add errors

Author: jackattack-4

README.md

@@ -1,4 +1,5 @@
 # [WIP] lovat-backend
+
 lovat server v2 (in development)
 To install dependencies:
 

src/middleware/error.ts

@@ -0,0 +1,101 @@
+export class HttpError extends Error {
+  status: number;
+  code: string;
+
+  constructor(message: string, status: number, code: string) {
+    super(message);
+    this.status = status;
+    this.code = code;
+    this.name = this.constructor.name;
+  }
+}
+
+export class BadRequest extends HttpError {
+  constructor(message = 'Bad Request') {
+    super(message, 400, 'BAD_REQUEST');
+  }
+}
+
+export class InvalidParams extends HttpError {
+  constructor(message = 'Invalid request parameters') {
+    super(message, 400, 'INVALID_PARAMS');
+  }
+}
+
+export class MissingParams extends HttpError {
+  constructor(message = 'Missing required parameters') {
+    super(message, 400, 'MISSING_PARAMS');
+  }
+}
+
+export class ValidationError extends HttpError {
+  constructor(message = 'Validation failed') {
+    super(message, 400, 'VALIDATION_ERROR');
+  }
+}
+export class Unauthorized extends HttpError {
+  constructor(message = 'Unauthorized') {
+    super(message, 401, 'UNAUTHORIZED');
+  }
+}
+export class Forbidden extends HttpError {
+  constructor(message = 'Forbidden') {
+    super(message, 403, 'FORBIDDEN');
+  }
+}
+export class NotFound extends HttpError {
+  constructor(message = 'Resource not found') {
+    super(message, 404, 'NOT_FOUND');
+  }
+}
+
+export class RouteNotFound extends HttpError {
+  constructor(message = 'Endpoint not found') {
+    super(message, 404, 'ROUTE_NOT_FOUND');
+  }
+}
+export class UnprocessableEntity extends HttpError {
+  constructor(message = 'Unprocessable Entity') {
+    super(message, 422, 'UNPROCESSABLE_ENTITY');
+  }
+}
+export class TooManyRequests extends HttpError {
+  constructor(message = 'Too many requests') {
+    super(message, 429, 'RATE_LIMITED');
+  }
+}
+
+export class InternalServerError extends HttpError {
+  constructor(message = 'Internal Server Error') {
+    super(message, 500, 'INTERNAL_SERVER_ERROR');
+  }
+}
+
+export const handleErrors = async (ctx: any, next: any) => {
+  try {
+    await next();
+  } catch (err) {
+    if (err instanceof HttpError) {
+      return ctx.json(
+        {
+          error: {
+            message: err.message,
+            code: err.code,
+          },
+        },
+        err.status
+      );
+    }
+
+    console.error('UNHANDLED ERROR:', err);
+    return ctx.json(
+      {
+        error: {
+          message: 'Internal Server Error',
+          code: 'INTERNAL_SERVER_ERROR',
+        },
+      },
+      500
+    );
+  }
+};

src/openapi/examples.ts

@@ -0,0 +1,73 @@
+export const ErrorExamples = {
+  BadRequest: { error: { message: 'Bad Request', code: 'BAD_REQUEST' } },
+  InvalidParams: { error: { message: 'Invalid request parameters', code: 'INVALID_PARAMS' } },
+  MissingParams: { error: { message: 'Missing required parameters', code: 'MISSING_PARAMS' } },
+  ValidationError: { error: { message: 'Validation failed', code: 'VALIDATION_ERROR' } },
+  Unauthorized: { error: { message: 'Unauthorized', code: 'UNAUTHORIZED' } },
+  Forbidden: { error: { message: 'Forbidden', code: 'FORBIDDEN' } },
+  NotFound: { error: { message: 'Resource not found', code: 'NOT_FOUND' } },
+  RouteNotFound: { error: { message: 'Endpoint not found', code: 'ROUTE_NOT_FOUND' } },
+  UnprocessableEntity: { error: { message: 'Unprocessable Entity', code: 'UNPROCESSABLE_ENTITY' } },
+  TooManyRequests: { error: { message: 'Too many requests', code: 'RATE_LIMITED' } },
+  InternalServerError: {
+    error: { message: 'Internal Server Error', code: 'INTERNAL_SERVER_ERROR' },
+  },
+} as const;
+
+export const errorExamplesComponents = {
+  BadRequestError: {
+    summary: 'Bad Request',
+    description: 'Generic 400 error for malformed requests',
+    value: ErrorExamples.BadRequest,
+  },
+  InvalidParamsError: {
+    summary: 'Invalid Params',
+    description: '400 when provided parameters fail validation',
+    value: ErrorExamples.InvalidParams,
+  },
+  MissingParamsError: {
+    summary: 'Missing Params',
+    description: '400 when required parameters are missing',
+    value: ErrorExamples.MissingParams,
+  },
+  ValidationError: {
+    summary: 'Validation Error',
+    description: '400 when request body validation fails',
+    value: ErrorExamples.ValidationError,
+  },
+  UnauthorizedError: {
+    summary: 'Unauthorized',
+    description: '401 when authentication fails or is missing',
+    value: ErrorExamples.Unauthorized,
+  },
+  ForbiddenError: {
+    summary: 'Forbidden',
+    description: '403 when user lacks required permissions',
+    value: ErrorExamples.Forbidden,
+  },
+  NotFoundError: {
+    summary: 'Not Found',
+    description: '404 when resource is not found',
+    value: ErrorExamples.NotFound,
+  },
+  RouteNotFoundError: {
+    summary: 'Route Not Found',
+    description: '404 when endpoint path does not exist',
+    value: ErrorExamples.RouteNotFound,
+  },
+  UnprocessableEntityError: {
+    summary: 'Unprocessable Entity',
+    description: '422 when request is well-formed but semantically invalid',
+    value: ErrorExamples.UnprocessableEntity,
+  },
+  TooManyRequestsError: {
+    summary: 'Too Many Requests',
+    description: '429 when rate limits are exceeded',
+    value: ErrorExamples.TooManyRequests,
+  },
+  InternalServerError: {
+    summary: 'Internal Server Error',
+    description: '500 for unexpected server errors',
+    value: ErrorExamples.InternalServerError,
+  },
+} as const;

