-
-
Notifications
You must be signed in to change notification settings - Fork 697
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow custom error type in server_fn return type for enhanced ergonomics and security #3270
Comments
This is definitely a tricky thing to play with. The idea that ? makes it easy to return Errors is essentially the point, and the idea of storing sensitive data in Error messages seems silly to me. By removing that impl we'll be breaking tons of people's apps that just use it, and forcing them to write From or map_err() in a bunch of places. Once someone does, it'll be just as easy anyway. I'm not sure I understand how we can still use ServerFnError for the server function result and let them define an error We can't just have a generic error return type because there are a bunch of errors returned from Leptos itself that would be incompatible I've been considering trying to simplify the situation but I haven't found a good answer yet |
Thank you for your feedback! The purpose of this is to provide users with an additional option to use custom errors in the return type without breaking the existing code (in best effort), so it actually reduces the cases that users need to write manual error conversion with
By "sensitive", I mean detailed internal information that users, including potentially malicious ones, should not have access to. I don't know the correct term for this.
The key idea is the
From my understanding, requiring |
I think I'll have to discuss this with Greg, but that'd be easier with a PR to play with, so if you feel like trying it feel free |
Thanks! I've started to work on it. |
I'm a little confused -- Don't we already support custom error types in the |
Yes, but there are several limitations:
|
Is your feature request related to a problem? Please describe.
?
operator in the server function might inadvertently expose sensitive error messages from the server side because the From is implemented forServerFnError
which useserror.to_string()
.anyhow::Error
are cumbersome to use because they need explicit conversion (e.g., using theserver_fn_error!
macro).ServerFnError
has its own serialization strategy utilizingFromStr
andDisplay
.ServerFnError
is an external type from applications and has tailored trait implementations, users cannot implement arbitrary traits such asFrom<MyError>
.Describe the solution you'd like
To address these issues, I propose the following:
ServerFnError
only intended for using it in server_fn return type just for the ease of error conversion with?
.ServerFnErrorErr
instead ofServerFnError
everywhere internally.E: Serialize + DeserializeOwned + From<ServerFnErrorErr> + Debug + Display
.ServerFnError(Err)::WrappedServerError
variant,ViaError
,server_fn_error!
, andNoCustomError
.This maintains backward compatibility in the typical server_fn use case that uses
ServerFnError
.Describe alternatives you've considered
An alternative solution could simplify the implementation further but would sacrifice backward compatibility. In this scenario, users can still use
ServerFnError
as the return type of server_fns, but error conversion with?
from anyE: Error
types is no longer available.WrappedServerError
variant,ServerFnErrorErr
, and error conversion toolings, including ViaError.Error
forServerFnError
. This removes the support ofFrom<E: Error>
forServerFnError
, but it's still allowed to use it as the error type because it fulfills the below bounds.E: Serialize + DeserializeOwned + From<ServerFnError> + Debug + Display
.Additional context
The text was updated successfully, but these errors were encountered: