diff --git a/docs/dev/api/error-codes.md b/docs/dev/api/error-codes.md new file mode 100644 index 00000000..70606f1b --- /dev/null +++ b/docs/dev/api/error-codes.md @@ -0,0 +1,42 @@ +# API Error Codes + +Here's an example of an error response from Quizfreely-API: +```json +{ + "error": { + "code": "USERNAME_TAKEN", + "statusCode": 400, + "message": "Username taken/already being used" + } +} +``` + +`error.statusCode` is the HTTP status code of the error (if applicable) + +`error.message` is a readable explanation of the error. + +`error.code` is an "error code". We can use this to display different error messages based on what type of error happened. + +Sometimes Quizfreely-API sends an error message from Node.js, PostgreSQL, Fastify, or Mercurius that might not have `.code`, `.statusCode`, or `.message`. When Quizfreely-API sends its own error message, then it will have all three (`.code`, `.statusCode`, and `.message`). + +Here is a list of Quizfreely's error codes: +- `"NOT_FOUND"` + - a 404; whatever you tried to get or update was not found +- `"NOT_AUTHED"` + - Not signed in while trying to do something that requires you to be signed in + - Quizfreely-API uses an Authorization header OR an auth cookie to send the user's token + - The cookie is supposed to be named `auth`, and its value is supposed to be the token + - Auth headers are supposed to look like this: `Authorization: Bearer tokenGoesHere` +- `"INCORRECT_USERNAME"` + - username is wrong (when trying to sign in) +- `"INCORRECT_PASSWORD"` + - password is wrong (when trying to sign in) +- `"USERNAME_INVALID"` + - username contains spaces or special characters (when trying to create an account) + - usernames can have letters or numbers (any alphabet), dot (`.`), underscore (`_`), or dash (`-`) + - usernames must be 1 or more characters and less than 100 characters +- `"USERNAME_TAKEN"` + - another account already uses that username (when trying to create an account) +- `?error=oauth-error` + - querystring sent in redirect to sign in/sign up page if there is an error when trying to sign up or sign in with OAuth + - all the other error codes are sent in the API's response body as json in `error.code`, but this error is a querystring only for OAuth redirects diff --git a/docs/dev/api/error-types.md b/docs/dev/api/error-types.md deleted file mode 100644 index aa76ebff..00000000 --- a/docs/dev/api/error-types.md +++ /dev/null @@ -1,48 +0,0 @@ -# API Error Types - -Quizfreely's api sends responses that look like this on error: -```json -{ - "error": { - "type": "something" - } -} -``` - -work in progress: this is going to be outdated soon and needs to be updated (schemas validate for us (no more fields-missing), request bodies are different now (body.abc instead of body.studyset.abc), and response bodies are different (not response.data.studyset.abc anymore)) - -`error.type` is a simple/consistent way to categorize errors and show error messages based on them. - -Here is a list of error types: -- `"not-found"` - - a 404; whatever you tried to get or update was not found -- `"fields-missing"` - - required parts of a request body were not sent - - for example - - trying to create a studyset without sending the title or content in the request body - - or trying to sign in without a password in the request body - - also make sure the requeset body is valid json and has content-type (header) as json -- `"auth-missing"` - - Authorization http header or auth cookie were not sent - - The cookie is supposed to be named `auth`, and its value is supposed to be the token - - Auth headers are supposed to look like this: `Authorization: Bearer abcd1234tokenGoesHere` - - This error happens when the header or cookie are missing, if the session token is invalid or expired, you get a different error (`session-invalid`) -- `"db-error"` - - something went wrong while trying to connect to, read from, or write to the database -- `"session-invalid"` - - the session token is expired or wrong - - this usually means the user needs to sign in again to get a new session -- `"sign-in-incorrect"` - - username or password is wrong (when trying to sign in) -- `"password-weak"` - - password is too short/weak (when trying to create an account) -- `"username-invalid"` - - username contains spaces or special characters (when trying to create an account) - - usernames can have letters or numbers (any alphabet), dot (`.`), underscore (`_`), or dash (`-`) - - usernames must be 2 or more characters and less than 100 characters -- `"username-taken"` - - another account already uses that username (when trying to create an account) -- `"oauth-error"` - - an error happened while trying to generate an authorization uri with oauth2 -- `"server-error"` - - a 500 error; an error was so bad that the api couldn't even use any of the other error types