From 4bc42d59ab342f0be5adde1f722f71e69d10ea50 Mon Sep 17 00:00:00 2001
From: Iain Sproat <68657+iainsproat@users.noreply.github.com>
Date: Tue, 2 Jul 2024 10:39:19 +0100
Subject: [PATCH 1/2] feat(preview-service): allow chromium exec path &
 puppeteer user data dir to be configured (#2462)

---
 packages/preview-service/.env.example      | 9 +++++++++
 packages/preview-service/routes/preview.js | 9 +++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)
 create mode 100644 packages/preview-service/.env.example

diff --git a/packages/preview-service/.env.example b/packages/preview-service/.env.example
new file mode 100644
index 000000000..92f100614
--- /dev/null
+++ b/packages/preview-service/.env.example
@@ -0,0 +1,9 @@
+PREVIEWS_HEADED='true'
+CHROMIUM_EXECUTABLE_PATH='/usr/bin/google-chrome-stable'
+USER_DATA_DIR='/tmp/puppeteer'
+PG_CONNECTION_STRING='postgres://speckle:speckle@127.0.0.1/speckle'
+POSTGRES_MAX_CONNECTIONS_PREVIEW_SERVICE='2'
+PROMETHEUS_METRICS_PORT='9094'
+PORT='3001'
+LOG_LEVEL='info'
+LOG_PRETTY='true'
diff --git a/packages/preview-service/routes/preview.js b/packages/preview-service/routes/preview.js
index c910641a0..ddff02851 100644
--- a/packages/preview-service/routes/preview.js
+++ b/packages/preview-service/routes/preview.js
@@ -9,6 +9,10 @@ const { reduce } = require('lodash')
 
 const shouldBeHeadless = process.env.PREVIEWS_HEADED !== 'true'
 
+const getChromiumExecutablePath = () =>
+  process.env.CHROMIUM_EXECUTABLE_PATH || '/usr/bin/google-chrome-stable'
+const getPuppeteerUserDataDir = () => process.env.USER_DATA_DIR || '/tmp/puppeteer'
+
 async function pageFunction(objectUrl) {
   waitForAnimation = async (ms = 70) =>
     await new Promise((resolve) => {
@@ -60,8 +64,9 @@ async function pageFunction(objectUrl) {
 async function getScreenshot(objectUrl, boundLogger = logger) {
   const launchParams = {
     headless: shouldBeHeadless,
-    userDataDir: '/tmp/puppeteer',
-    executablePath: '/usr/bin/google-chrome-stable',
+    userDataDir: getPuppeteerUserDataDir(),
+    executablePath: getChromiumExecutablePath(),
+    protocolTimeout: 3600_000,
     // we trust the web content that is running, so can disable the sandbox
     // disabling the sandbox allows us to run the docker image without linux kernel privileges
     args: ['--no-sandbox', '--disable-setuid-sandbox', '--disable-dev-shm-usage']

From d944b991722b0ae49d4d6ce2f07066b658023f8f Mon Sep 17 00:00:00 2001
From: Kristaps Fabians Geikins <fabians@speckle.systems>
Date: Tue, 2 Jul 2024 12:44:36 +0300
Subject: [PATCH 2/2] fix(server): unexpected INTERNAL_SERVER_ERROR error codes
 for expected error cases (#2461)

---
 packages/server/modules/core/graph/resolvers/commits.js | 5 +++--
 packages/server/modules/gendo/errors/main.ts            | 6 ++++++
 packages/server/modules/gendo/graph/resolvers/index.ts  | 6 +++---
 packages/server/modules/shared/index.js                 | 6 +++---
 4 files changed, 15 insertions(+), 8 deletions(-)
 create mode 100644 packages/server/modules/gendo/errors/main.ts

diff --git a/packages/server/modules/core/graph/resolvers/commits.js b/packages/server/modules/core/graph/resolvers/commits.js
index 183231079..09f346c21 100644
--- a/packages/server/modules/core/graph/resolvers/commits.js
+++ b/packages/server/modules/core/graph/resolvers/commits.js
@@ -1,6 +1,7 @@
 'use strict'
 
-const { UserInputError, ApolloError } = require('apollo-server-express')
+const { CommitNotFoundError } = require('@/modules/core/errors/commit')
+const { UserInputError } = require('apollo-server-express')
 const { withFilter } = require('graphql-subscriptions')
 const {
   pubsub,
@@ -151,7 +152,7 @@ module.exports = {
           limit: 1
         })
         if (commits.length !== 0) return commits[0]
-        throw new ApolloError(
+        throw new CommitNotFoundError(
           'Cannot retrieve commit (there are no commits in this stream).'
         )
       }
diff --git a/packages/server/modules/gendo/errors/main.ts b/packages/server/modules/gendo/errors/main.ts
new file mode 100644
index 000000000..0f4972ed6
--- /dev/null
+++ b/packages/server/modules/gendo/errors/main.ts
@@ -0,0 +1,6 @@
+import { BaseError } from '@/modules/shared/errors/base'
+
+export class GendoRenderRequestError extends BaseError {
+  static code = 'GENDO_RENDER_REQUEST_ERROR'
+  static defaultMessage = 'Error requesting Gendo render'
+}
diff --git a/packages/server/modules/gendo/graph/resolvers/index.ts b/packages/server/modules/gendo/graph/resolvers/index.ts
index b504318ec..af6265583 100644
--- a/packages/server/modules/gendo/graph/resolvers/index.ts
+++ b/packages/server/modules/gendo/graph/resolvers/index.ts
@@ -21,7 +21,7 @@ import {
   isRateLimitBreached
 } from '@/modules/core/services/ratelimiter'
 import { RateLimitError } from '@/modules/core/errors/ratelimit'
-import { ApolloError } from 'apollo-server-express'
+import { GendoRenderRequestError } from '@/modules/gendo/errors/main'
 
 export = {
   Version: {
@@ -91,8 +91,8 @@ export = {
           id: crs({ length: 10 })
         })
       } else {
-        const body = await response.json()
-        throw new ApolloError('Failed to enque gendo render. ' + body)
+        const body = await response.json().catch(() => '')
+        throw new GendoRenderRequestError('Failed to enque gendo render. ' + body)
       }
       return true
     }
diff --git a/packages/server/modules/shared/index.js b/packages/server/modules/shared/index.js
index f812a0d89..a89a3cf62 100644
--- a/packages/server/modules/shared/index.js
+++ b/packages/server/modules/shared/index.js
@@ -1,6 +1,6 @@
 'use strict'
 const knex = require(`@/db/knex`)
-const { ForbiddenError, ApolloError } = require('apollo-server-express')
+const { ForbiddenError } = require('apollo-server-express')
 const {
   pubsub,
   StreamSubscriptions,
@@ -54,7 +54,7 @@ async function authorizeResolver(
   // TODO: Cache these results with a TTL of 1 mins or so, it's pointless to query the db every time we get a ping.
 
   const role = roles.find((r) => r.name === requiredRole)
-  if (!role) throw new ApolloError('Unknown role: ' + requiredRole)
+  if (!role) throw new ForbiddenError('Unknown role: ' + requiredRole)
 
   const resourceRuleType = roleResourceTypeToTokenResourceType(role.resourceTarget)
   const isResourceLimited =
@@ -80,7 +80,7 @@ async function authorizeResolver(
       .first()
     if (isPublic && role.weight < 200) return true
   } catch {
-    throw new ApolloError(
+    throw new ForbiddenError(
       `Resource of type ${role.resourceTarget} with ${resourceId} not found`
     )
   }