Add exception handler middleware to format exceptions as JSON.

Add custom exception for MAX error responses.

BulkPrintingAPI/Controllers/LoginController.cs

@@ -61,48 +61,11 @@ namespace BulkPrintingAPI.Controllers
             if (!ModelState.IsValid)
                 return BadRequest();
 
-            MAX.Models.User user;
-            try
-            {
-                user = await MAX.Utils.AuthenticateUserAsync(_clientFactory, _logger,
-                    loginRequest.UserId.Value, loginRequest.Username, loginRequest.VendorId.Value,
-                    loginRequest.SerialNumber, loginRequest.Password);
-            }
-            catch (Exception e)
-            {
-                _logger.LogError(
-                    "AuthenticateUserAsync failed for {0}: {1}",
-                    MAX.LoginCredentials.Format(loginRequest.UserId.Value, loginRequest.Username,
-                        loginRequest.VendorId.Value, loginRequest.SerialNumber),
-                    e.Message);
-                return Unauthorized();
-            }
-
-            if (user == null)
-            {
-                _logger.LogInformation(
-                    "Login failed for {0}",
-                    MAX.LoginCredentials.Format(loginRequest.UserId.Value, loginRequest.Username,
-                        loginRequest.VendorId.Value, loginRequest.SerialNumber));
-                return Unauthorized();
-            }
-
-            MAX.LoginCredentials credentials;
-            try
-            {
-                credentials = await Utils.SyncUserAndVendorWithDbAsync(_context, _dataEncryptionOptions,
-                    user, loginRequest.Password, loginRequest.VendorId.Value, loginRequest.SerialNumber);
-            }
-            catch (Exception e)
-            {
-                _logger.LogError(
-                    "SyncUserAndVendorWithDb failed for {0}: {1}",
-                    MAX.LoginCredentials.Format(loginRequest.UserId.Value, loginRequest.Username,
-                        loginRequest.VendorId.Value, loginRequest.SerialNumber),
-                    e.Message);
-                return Unauthorized();
-            }
-
+            var user = await MAX.Utils.AuthenticateUserAsync(_clientFactory, _logger,
+                loginRequest.UserId.Value, loginRequest.Username, loginRequest.VendorId.Value,
+                loginRequest.SerialNumber, loginRequest.Password);
+            var credentials = await Utils.SyncUserAndVendorWithDbAsync(_context, _dataEncryptionOptions,
+                user, loginRequest.Password, loginRequest.VendorId.Value, loginRequest.SerialNumber);
             var now = DateTimeOffset.UtcNow;
 
             _context.VendorEvents.Add(new MAX.Models.VendorEvent()
@@ -170,38 +133,11 @@ namespace BulkPrintingAPI.Controllers
         public async Task<IActionResult> ExtendTokenAsync()
         {
             var credentials = await Utils.GetLoginCredentialsFromRequestAsync(HttpContext, _context);
-
-            MAX.Models.User user;
-            try
-            {
-                user = await MAX.Utils.AuthenticateUserAsync(_clientFactory, _logger,
-                    credentials.User.Id, credentials.User.Username, credentials.Vendor.Id,
-                    credentials.Vendor.SerialNumber, credentials.Password);
-            }
-            catch (Exception e)
-            {
-                _logger.LogError(
-                    "AuthenticateUserAsync failed for {0}: {1}",
-                    MAX.LoginCredentials.Format(credentials.User.Id, credentials.User.Username, credentials.Vendor.Id,
-                        credentials.Vendor.SerialNumber), e.Message);
-                return Unauthorized();
-            }
-
-            MAX.LoginCredentials possiblyUpdatedCredentials;
-            try
-            {
-                possiblyUpdatedCredentials = await Utils.SyncUserAndVendorWithDbAsync(_context, _dataEncryptionOptions,
-                    user, credentials.Password, credentials.Vendor.Id, credentials.Vendor.SerialNumber);
-            }
-            catch (Exception e)
-            {
-                _logger.LogError(
-                    "SyncUserAndVendorWithDb failed for {0}: {1}",
-                    MAX.LoginCredentials.Format(credentials.User.Id, credentials.User.Username, credentials.Vendor.Id,
-                        credentials.Vendor.SerialNumber), e.Message);
-                return Unauthorized();
-            }
-
+            var user = await MAX.Utils.AuthenticateUserAsync(_clientFactory, _logger,
+                credentials.User.Id, credentials.User.Username, credentials.Vendor.Id,
+                credentials.Vendor.SerialNumber, credentials.Password);
+            var possiblyUpdatedCredentials = await Utils.SyncUserAndVendorWithDbAsync(_context, _dataEncryptionOptions,
+                user, credentials.Password, credentials.Vendor.Id, credentials.Vendor.SerialNumber);
             var now = DateTimeOffset.UtcNow;
 
