<Label, 'na
     }
 });
 
+export const useFindLabelByName = () => {
+    const fetchApi = useFetchApi();
+
+    return useCallback(async (name: string): Promise<Label | undefined> => {
+        const data = await fetchApi<LabelsResponseType>(apiUrl('/labels/', {filter: `name:${escapeNqlString(name)}`, limit: '1'}));
+        return data.labels?.[0];
+    }, [fetchApi]);
+};
+
+export const useInvalidateLabels = () => {
+    const queryClient = useQueryClient();
+
+    return useCallback(() => {
+        queryClient.invalidateQueries([dataType]);
+    }, [queryClient]);
+};
+
 export const useEditLabel = createMutation<LabelsResponseType, Pick<Label, 'id' | 'name'>>({
     method: 'PUT',
     path: label => `/labels/${label.id}/`,

apps/admin-x-framework/src/hooks/use-filterable-api.ts

@@ -1,6 +1,7 @@
 import {useRef} from 'react';
 import {apiUrl, useFetchApi} from '../utils/api/fetch-api';
 import {Meta} from '../utils/api/hooks';
+import {escapeNqlString} from '../utils/nql';
 
 const filterData = <
     Data extends {[k in FilterKey]: string},
@@ -12,10 +13,6 @@ const filterData = <
     return data.filter(item => item[filterKey]?.toLowerCase().includes(input.toLowerCase()));
 };
 
-const escapeNqlString = (value: string) => {
-    return '\'' + value.replace(/'/g, '\\\'') + '\'';
-};
-
 const useFilterableApi = <
     Data extends {id: string} & {[k in FilterKey]: string} & {[k: string]: unknown},
     ResponseKey extends string = string,

apps/admin-x-framework/src/hooks/use-handle-error.ts

@@ -1,9 +1,32 @@
 import * as Sentry from '@sentry/react';
 import {showToast} from '@tryghost/admin-x-design-system';
+import {toast as sonnerToast} from 'sonner';
 import {useCallback} from 'react';
 import toast from 'react-hot-toast';
 import {useFramework} from '../providers/framework-provider';
-import {APIError, ValidationError} from '../utils/errors';
+import {APIError, getErrorMessage} from '../utils/errors';
+
+// Stale toasts can cover UI and block clicks, especially in tests
+function dismissToasts() {
+    toast.remove();
+    sonnerToast.dismiss();
+}
+
+// There are two toast outlets: admin-x-design-system's DesignSystemProvider
+// renders react-hot-toast (marked with this class), shade's ShadeProvider
+// renders sonner - and the React shell can mount both at once. The marker's
+// presence in the DOM picks the library to emit to.
+function showErrorToast(message: React.ReactNode) {
+    dismissToasts();
+    if (document.querySelector('.toast-outlet-react-hot-toast')) {
+        showToast({
+            message,
+            type: 'error'
+        });
+    } else {
+        sonnerToast.error(message);
+    }
+}
 
 /**
  * Generic error handling for API calls. This is enabled by default for queries (can be disabled by
@@ -38,26 +61,15 @@ const useHandleError = () => {
             return;
         }
 
-        toast.remove();
-
         if (error instanceof APIError && error.response?.status === 418) {
             // We use this status in tests to indicate the API request was not mocked -
-            // don't show a toast because it may block clicking things in the test
-        } else if (error instanceof ValidationError && error.data?.errors[0]) {
-            showToast({
-                message: error.data.errors[0].context || error.data.errors[0].message,
-                type: 'error'
-            });
+            // don't show a toast because it may block clicking things in the test,
+            // but still clear lingering toasts that would block clicks the same way
+            dismissToasts();
         } else if (error instanceof APIError) {
-            showToast({
-                message: error.message,
-                type: 'error'
-            });
+            showErrorToast(getErrorMessage(error, error.message));
         } else {
-            showToast({
-                message: 'Something went wrong, please try again.',
-                type: 'error'
-            });
+            showErrorToast('Something went wrong, please try again.');
         }
     }, [sentryDSN]);
 

apps/admin-x-framework/src/utils/api/fetch-api.ts

@@ -1,4 +1,5 @@
 import * as Sentry from '@sentry/react';
+import {useCallback} from 'react';
 import {useFramework} from '../../providers/framework-provider';
 import {APIError, MaintenanceError, ServerUnreachableError, TimeoutError} from '../errors';
 import {getGhostPaths} from '../helpers';
@@ -120,8 +121,9 @@ const fetchWithXhr = (
 export const useFetchApi = () => {
     const {ghostVersion, sentryDSN} = useFramework();
 
+    // Memoized so hooks that depend on fetchApi can cache
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    return async <ResponseData = any>(
+    return useCallback(async <ResponseData = any>(
         endpoint: string | URL,
         {
             method = 'GET',
@@ -222,7 +224,7 @@ export const useFetchApi = () => {
         // this can't happen, but TS isn't smart enough to undeerstand that the loop will never exit without an error or return
         // because of retry + attempts usage combination
         return undefined as never;
-    };
+    }, [ghostVersion, sentryDSN]);
 };
 
 const {apiRoot, activityPubRoot} = getGhostPaths();

apps/admin-x-framework/src/utils/errors.ts

@@ -110,6 +110,16 @@ export class ValidationError extends JSONError {
 
 export const errorsWithMessage = [ValidationError, ThemeValidationError, HostLimitError, EmailError];
 
