Merge pull request #251 from awinogrodzki/fix/249-merge-stack-trace-i…

…n-token-verifier

fix(#249): merge error stack trace in token verifier to improve visibility on fetch errors

src/auth/error.ts

@@ -32,7 +32,29 @@ function getErrorMessage(code: AuthErrorCode, customMessage?: string) {
   return `${AuthErrorMessages[code]}: ${customMessage}`;
 }
 
+function mergeStackTraceAndCause(target: Error, original: unknown) {
+  const originalError = original as Error | undefined;
+  const originalErrorStack =
+    typeof originalError?.stack === 'string' ? originalError.stack : '';
+  const originalCause =
+    typeof originalError?.cause === 'string' ? originalError.cause : '';
+
+  target.stack = originalErrorStack + (target?.stack ?? '');
+  target.cause = originalCause + (target?.cause ?? '');
+}
+
 export class AuthError extends Error {
+  public static fromError(
+    error: unknown,
+    code: AuthErrorCode,
+    customMessage?: string
+  ) {
+    const authError = new AuthError(code, customMessage);
+
+    mergeStackTraceAndCause(authError, error);
+
+    return authError;
+  }
   constructor(
     readonly code: AuthErrorCode,
     customMessage?: string
@@ -70,6 +92,14 @@ const InvalidTokenMessages: Record<InvalidTokenReason, string> = {
 };
 
 export class InvalidTokenError extends Error {
+  public static fromError(error: unknown, reason: InvalidTokenReason) {
+    const invalidTokenError = new InvalidTokenError(reason);
+
+    mergeStackTraceAndCause(invalidTokenError, error);
+
+    return invalidTokenError;
+  }
+
   constructor(public readonly reason: InvalidTokenReason) {
     super(`${reason}: ${InvalidTokenMessages[reason]}`);
     Object.setPrototypeOf(this, InvalidTokenError.prototype);

src/auth/jwt/sign.ts

@@ -19,12 +19,11 @@ export async function sign({
   try {
     key = await importPKCS8(privateKey, ALGORITHM_RS256);
   } catch (e) {
-    const error = new AuthError(
+    throw AuthError.fromError(
+      e,
       AuthErrorCode.INVALID_ARGUMENT,
       'It looks like the value provided for `serviceAccount.privateKey` is incorrectly formatted. Please double-check if private key has correct format. See /~https://github.com/awinogrodzki/next-firebase-auth-edge/issues/246#issuecomment-2321559620 for details'
     );
-    error.stack = (error?.stack ?? '') + ((e as Error)?.stack ?? '');
-    throw error;
   }
 
   return new SignJWT(payload)

src/auth/token-verifier.ts

@@ -128,18 +128,26 @@ export class FirebaseTokenVerifier {
 
   private mapJoseErrorToAuthError(error: JOSEError): Error {
     if (error instanceof errors.JWTExpired) {
-      return new AuthError(AuthErrorCode.TOKEN_EXPIRED, error.message);
+      return AuthError.fromError(
+        error,
+        AuthErrorCode.TOKEN_EXPIRED,
+        error.message
+      );
     }
 
     if (error instanceof errors.JWSSignatureVerificationFailed) {
-      return new AuthError(AuthErrorCode.INVALID_SIGNATURE);
+      return AuthError.fromError(error, AuthErrorCode.INVALID_SIGNATURE);
     }
 
     if (error instanceof AuthError) {
       return error;
     }
 
-    return new AuthError(AuthErrorCode.INTERNAL_ERROR, error.message);
+    return AuthError.fromError(
+      error,
+      AuthErrorCode.INTERNAL_ERROR,
+      error.message
+    );
   }
 }
 

src/next/middleware.ts

@@ -263,9 +263,7 @@ export async function authMiddleware(
           e instanceof AuthError &&
           e.code === AuthErrorCode.NO_MATCHING_KID
         ) {
-          const error = new InvalidTokenError(InvalidTokenReason.INVALID_KID);
-          error.stack = e.stack;
-          throw error;
+          throw InvalidTokenError.fromError(e, InvalidTokenReason.INVALID_KID);
         }
 
         debug('Authentication failed with error', {error: e});