fix: sanitize upstream errors in dashboard/leaderboard and stop frontend 503 double-reporting

julianknutsen · claude · julianknutsen · commit b136ac26bc81 · 2026-03-06T09:24:53.000+01:00
handleDashboard and handleLeaderboard were returning raw DoltHub error
details as 500s — leaking SQL queries and not triggering re-auth for
expired tokens. Now uses writeUpstreamError() to classify: auth failures
→ 401, upstream outages → 503 with sanitized message.

Frontend no longer captures 503s to Sentry since they are intentional
"upstream unavailable" responses already captured server-side.

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/internal/api/handlers.go b/internal/api/handlers.go
@@ -143,7 +143,7 @@ func (s *Server) handleDashboard(w http.ResponseWriter, r *http.Request) {
 	}
 	data, err := client.Dashboard()
 	if err != nil {
-		writeError(w, http.StatusInternalServerError, err.Error())
+		writeUpstreamError(w, err, "dashboard")
 		return
 	}
 	writeJSON(w, http.StatusOK, toDashboardResponse(data))
@@ -157,7 +157,7 @@ func (s *Server) handleLeaderboard(w http.ResponseWriter, r *http.Request) {
 	limit := parseIntParam(r, "limit", 20)
 	entries, err := client.Leaderboard(limit)
 	if err != nil {
-		writeError(w, http.StatusInternalServerError, err.Error())
+		writeUpstreamError(w, err, "leaderboard")
 		return
 	}
 	writeJSON(w, http.StatusOK, toLeaderboardResponse(entries))
@@ -227,6 +227,21 @@ func (s *Server) invalidateAllCaches() {
 	s.detailCache.Invalidate()
 }
 
+// writeUpstreamError classifies DoltHub errors and writes an appropriate response:
+//   - "invalid authorization" → 401 (triggers frontend re-auth)
+//   - other upstream errors → 503 with sanitized message + Sentry capture
+func writeUpstreamError(w http.ResponseWriter, err error, label string) {
+	msg := err.Error()
+	if strings.Contains(msg, "invalid authorization") {
+		writeError(w, http.StatusUnauthorized, "DoltHub credentials expired — please reconnect.")
+		return
+	}
+	slog.Error(label+" failed", "error", err)
+	sentry.CaptureException(err)
+	writeError(w, http.StatusServiceUnavailable,
+		"Upstream database is temporarily unavailable — please try again in a moment.")
+}
+
 // writeMutationError writes a 409 for ConflictError, 400 for everything else.
 func writeMutationError(w http.ResponseWriter, err error) {
 	var conflict *commons.ConflictError
diff --git a/web/src/api/client.ts b/web/src/api/client.ts
@@ -125,7 +125,7 @@ async function request<T>(path: string, init?: RequestInit): Promise<T> {
   }
   if (!resp.ok) {
     const err = new ApiError(resp.status, (body as ErrorResponse).error || resp.statusText);
-    if (resp.status >= 500) {
+    if (resp.status >= 500 && resp.status !== 503) {
       Sentry.captureException(err);
     }
     throw err;

Original file line number	Diff line number	Diff line change
`@@ -125,7 +125,7 @@ async function request<T>(path: string, init?: RequestInit): Promise<T> {`
`125`	`125`	`}`
`126`	`126`	`if (!resp.ok) {`
`127`	`127`	`const err = new ApiError(resp.status, (body as ErrorResponse).error \|\| resp.statusText);`
`128`		`- if (resp.status >= 500) {`
	`128`	`+ if (resp.status >= 500 && resp.status !== 503) {`
`129`	`129`	`Sentry.captureException(err);`
`130`	`130`	`}`
`131`	`131`	`throw err;`