+// The API error serializer puts the human-readable text in `context`;
+// `message` is only a generic summary
+export function getErrorMessage(error: unknown, fallback: string): string {
+    if (error instanceof ValidationError && error.data?.errors[0]) {
+        return error.data.errors[0].context || error.data.errors[0].message;
+    }
+
+    return fallback;
+}
+
 // Frontend errors
 
 export class AlreadyExistsError extends Error {

apps/admin-x-framework/src/utils/nql.ts

@@ -0,0 +1,9 @@
+// NQL's only escape sequences are \' and \" - there is no \\, so a backslash
+// is a literal character and doubling it would query a different value.
+// Escaping just quotes is still injection-safe: because \\ is never an escape
+// pair, the backslash emitted before a quote always parses as the \' escape,
+// so no input (including trailing or adjacent backslashes) can turn an
+// escaped quote back into a string terminator.
+export function escapeNqlString(value: string): string {
+    return `'${value.replace(/'/g, '\\\'')}'`;
+}

apps/admin-x-framework/test/unit/api/labels.test.tsx

@@ -0,0 +1,138 @@
+import {act} from '@testing-library/react';
+import {beforeEach, describe, expect, it, vi} from 'vitest';
+import {ValidationError} from '../../../src/utils/errors';
+import {renderHookWithProviders} from '../../../src/test/test-utils';
+import {useCreateLabel, useEditLabel, useFindLabelByName} from '../../../src/api/labels';
+import {withMockFetch} from '../../utils/mock-fetch';
+
+const {mockShowToast, mockSonnerError} = vi.hoisted(() => ({
+    mockShowToast: vi.fn(),
+    mockSonnerError: vi.fn()
+}));
+
+vi.mock('@tryghost/admin-x-design-system', async (importOriginal) => {
+    const original = await importOriginal<typeof import('@tryghost/admin-x-design-system')>();
+    return {...original, showToast: mockShowToast};
+});
+
+vi.mock('sonner', () => ({
+    toast: {
+        error: mockSonnerError,
+        dismiss: vi.fn()
+    }
+}));
+
+const duplicateLabelResponse = {
+    errors: [{
+        code: 'VALIDATION',
+        context: 'Label already exists',
+        details: null,
+        ghostErrorCode: null,
+        help: null,
+        id: 'label-error-id',
+        message: 'Validation error, cannot save label.',
+        property: null,
+        type: 'ValidationError'
+    }]
+};
+
+const existingLabel = {
+    id: 'label-1',
+    name: 'Existing label',
+    slug: 'existing-label',
+    created_at: '',
+    updated_at: ''
+};
+
+const mockErrorFetch = {
+    json: duplicateLabelResponse,
+    headers: {'content-type': 'application/json'},
+    ok: false,
+    status: 422
+};
+
+describe('labels api', () => {
+    beforeEach(() => {
+        vi.clearAllMocks();
+    });
+
+    it('rejects duplicate creates without reporting - the picker owns recovery', async () => {
+        await withMockFetch(mockErrorFetch, async () => {
+            const {result} = renderHookWithProviders(() => useCreateLabel());
+
+            await act(async () => {
+                await expect(result.current.mutateAsync({name: 'Existing label'})).rejects.toBeInstanceOf(ValidationError);
+            });
+
+            expect(mockShowToast).not.toHaveBeenCalled();
+            expect(mockSonnerError).not.toHaveBeenCalled();
+        });
+    });
+
+    it('finds a label by name', async () => {
+        await withMockFetch({
+            json: {labels: [existingLabel]},
+            headers: {'content-type': 'application/json'},
+            ok: true,
+            status: 200
+        }, async (mock) => {
+            const {result} = renderHookWithProviders(() => useFindLabelByName());
+
+            await act(async () => {
+                await expect(result.current(`O'Existing label`)).resolves.toEqual(existingLabel);
+            });
+
+            const url = new URL(mock.calls[0][0] as string);
+            expect(url.searchParams.get('filter')).toBe(String.raw`name:'O\'Existing label'`);
+            expect(url.searchParams.get('limit')).toBe('1');
+        });
+    });
+
+    it('does not escape backslashes in the lookup filter', async () => {
+        await withMockFetch({
+            json: {labels: []},
+            headers: {'content-type': 'application/json'},
+            ok: true,
+            status: 200
+        }, async (mock) => {
+            const {result} = renderHookWithProviders(() => useFindLabelByName());
+
+            await act(async () => {
+                await result.current('trailing\\');
+            });
+
+            // NQL keeps lone backslashes literal and only unescapes \' and \",
+            // so a doubled backslash would query a two-backslash name
+            const url = new URL(mock.calls[0][0] as string);
+            expect(url.searchParams.get('filter')).toBe(String.raw`name:'trailing\'`);
+        });
+    });
+
+    it('resolves undefined when no label matches the name', async () => {
+        await withMockFetch({
+            json: {labels: []},
+            headers: {'content-type': 'application/json'},
+            ok: true,
+            status: 200
+        }, async () => {
+            const {result} = renderHookWithProviders(() => useFindLabelByName());
+
+            await act(async () => {
+                await expect(result.current('Missing label')).resolves.toBeUndefined();
+            });
+        });
+    });
+
+    it('rejects duplicate edits without reporting - the edit row surfaces them', async () => {
+        await withMockFetch(mockErrorFetch, async () => {
+            const {result} = renderHookWithProviders(() => useEditLabel());
+
+            await act(async () => {
+                await expect(result.current.mutateAsync({id: 'label-1', name: 'Existing label'})).rejects.toBeInstanceOf(ValidationError);
+            });
+
+            expect(mockShowToast).not.toHaveBeenCalled();
+            expect(mockSonnerError).not.toHaveBeenCalled();
+        });
+    });
+});