From edb8162bc32addcd0800760462c0137f515ec42c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ercan=20Ermi=C5=9F?=
 <18646235+flightlesstux@users.noreply.github.com>
Date: Mon, 16 Mar 2026 11:52:27 +0100
Subject: [PATCH] fix(security): sanitize error messages returned to clients
 (#1270)

Raw err.Error() strings in handleWebRTCSession, handleLocalWebRTCSignal,
handleLogin, handleSetup (web.go) and OIDC handlers (cloud.go) could expose
internal file paths, system details, or configuration to clients. Replace
with generic messages and log internal errors server-side via zerolog.

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Adam Shiervani <adam.shiervani@gmail.com>
---
 cloud.go |  6 ++++--
 web.go   | 13 +++++++------
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/cloud.go b/cloud.go
index 3ea7fc66..8ed6fc77 100644
--- a/cloud.go
+++ b/cloud.go
@@ -253,7 +253,8 @@ func handleCloudRegister(c *gin.Context) {
 
 	provider, err := oidc.NewProvider(c, "https://accounts.google.com")
 	if err != nil {
-		c.JSON(500, gin.H{"error": "Failed to initialize OIDC provider: " + err.Error()})
+		cloudLogger.Error().Err(err).Msg("failed to initialize OIDC provider")
+		c.JSON(500, gin.H{"error": "Failed to initialize OIDC provider"})
 		return
 	}
 
@@ -264,7 +265,8 @@ func handleCloudRegister(c *gin.Context) {
 	verifier := provider.Verifier(oidcConfig)
 	idToken, err := verifier.Verify(c, req.OidcGoogle)
 	if err != nil {
-		c.JSON(400, gin.H{"error": "Invalid OIDC token: " + err.Error()})
+		cloudLogger.Warn().Err(err).Msg("OIDC token verification failed")
+		c.JSON(400, gin.H{"error": "Invalid OIDC token"})
 		return
 	}
 
diff --git a/web.go b/web.go
index 1539d537..f4995efc 100644
--- a/web.go
+++ b/web.go
@@ -233,7 +233,7 @@ func handleWebRTCSession(c *gin.Context) {
 	var req WebRTCSessionRequest
 
 	if err := c.ShouldBindJSON(&req); err != nil {
-		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request body"})
 		return
 	}
 
@@ -297,7 +297,8 @@ func handleLocalWebRTCSignal(c *gin.Context) {
 
 	wsCon, err := websocket.Accept(c.Writer, c.Request, wsOptions)
 	if err != nil {
-		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		scopedLogger.Warn().Err(err).Msg("failed to accept websocket connection")
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to establish WebSocket connection"})
 		return
 	}
 
@@ -306,14 +307,14 @@ func handleLocalWebRTCSignal(c *gin.Context) {
 
 	err = wsjson.Write(context.Background(), wsCon, gin.H{"type": "device-metadata", "data": gin.H{"deviceVersion": builtAppVersion}})
 	if err != nil {
-		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
+		scopedLogger.Warn().Err(err).Msg("failed to write device metadata")
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to send device metadata"})
 		return
 	}
 
 	err = handleWebRTCSignalWsMessages(wsCon, false, source, connectionID, &scopedLogger)
 	if err != nil {
-		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
-		return
+		scopedLogger.Warn().Err(err).Msg("websocket session ended with error")
 	}
 }
 
@@ -509,7 +510,7 @@ func handleLogin(c *gin.Context) {
 	var req LoginRequest
 
 	if err := c.ShouldBindJSON(&req); err != nil {
-		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request body"})
 		return
 	}