             _context.VendorEvents.Add(new MAX.Models.VendorEvent()

BulkPrintingAPI/Middleware/ExceptionHandlerMiddleware.cs

@@ -0,0 +1,73 @@
+using MAX;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+using Newtonsoft.Json;
+using System;
+using System.Threading.Tasks;
+
+namespace BulkPrintingAPI.Middleware
+{
+    public class ExceptionHandlerMiddleware
+    {
+        private readonly RequestDelegate _next;
+        private ILogger _logger;
+
+        private class ErrorResponse
+        {
+            public ErrorResponse(string message)
+            {
+                code = null;
+                error = message;
+            }
+
+            public ErrorResponse(MAXException e)
+            {
+                code = e.ErrorCode;
+                error = e.Message;
+            }
+
+            public int? code { get; set; }
+
+            public string error { get; set; }
+        }
+
+        public ExceptionHandlerMiddleware(RequestDelegate next, ILoggerFactory loggerFactory)
+        {
+            _next = next;
+            _logger = loggerFactory.CreateLogger(GetType().FullName);
+        }
+
+        public async Task Invoke(HttpContext context)
+        {
+            try
+            {
+                await _next(context);
+            }
+            catch (Exception e)
+            {
+                if (context.Response.HasStarted)
+                {
+                    _logger.LogWarning("Response has already started; exception will be rethrown");
+                    throw;
+                }
+
+                _logger.LogError(0, e, "Unhandled exception");
+
+                ErrorResponse response;
+                if (e is MAXException)
+                {
+                    response = new ErrorResponse((MAXException)e);
+                }
+                else
+                {
+                    // Don't want to leak arbitrary exception messages to the user
+                    response = new ErrorResponse("The server encountered an unexpected error");
+                }
+
+                context.Response.StatusCode = 500;
+                context.Response.ContentType = "application/json";
+                await context.Response.WriteAsync(JsonConvert.SerializeObject(response));
+            }
+        }
+    }
+}

BulkPrintingAPI/Startup.cs

@@ -1,4 +1,5 @@
 using BulkPrintingAPI.Configuration;
+using BulkPrintingAPI.Middleware;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
@@ -80,6 +81,8 @@ namespace BulkPrintingAPI
                 TokenValidationParameters = tokenValidationParameters
             };
 
+            app.UseMiddleware<ExceptionHandlerMiddleware>();
+
             app.UseJwtBearerAuthentication(bearerOptions);
 
             app.UseMvc();

MAXClient/Client.cs

@@ -86,12 +86,7 @@ namespace MAX
                 .Append(_vendorId)
                 .Append("|123451234512345||||||")).ConfigureAwait(false);
 
-            var response = await ReadMessageAsync().ConfigureAwait(false);
-            if (!response.StartsWith("Hi "))
-            {
-                _logger.LogError("Device authentication failed: {0}", response);
-                return null;
-            }
+            var response = ExpectResponse(await ReadMessageAsync().ConfigureAwait(false), "Hi");
 
             // Request server RSA key
             await WriteMessageAsync(new MessageBuilder().Append("PK")).ConfigureAwait(false);
@@ -104,11 +99,7 @@ namespace MAX
                 .Append("3D ")
                 .Append(EncryptRSA(response, BitConverter.ToString(_des.Key).Replace("-", "")))).ConfigureAwait(false);
 
-            response = await ReadMessageAsync().ConfigureAwait(false);
-            if (!response.StartsWith("OK"))
-            {
-                throw new Exception(String.Format("Key exchange failed: {0}", response));
-            }
+            response = ExpectResponse(await ReadMessageAsync().ConfigureAwait(false), "OK");
 
             // User authentication
             await WriteMessageAsync(new MessageBuilder()
@@ -120,51 +111,40 @@ namespace MAX
                     .Append("|")
                     .Append(_password).ToString()))).ConfigureAwait(false);
 
