From f088074d486751b3331d646d2a5a2b1adfb2edbc Mon Sep 17 00:00:00 2001
From: rijkvanzanten <rijkvanzanten@me.com>
Date: Thu, 25 Feb 2021 19:12:18 -0500
Subject: [PATCH] Only return full 500 stack trace to authenticated admin users

---
 api/src/middleware/error-handler.ts | 33 ++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 10 deletions(-)

diff --git a/api/src/middleware/error-handler.ts b/api/src/middleware/error-handler.ts
index ddd745ce59..e6da99dfbd 100644
--- a/api/src/middleware/error-handler.ts
+++ b/api/src/middleware/error-handler.ts
@@ -53,17 +53,30 @@ const errorHandler: ErrorRequestHandler = (err, req, res, next) => {
 
 			res.status(500);
 
-			payload = {
-				errors: [
-					{
-						message: err.message,
-						extensions: {
-							...err.extensions,
-							code: 'INTERNAL_SERVER_ERROR',
+			if (req.accountability?.admin === true) {
+				payload = {
+					errors: [
+						{
+							message: err.message,
+							extensions: {
+								...err.extensions,
+								code: 'INTERNAL_SERVER_ERROR',
+							},
 						},
-					},
-				],
-			};
+					],
+				};
+			} else {
+				payload = {
+					errors: [
+						{
+							message: 'An unexpected error occurred.',
+							extensions: {
+								code: 'INTERNAL_SERVER_ERROR',
+							},
+						},
+					],
+				};
+			}
 		}
 	}