fix(discord): restrict token fallback to transport/timeout errors only

Address review feedback: only fall back to token-based ID extraction on transport/timeout errors (catch block), not on HTTP auth failures (401/403) which should fail fast to surface credential issues early. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-21 16:41:56 +00:00 · 2026-02-28 17:21:08 +05:30
parent 3efd190aca
commit 8629b996a1
1 changed files with 24 additions and 6 deletions
--- a/src/discord/probe.ts
+++ b/src/discord/probe.ts
@@ -198,11 +198,29 @@ export async function fetchDiscordApplicationId(
  timeoutMs: number,
  fetcher: typeof fetch = fetch,
 ): Promise<string | undefined> {
-  const json = await fetchDiscordApplicationMe(token, timeoutMs, fetcher);
-  if (json?.id) {
-    return json.id;
+  const normalized = normalizeDiscordToken(token);
+  if (!normalized) {
+    return undefined;
+  }
+  try {
+    const res = await fetchWithTimeout(
+      `${DISCORD_API_BASE}/oauth2/applications/@me`,
+      { headers: { Authorization: `Bot ${normalized}` } },
+      timeoutMs,
+      getResolvedFetch(fetcher),
+    );
+    if (res.ok) {
+      const json = (await res.json()) as { id?: string };
+      if (json?.id) {
+        return json.id;
+      }
+    }
+    // Non-ok HTTP response (401, 403, etc.) — fail fast so credential
+    // errors surface immediately rather than being masked by the fallback.
+    return undefined;
+  } catch {
+    // Transport / timeout error — fall back to extracting the application
+    // ID directly from the token to keep the bot starting.
+    return parseApplicationIdFromToken(token);
  }
-  // Fallback: extract the application ID directly from the token to handle
-  // cases where the API call fails (timeout, network error, etc.).
-  return parseApplicationIdFromToken(token);
 }