-            response = Decrypt(await ReadMessageAsync().ConfigureAwait(false));
-            if (response.StartsWith("OK"))
-            {
-                var parts = response.Split('|');
-                var user = new User()
-                {
-                    Id = _userId,
-                    Username = _username,
-                    FirstName = parts[4],
-                    Surname = parts[3],
-                    Enabled = bool.Parse(parts[6]),
-                    Level = (User.UserLevel)int.Parse(parts[1]),
-                    System = int.Parse(parts[2]),
-                    LastLogin = DateTime.Parse(parts[5])
-                };
-
-                if (user.Level == User.UserLevel.CustomUser)
-                {
-                    user.CanPrintOffline = bool.Parse(parts[7]);
-                    user.OfflinePrintValue = decimal.Parse(parts[8]);
-                    user.CanPrintOnline = bool.Parse(parts[9]);
-                    user.OnlinePrintValue = decimal.Parse(parts[10]);
-                    user.CanReprintOffline = bool.Parse(parts[11]);
-                    user.OfflineReprintValue = decimal.Parse(parts[12]);
-                    user.CanReprintOnline = bool.Parse(parts[13]);
-                    user.OnlineReprintValue = decimal.Parse(parts[14]);
-                    user.BulkExport = bool.Parse(parts[15]);
-                    user.BulkExportMaxValue = decimal.Parse(parts[16]);
-                    user.BulkOrder = bool.Parse(parts[17]);
-                    user.BulkOrderMaxValue = decimal.Parse(parts[18]);
-                    user.BulkViewPins = bool.Parse(parts[19]);
-                    user.BulkReExport = bool.Parse(parts[20]);
-                }
+            response = ExpectResponse(Decrypt(await ReadMessageAsync().ConfigureAwait(false)), "OK");
 
-                return user;
-            }
-            else if (response.StartsWith("ER"))
+            var parts = response.Split('|');
+            var user = new User()
             {
-                _logger.LogInformation("User authentication failed: {0}", response);
-                return null;
-            }
-            else
+                Id = _userId,
+                Username = _username,
+                FirstName = parts[4],
+                Surname = parts[3],
+                Enabled = bool.Parse(parts[6]),
+                Level = (User.UserLevel)int.Parse(parts[1]),
+                System = int.Parse(parts[2]),
+                LastLogin = DateTime.Parse(parts[5])
+            };
+
+            if (user.Level == User.UserLevel.CustomUser)
             {
-                throw new Exception(String.Format("Invalid user information response: {0}", response));
+                user.CanPrintOffline = bool.Parse(parts[7]);
+                user.OfflinePrintValue = decimal.Parse(parts[8]);
+                user.CanPrintOnline = bool.Parse(parts[9]);
+                user.OnlinePrintValue = decimal.Parse(parts[10]);
+                user.CanReprintOffline = bool.Parse(parts[11]);
+                user.OfflineReprintValue = decimal.Parse(parts[12]);
+                user.CanReprintOnline = bool.Parse(parts[13]);
+                user.OnlineReprintValue = decimal.Parse(parts[14]);
+                user.BulkExport = bool.Parse(parts[15]);
+                user.BulkExportMaxValue = decimal.Parse(parts[16]);
+                user.BulkOrder = bool.Parse(parts[17]);
+                user.BulkOrderMaxValue = decimal.Parse(parts[18]);
+                user.BulkViewPins = bool.Parse(parts[19]);
+                user.BulkReExport = bool.Parse(parts[20]);
             }
+
+            return user;
         }
 
         public int ConnectTimeout { get; set; }
@@ -262,28 +242,21 @@ namespace MAX
         public async Task<Account> GetAccountAsync()
         {
             await WriteMessageAsync(new MessageBuilder().Append("Acc")).ConfigureAwait(false);
-            var response = Decrypt(await ReadMessageAsync().ConfigureAwait(false));
-            if (response.StartsWith("OK"))
+            var response = ExpectResponse(Decrypt(await ReadMessageAsync().ConfigureAwait(false)), "OK");
+            var parts = response.Split('|');
+            return new Account()
             {
-                var parts = response.Split('|');
-                return new Account()
+                Id = int.Parse(parts[1]),
+                Name = parts[2],
+                Balance = decimal.Parse(parts[3]),
+                Status = (Account.AccountStatus)int.Parse(parts[4]),
+                Reference = parts[5],
+                Warehouse = new Warehouse()
                 {
-                    Id = int.Parse(parts[1]),
-                    Name = parts[2],
-                    Balance = decimal.Parse(parts[3]),
-                    Status = (Account.AccountStatus)int.Parse(parts[4]),
-                    Reference = parts[5],
-                    Warehouse = new Warehouse()
-                    {
-                        Id = int.Parse(parts[6]),
-                        Name = parts[7]
-                    }
-                };
-            }
-            else
-            {
-                throw new Exception(String.Format("Invalid account information response: {0}", response));
-            }
+                    Id = int.Parse(parts[6]),
+                    Name = parts[7]
+                }
+            };
         }
 
         public async Task<ProductCatalogue> GetProductCatalogueAsync(Account account)
@@ -292,51 +265,39 @@ namespace MAX
             await WriteMessageAsync(new MessageBuilder()
                 .Append("Pdt ")
                 .Append(encryptedWarehouseName)).ConfigureAwait(false);
-            var response = Decrypt(await ReadMessageAsync().ConfigureAwait(false));
-            if (response.StartsWith("OK"))
-            {
-                var parts = response.Split('|');
-                var count = int.Parse(parts[1]);
+            var response = ExpectResponse(Decrypt(await ReadMessageAsync().ConfigureAwait(false)), "OK");
 
