Improves API error output for better debugging.

PiperOrigin-RevId: 628425474

README.md

@@ -224,18 +224,15 @@ For testing the blocklists, you can use the following URLs:
 
 ## 4XX Errors
 
-If you start the client without proper credentials or project set up, you will
-see an error similar to what is shown below on startup:
+If you start the client without proper credentials or project set up, you will see an error similar to what is shown below on startup:
 
 ```
 webrisk: 2023/01/27 19:36:13 database.go:217: ListUpdate failure (1): webrisk: unexpected server response code: 400
 ```
 
-For 400 errors, this usually means the API key is incorrect or was not supplied
-correctly.
+For 400 errors, this usually means the API key is incorrect or was not supplied correctly.
 
-For 403 errors, this could mean the Web Risk API is not enabled for your project
-**or** your project does not have Billing enabled.
+For 403 errors, this could mean the Web Risk API is not enabled for your project **or** your project does not have Billing enabled.
 
 # About the Social Engineering Extended Coverage List
 

api.go

@@ -24,6 +24,7 @@ import (
 
 	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/proto"
+	err_pb "github.com/google/webrisk/internal/http_error_proto/http_error_go_proto"
 	pb "github.com/google/webrisk/internal/webrisk_proto"
 )
 
@@ -97,7 +98,7 @@ func (a *netAPI) doRequest(ctx context.Context, urlString string, resp proto.Mes
 	}
 	defer httpResp.Body.Close()
 	if httpResp.StatusCode != 200 {
-		return fmt.Errorf("webrisk: unexpected server response code: %d", httpResp.StatusCode)
+		return a.parseError(httpResp)
 	}
 	body, err := ioutil.ReadAll(httpResp.Body)
 	if err != nil {
@@ -106,6 +107,21 @@ func (a *netAPI) doRequest(ctx context.Context, urlString string, resp proto.Mes
 	return protojson.Unmarshal(body, resp)
 }
 
+// parseError parses an error JSON body and returns an error summary.
+func (a *netAPI) parseError(httpResp *http.Response) error {
+	body, err := ioutil.ReadAll(httpResp.Body)
+	if err != nil {
+		return err
+	}
+	errProto := new(err_pb.Error)
+	o := protojson.UnmarshalOptions{DiscardUnknown: true, AllowPartial: true}
+	if err := o.Unmarshal(body, errProto); err != nil {
+		return fmt.Errorf("webrisk: unknown error (response could not be read)")
+	}
+	return fmt.Errorf("webrisk: unexpected server response code: %d, status: %s, message: %s",
+		httpResp.StatusCode, errProto.GetError().GetStatus(), errProto.GetError().GetMessage())
+}
+
 // ListUpdate issues a ComputeThreatListDiff API call and returns the response.
 func (a *netAPI) ListUpdate(ctx context.Context, threatType pb.ThreatType, versionToken []byte,
 	compressionTypes []pb.CompressionType) (*pb.ComputeThreatListDiffResponse, error) {

api_test.go

@@ -14,8 +14,12 @@
 package webrisk
 
 import (
+	"bytes"
 	"context"
 	"encoding/base64"
+	"errors"
+	"io"
+	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"reflect"
@@ -182,3 +186,66 @@ func TestNetAPI(t *testing.T) {
 		t.Errorf("unexpected HashLookup success, wanted malformed JSON error")
 	}
 }
+
+func createBody(j string) io.ReadCloser {
+	return ioutil.NopCloser(bytes.NewReader([]byte(j)))
+}
+
+func TestParseError(t *testing.T) {
+	tests := []struct {
+		httpResp *http.Response
+		wantErr  error
+	}{
+		{
+			httpResp: &http.Response{
+				StatusCode: http.StatusBadRequest,
+				Body: createBody(`{
+					"error": {
+						"code": 400,
+						"message": "API key not valid. Please pass a valid API key",
+						"status": "INVALID_ARGUMENT"}}`), // Formatted Response
+			},
+			wantErr: errors.New("webrisk: unexpected server response code: 400, status: INVALID_ARGUMENT, message: API key not valid. Please pass a valid API key"),
+		},
+		{
+			httpResp: &http.Response{
+				StatusCode: http.StatusForbidden,
+				Body: createBody(`{
+					"error": {
+						"code": 403,
+						"message": "API Not Enabled",
+						"status": "PERMISSION_DENIED",
+						"details": [{
+							"@type": "type.googleapis.com/google.rpc.ErrorInfo",
+							"reason": "PERMISSION_DENIED",
+							"domain": "googleapis.com",
+							"metadata": {
+								"service": "webrisk.googleapis.com"
+							}}]}}`), // Full Response
+			},
+			wantErr: errors.New("webrisk: unexpected server response code: 403, status: PERMISSION_DENIED, message: API Not Enabled"),
+		},
+		{
+			httpResp: &http.Response{
+				StatusCode: http.StatusInternalServerError,
+				Body:       createBody(""), // Empty body
+			},
+			wantErr: errors.New("webrisk: unknown error (response could not be read)"),
+		},
+		{
+			httpResp: &http.Response{
+				StatusCode: http.StatusInternalServerError,
+				Body:       createBody(`{badjson}`),
+			},
+			wantErr: errors.New("webrisk: unknown error (response could not be read)"),
+		},
+	}
+
+	for _, tc := range tests {
+		var a netAPI
+		gotErr := a.parseError(tc.httpResp)
+		if gotErr.Error() != tc.wantErr.Error() {
+			t.Errorf("parseError(%v) returned error: %v, want error: %v", tc.httpResp, gotErr, tc.wantErr)
+		}
+	}
+}