fix(rest): emit warning on HTTP 401 with non-zero code (#11066)

* fix(rest): emit warning on HTTP 401 with non-zero code * fix: typos Co-authored-by: Almeida <github@almeidx.dev> * fix: explicit globalThis --------- Co-authored-by: Almeida <github@almeidx.dev> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
2026-03-09 16:13:31 +01:00 · 2025-08-29 03:33:17 -07:00
parent d548a5911e
commit 368edeaaff
2 changed files with 22 additions and 4 deletions
--- a/packages/rest/src/lib/handlers/Shared.ts
+++ b/packages/rest/src/lib/handlers/Shared.ts
@@ -7,6 +7,8 @@ import { RESTEvents } from '../utils/constants.js';
 import type { ResponseLike, HandlerRequestData, RouteData } from '../utils/types.js';
 import { parseResponse, shouldRetry } from '../utils/utils.js';

+let authFalseWarningEmitted = false;
+
 /**
 * Invalid request limiting is done on a per-IP basis, not a per-token basis.
 * The best we can do is track invalid counts process-wide (on the theory that
@@ -137,15 +139,29 @@ export async function handleErrors(
 	} else {
 		// Handle possible malformed requests
 		if (status >= 400 && status < 500) {
+			// The request will not succeed for some reason, parse the error returned from the api
+			const data = (await parseResponse(res)) as DiscordErrorData | OAuthErrorData;
+			const isDiscordError = 'code' in data;
+
 			// If we receive this status code, it means the token we had is no longer valid.
 			if (status === 401 && requestData.auth === true) {
+				if (isDiscordError && data.code !== 0 && !authFalseWarningEmitted) {
+					const errorText = `Encountered HTTP 401 with error ${data.code}: ${data.message}. Your token will be removed from this REST instance. If you are using @discordjs/rest directly, consider adding 'auth: false' to the request. Open an issue with your library if not.`;
+					// Use emitWarning if possible, probably not available in edge / web
+					if (typeof globalThis.process !== 'undefined' && typeof globalThis.process.emitWarning === 'function') {
+						globalThis.process.emitWarning(errorText);
+					} else {
+						console.warn(errorText);
+					}
+
+					authFalseWarningEmitted = true;
+				}
+
 				manager.setToken(null!);
 			}

-			// The request will not succeed for some reason, parse the error returned from the api
-			const data = (await parseResponse(res)) as DiscordErrorData | OAuthErrorData;
 			// throw the API error
-			throw new DiscordAPIError(data, 'code' in data ? data.code : data.error, status, method, url, requestData);
+			throw new DiscordAPIError(data, isDiscordError ? data.code : data.error, status, method, url, requestData);
 		}

 		return res;
--- a/packages/rest/src/lib/utils/types.ts
+++ b/packages/rest/src/lib/utils/types.ts
@@ -292,7 +292,9 @@ export interface RequestData {
 	 */
 	appendToFormData?: boolean;
 	/**
-	 * Alternate authorization data to use for this request only, or `false` to disable the Authorization header
+	 * Alternate authorization data to use for this request only, or `false` to disable the Authorization header.
+	 * When making a request to a route that includes a token (such as interactions or webhooks), set to `false`
+	 * to avoid accidentally unsetting the instance token if a 401 is encountered.
 	 *
 	 * @defaultValue `true`
 	 */