-                var catalogue = new ProductCatalogue();
+            var parts = response.Split('|');
+            var count = int.Parse(parts[1]);
+
+            var catalogue = new ProductCatalogue();
             
-                var listCommand = new MessageBuilder().Append("List ")
-                    .Append(encryptedWarehouseName).GetBytes();
-                for (var i = 0; i < count; i++)
+            var listCommand = new MessageBuilder().Append("List ")
+                .Append(encryptedWarehouseName).GetBytes();
+            for (var i = 0; i < count; i++)
+            {
+                await _connectionStream.WriteAsync(listCommand, 0, listCommand.Length).ConfigureAwait(false);
+                response = ExpectResponse(Decrypt(await ReadMessageAsync().ConfigureAwait(false)), "OK");
+
+                parts = response.Split('|');
+                int networkId = int.Parse(parts[4]);
+                Network network;
+                if (! catalogue.NetworkMap.TryGetValue(networkId, out network))
                 {
-                    await _connectionStream.WriteAsync(listCommand, 0, listCommand.Length).ConfigureAwait(false);
-                    response = Decrypt(await ReadMessageAsync().ConfigureAwait(false));
-                    if (response.StartsWith("OK"))
-                    {
-                        parts = response.Split('|');
-                        int networkId = int.Parse(parts[4]);
-                        Network network;
-                        if (! catalogue.NetworkMap.TryGetValue(networkId, out network))
-                        {
-                            network = catalogue.AddNetwork(networkId, parts[5]);
-                        }
-
-                        catalogue.AddProduct(
-                            network: network,
-                            id: int.Parse(parts[1]),
-                            faceValue: decimal.Parse(parts[2]),
-                            description: parts[3],
-                            voucherType: (Batch.Vouchertype)int.Parse(parts[6]),
-                            discountPercentage: decimal.Parse(parts[7])
-                        );
-                    }
-                    else
-                    {
-                        throw new Exception(String.Format("Invalid product item response: {0}", response));
-                    }
+                    network = catalogue.AddNetwork(networkId, parts[5]);
                 }
 
-                return catalogue;
-            }
-            else
-            {
-                throw new Exception(String.Format("Invalid product catalogue response: {0}", response));
+                catalogue.AddProduct(
+                    network: network,
+                    id: int.Parse(parts[1]),
+                    faceValue: decimal.Parse(parts[2]),
+                    description: parts[3],
+                    voucherType: (Batch.Vouchertype)int.Parse(parts[6]),
+                    discountPercentage: decimal.Parse(parts[7])
+                );
             }
+
+            return catalogue;
         }
 
         public async Task<OrderResponse> PlaceOrderAsync(int accountId, Product product, int quantity,
@@ -365,42 +326,35 @@ namespace MAX
                     .Append(internalReference)
                     .ToString()))).ConfigureAwait(false);
 
-            var response = Decrypt(await ReadMessageAsync().ConfigureAwait(false));
+            var response = ExpectResponse(Decrypt(await ReadMessageAsync().ConfigureAwait(false)), "OK");
 
