fix: capture exception details in error responses (#46)

[hopkdj]

Fixes #46

Changes:

• Changed except Exception: to except Exception as e: in both handle_sol_balance and handle_token_supply
• Error responses now include the actual exception message via str(e) instead of the generic Internal error string
• Makes debugging API failures much easier

Summary by CodeRabbit

• Bug Fixes
  • Enhanced error reporting to display detailed exception information instead of generic messages, improving troubleshooting capabilities for failed requests.

[owasp-blt]

📊 Monthly Leaderboard

Hi @hopkdj! Here's how you rank for March 2026:

Rank	User	Open PRs	PRs (merged)	PRs (closed)	Reviews	Comments	Total
128	@divyanshu-iitian	1	0	0	0	0	1
129	@hopkdj ✨	1	0	0	0	0	1
130	@jarvis24pro-A01	1	0	0	0	0	1

---

Scoring this month (across OWASP-BLT org): Open PRs (+1 each), Merged PRs (+10), Closed (not merged) (−2), Reviews (+5; first two per PR in-month), Comments (+2, excludes CodeRabbit). Run /leaderboard on any issue or PR to see your rank!

[owasp-blt]

👋 Hi @hopkdj!

This pull request needs a peer review before it can be merged. Please request a review from a team member who is not:

• The PR author
• coderabbitai
• copilot

Once a valid peer review is submitted, this check will pass automatically. Thank you!

⚠️ Peer review enforcement is active.

[coderabbitai]

Walkthrough

Exception handling in handle_sol_balance and handle_token_supply functions was updated to capture exception details. The error response field now returns the stringified exception message instead of a generic "Internal error" string.

Changes

Cohort / File(s)	Summary
Exception Handling Updates src/index.py	Modified exception blocks in handle_sol_balance and handle_token_supply to bind exception instances and expose exception details in error responses instead of generic error strings.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Suggested labels

quality: medium

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Linked Issues check	⚠️ Warning	The PR partially meets requirements from #46. It captures exception details with 'except Exception as e' and returns str(e) as required. However, it fails to fix the inconsistent 'balance' vs 'supply' field in handle_token_supply's error response.	Update handle_token_supply error response to return 'supply': None instead of 'balance': None to match the success response format and fix the second bug from issue #46.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the main change: capturing exception details in error responses, which is the primary objective of the PR.
Out of Scope Changes check	✅ Passed	All changes are directly related to fixing exception handling and error responses in both functions, which aligns with the objectives stated in issue #46.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/index.py`:
- Around line 181-185: In the except Exception as e block that returns
Response.new, avoid returning str(e); replace the detailed exception text with a
generic error message (e.g., "Internal server error") so no RPC/parsing details
are leaked, while keeping the same response shape {'supply': None, 'error':
<generic message>} and preserving response_headers and status 500; locate the
catch by the except Exception as e and the call to Response.new to apply the
change.
- Around line 124-128: Replace the direct exposure of the exception string in
the Response.new call by logging the full exception server-side (use the
existing logger or add one) and returning a sanitized generic error message to
the client; in the except block that currently captures Exception as e and calls
Response.new with json.dumps({'balance': None, 'error': str(e)}), change it to
log the exception and stack trace and set the response body to a non-sensitive
message (e.g., {'balance': None, 'error': 'Internal server error'}) while
preserving status and response_headers, and optionally gate returning detailed
error text behind a development-only env flag.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 25619e44-48bd-46cd-b352-14984cb8d8ea

📥 Commits

Reviewing files that changed from the base of the PR and between 99e6b27 and 974974e.

📒 Files selected for processing (1)

• src/index.py

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Security risk: Raw exception messages may leak sensitive information.

Returning str(e) directly exposes internal details to API consumers. Exceptions from the fetch() call or JSON parsing could reveal:

• RPC URLs (which may contain API keys if using paid providers like Alchemy/QuickNode)
• Internal file paths or stack trace fragments
• Connection error details with endpoint information

For debugging, log the exception server-side and return a generic message to clients, or sanitize the exception type without the full message.

Proposed fix: sanitize error output

     except Exception as e:
+        # Log full exception for debugging (Cloudflare Workers: use console.log or wrangler tail)
+        # print(f"handle_sol_balance error: {e}")
         return Response.new(
-            json.dumps({'balance': None, 'error': str(e)}),
+            json.dumps({'balance': None, 'error': 'Internal server error'}),
             {'status': 500, 'headers': response_headers}
         )

Alternatively, if exception details are needed for client-side debugging in non-production environments, consider gating this behind an environment flag.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	except Exception as e:
	return Response.new(
	json.dumps({'balance': None, 'error': 'Internal error'}),
	json.dumps({'balance': None, 'error': str(e)}),
	{'status': 500, 'headers': response_headers}
	)
	except Exception as e:
	# Log full exception for debugging (Cloudflare Workers: use console.log or wrangler tail)
	# print(f"handle_sol_balance error: {e}")
	return Response.new(
	json.dumps({'balance': None, 'error': 'Internal server error'}),
	{'status': 500, 'headers': response_headers}
	)

🧰 Tools

🪛 Ruff (0.15.7)

[warning] 124-124: Do not catch blind exception: Exception

(BLE001)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/index.py` around lines 124 - 128, Replace the direct exposure of the
exception string in the Response.new call by logging the full exception
server-side (use the existing logger or add one) and returning a sanitized
generic error message to the client; in the except block that currently captures
Exception as e and calls Response.new with json.dumps({'balance': None, 'error':
str(e)}), change it to log the exception and stack trace and set the response
body to a non-sensitive message (e.g., {'balance': None, 'error': 'Internal
server error'}) while preserving status and response_headers, and optionally
gate returning detailed error text behind a development-only env flag.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Same security concern: sanitize exception output.

Apply the same fix here—return a generic error message rather than str(e) to avoid leaking sensitive details from RPC or parsing failures.

Proposed fix

     except Exception as e:
+        # Log full exception for debugging
+        # print(f"handle_token_supply error: {e}")
         return Response.new(
-            json.dumps({'supply': None, 'error': str(e)}),
+            json.dumps({'supply': None, 'error': 'Internal server error'}),
             {'status': 500, 'headers': response_headers}
         )

🧰 Tools

🪛 Ruff (0.15.7)

[warning] 181-181: Do not catch blind exception: Exception

(BLE001)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/index.py` around lines 181 - 185, In the except Exception as e block that
returns Response.new, avoid returning str(e); replace the detailed exception
text with a generic error message (e.g., "Internal server error") so no
RPC/parsing details are leaked, while keeping the same response shape {'supply':
None, 'error': <generic message>} and preserving response_headers and status
500; locate the catch by the except Exception as e and the call to Response.new
to apply the change.

[owasp-blt]

⚠️ This pull request has 2 unresolved review conversations that must be resolved before merging.