Improve Jira lookup error messages and make local POST cve_id/vendor optional

- Pass through actual Jira error details instead of generic 'Jira API error' - Parse errorMessages and errors from Jira response for human-readable display - Make cve_id and vendor optional on local POST /api/jira-tickets (for Save to Dashboard) - Update getIssue comment for clarity (logic unchanged — JQL search per compliance spec)
2026-05-22 09:55:14 -06:00
parent 6148f06a95
commit e86dd8be15
2 changed files with 20 additions and 3 deletions
--- a/backend/helpers/jiraApi.js
+++ b/backend/helpers/jiraApi.js
@@ -276,8 +276,9 @@ function jiraDelete(urlPath, options) {
 * @param {string[]} [fields] - Jira field names to return
 */
 async function getIssue(issueKey, fields) {
-    // Don't filter by project — issue keys are globally unique in Jira and
-    // tickets may belong to projects other than JIRA_PROJECT_KEY (e.g. AA_ADTRAN).
+    // Use JQL search to look up a single issue by key.
+    // Issue keys are globally unique in Jira — no project filter needed.
+    // Charter compliance: uses GET /rest/api/2/search with explicit field list.
    const jql = `key = "${issueKey}"`;
    const result = await searchIssues(jql, { fields: fields || DEFAULT_FIELDS, maxResults: 1, startAt: 0 });
    if (result.ok && result.data.issues && result.data.issues.length > 0) {
--- a/backend/routes/jiraTickets.js
+++ b/backend/routes/jiraTickets.js
@@ -126,8 +126,24 @@ function createJiraTicketsRouter() {
            if (result.rateLimited) {
                return res.status(429).json({ error: 'Jira rate limit exceeded. Try again later.' });
            }
+            // Build a meaningful error message from Jira's response
+            let errorMsg = result.status === 404 ? 'Issue not found in Jira.' : 'Jira API error.';
+            if (result.body) {
+                try {
+                    const parsed = typeof result.body === 'string' ? JSON.parse(result.body) : result.body;
+                    if (parsed.errorMessages && parsed.errorMessages.length > 0) {
+                        errorMsg = parsed.errorMessages.join('; ');
+                    } else if (parsed.errors && Object.keys(parsed.errors).length > 0) {
+                        errorMsg = Object.values(parsed.errors).join('; ');
+                    }
+                } catch (_) {
+                    if (typeof result.body === 'string' && result.body.length < 300) {
+                        errorMsg = result.body;
+                    }
+                }
+            }
            return res.status(result.status === 404 ? 404 : 502).json({
-                error: result.status === 404 ? 'Issue not found in Jira.' : 'Jira API error.',
+                error: errorMsg,
                details: result.body
            });
        } catch (err) {