-            if (response.StartsWith("OK"))
+            var parts = response.Split('|');
+            return new OrderResponse()
             {
-                var parts = response.Split('|');
-                return new OrderResponse()
+                Batch = new Batch()
                 {
-                    Batch = new Batch()
-                    {
-                        Id = int.Parse(parts[1]),
-                        OrderReference = parts[2],
-                        RequestedQuantity = int.Parse(parts[3]),
-                        DeliveredQuantity = int.Parse(parts[4]),
-                        Cost = decimal.Parse(parts[5]),
-                        InternalReference = internalReference,
-                        OrderGuid = orderGuid,
-                        AccountId = accountId,
-                        VendorId = _vendorId,
-                        ProductId = product.Id,
-                        ProductDescription = product.Description,
-                        VoucherType = product.VoucherType,
-                        FaceValue = product.FaceValue,
-                        DiscountPercentage = product.DiscountPercentage,
-                        NetworkId = product.Network.Id,
-                        NetworkName = product.Network.Name,
-                        OrderDate = DateTimeOffset.UtcNow,
-                        OrderedById = _userId,
-                        ReadyForDownload = false
-                    },
-                    RemainingBalance = decimal.Parse(parts[6])
-                };
-            }
-            else
-            {
-                throw new Exception(string.Format("Invalid order response: {0}", response));
-            }
+                    Id = int.Parse(parts[1]),
+                    OrderReference = parts[2],
+                    RequestedQuantity = int.Parse(parts[3]),
+                    DeliveredQuantity = int.Parse(parts[4]),
+                    Cost = decimal.Parse(parts[5]),
+                    InternalReference = internalReference,
+                    OrderGuid = orderGuid,
+                    AccountId = accountId,
+                    VendorId = _vendorId,
+                    ProductId = product.Id,
+                    ProductDescription = product.Description,
+                    VoucherType = product.VoucherType,
+                    FaceValue = product.FaceValue,
+                    DiscountPercentage = product.DiscountPercentage,
+                    NetworkId = product.Network.Id,
+                    NetworkName = product.Network.Name,
+                    OrderDate = DateTimeOffset.UtcNow,
+                    OrderedById = _userId,
+                    ReadyForDownload = false
+                },
+                RemainingBalance = decimal.Parse(parts[6])
+            };
         }
 
         private async Task<byte[]> ReadBytesAsync(int count)
@@ -432,6 +386,31 @@ namespace MAX
 
         public int SendTimeout { get; set; }
 
+        private string ExpectResponse(string response, string prefix)
+        {
+            if (response.StartsWith("ER"))
+            {
+                var parts = response.Split('|');
+                int errorCode;
+                if ((parts.Length < 2) || ! int.TryParse(parts[1], out errorCode))
+                {
+                    errorCode = -1;
+                }
+                var message = parts.Length >= 3 ? parts[2] : String.Format("Malformed server error: {0}", response);
+                _logger.LogError("MAX Error for {0}: {1} (code {2})",
+                    LoginCredentials.Format(_userId, _username, _vendorId, _serialNumber), message, errorCode);
+                throw new MAXException(errorCode, message);
+            }
+            else if (! response.StartsWith(prefix))
+            {
+                _logger.LogError("Invalid MAX response for {0}: {1}",
+                    LoginCredentials.Format(_userId, _username, _vendorId, _serialNumber),
+                    response);
+                throw new Exception(String.Format("Invalid server response: {0}", response));
+            }
+            return response;
+        }
+
         private async Task WriteMessageAsync(MessageBuilder message)
         {
             byte[] data = message.GetBytes();

MAXClient/MAXException.cs

@@ -0,0 +1,29 @@
+using System;
+
+namespace MAX
+{
+    public class MAXException : Exception
+    {
+        private int _errorCode;
+
+        public MAXException() { }
+
+        public MAXException(int errorCode, string message)
+            : base(message)
+        {
+            _errorCode = errorCode;
+        }
+
+        public MAXException(int errorCode, string message, Exception innerException)
+            : base(message, innerException)
+        {
+            _errorCode = errorCode;
+        }
+
+        public int ErrorCode
+        {
+            get { return _errorCode; }
+            set { _errorCode = value; }
+        }
+    }
+}

MAXClient/Utils.cs

@@ -65,10 +65,7 @@ namespace MAX
                 userId, username, password))
             {
                 var user = await client.ConnectAsync().ConfigureAwait(false);
-                if (user != null)
-                {
-                    user.Account = await client.GetAccountAsync().ConfigureAwait(false);
-                }
+                user.Account = await client.GetAccountAsync().ConfigureAwait(false);
                 return user;
             }
         }
@@ -78,12 +75,7 @@ namespace MAX
         {
             using (var client = clientFactory.GetClient(logger, credentials))
             {
-                var user = await client.ConnectAsync().ConfigureAwait(false);
-                if (user == null)
-                {
-                    throw new Exception(string.Format("Invalid login credentials for {0}",
-                        credentials.ToString()));
-                }
+                await client.ConnectAsync().ConfigureAwait(false);
                 return await client.GetProductCatalogueAsync(credentials.User.Account).ConfigureAwait(false);
             }
         }
@@ -95,12 +87,7 @@ namespace MAX
         {
             using (var client = clientFactory.GetClient(logger, credentials))
             {
-                var user = await client.ConnectAsync().ConfigureAwait(false);
-                if (user == null)
-                {
-                    throw new Exception(string.Format("Invalid login credentials for {0}",
-                        credentials.ToString()));
-                }
+                await client.ConnectAsync().ConfigureAwait(false);
                 return await client.PlaceOrderAsync(credentials.User.AccountId,
                     product, quantity, customerReference, internalReference, orderGuid, key).ConfigureAwait(false);
             }