📝 CodeRabbit Chat: Implement requested code changes#730
📝 CodeRabbit Chat: Implement requested code changes#730coderabbitai[bot] wants to merge 1 commit intomainfrom
Conversation
coderabbitai
bot
requested review from
5ran6,
chibie and
onahprosper
as code owners
|
Important Review skippedThis PR was authored by the user configured for CodeRabbit reviews. CodeRabbit does not review PRs authored by this user. It's recommended to use a dedicated user account to post CodeRabbit review feedback. ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
📝 Coding Plan
Comment |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| orderWithDetails, err = ctrl.promotePendingPayinOrderToFulfilling(reqCtx, orderWithDetails, provider) | ||
| if err != nil { | ||
| logger.Errorf("Failed to promote payin order to fulfilling: %v", err) | ||
| u.APIResponse(ctx, http.StatusConflict, "error", err.Error(), nil) |
There was a problem hiding this comment.
Internal database errors leaked to API consumers
Medium Severity
The err.Error() from promotePendingPayinOrderToFulfilling is passed directly to the API response. Several error paths in that function wrap underlying database errors using %w (e.g., "failed to start transaction: %w", "failed to check fulfilling log: %w"), which can expose internal database details (driver errors, schema names, constraint info) to the API consumer. Every other error response in this file uses a hardcoded generic message instead.
1 participant
Code changes was requested by @chibie.
The following files were modified:
controllers/provider/provider.gocontrollers/provider/provider_test.go