src/openapi/registry.ts

@@ -1,5 +1,7 @@
 import { OpenAPIHono } from '@hono/zod-openapi';
 export const api = new OpenAPIHono();
+export * from './examples';
 
 // Re-export all schemas for route validators to import
 export * from './schemas';
+export * from './responses';

src/openapi/responses.ts

@@ -0,0 +1,90 @@
+import { ErrorResponseSchema } from './schemas/common';
+
+const json = 'application/json' as const;
+
+export const BadRequestResponse = {
+  description: 'Bad Request',
+  content: {
+    [json]: {
+      schema: ErrorResponseSchema,
+      examples: {
+        BadRequestError: { $ref: '#/components/examples/BadRequestError' },
+        InvalidParamsError: { $ref: '#/components/examples/InvalidParamsError' },
+        MissingParamsError: { $ref: '#/components/examples/MissingParamsError' },
+        ValidationError: { $ref: '#/components/examples/ValidationError' },
+      },
+    },
+  },
+} as const;
+
+export const UnauthorizedResponse = {
+  description: 'Unauthorized',
+  content: {
+    [json]: {
+      schema: ErrorResponseSchema,
+      examples: {
+        UnauthorizedError: { $ref: '#/components/examples/UnauthorizedError' },
+      },
+    },
+  },
+} as const;
+
+export const ForbiddenResponse = {
+  description: 'Forbidden',
+  content: {
+    [json]: {
+      schema: ErrorResponseSchema,
+      examples: {
+        ForbiddenError: { $ref: '#/components/examples/ForbiddenError' },
+      },
+    },
+  },
+} as const;
+
+export const NotFoundResponse = {
+  description: 'Not Found',
+  content: {
+    [json]: {
+      schema: ErrorResponseSchema,
+      examples: {
+        NotFoundError: { $ref: '#/components/examples/NotFoundError' },
+      },
+    },
+  },
+} as const;
+
+export const UnprocessableEntityResponse = {
+  description: 'Unprocessable Entity',
+  content: {
+    [json]: {
+      schema: ErrorResponseSchema,
+      examples: {
+        UnprocessableEntityError: { $ref: '#/components/examples/UnprocessableEntityError' },
+      },
+    },
+  },
+} as const;
+
+export const TooManyRequestsResponse = {
+  description: 'Too Many Requests',
+  content: {
+    [json]: {
+      schema: ErrorResponseSchema,
+      examples: {
+        TooManyRequestsError: { $ref: '#/components/examples/TooManyRequestsError' },
+      },
+    },
+  },
+} as const;
+
+export const InternalServerErrorResponse = {
+  description: 'Internal Server Error',
+  content: {
+    [json]: {
+      schema: ErrorResponseSchema,
+      examples: {
+        InternalServerError: { $ref: '#/components/examples/InternalServerError' },
+      },
+    },
+  },
+} as const;

src/openapi/schemas/common.ts

@@ -2,6 +2,9 @@ import { z } from '@hono/zod-openapi';
 
 export const ErrorResponseSchema = z
   .object({
-    error: z.string().openapi({ example: 'User not found' }),
+    error: z.object({
+      message: z.string().openapi({ example: 'User not found' }),
+      code: z.string().openapi({ example: 'NOT_FOUND' }),
+    }),
   })
   .openapi('ErrorResponse');

src/openapi/security.ts

@@ -0,0 +1,27 @@
+export const securitySchemes = {
+  DashboardAuth: {
+    type: 'http',
+    scheme: 'bearer',
+    bearerFormat: 'JWT',
+    description:
+      'Dashboard auth: Bearer JWT from Auth0. Some endpoints may also accept API keys (lvt-...).',
+  },
+  ApiKeyAuth: {
+    type: 'apiKey',
+    in: 'header',
+    name: 'Authorization',
+    description: 'API Key auth: Authorization: Bearer lvt-<key>',
+  },
+  SlackAuth: {
+    type: 'http',
+    scheme: 'none',
+    description:
+      'Slack signed requests verified via x-slack-signature, x-slack-request-timestamp, and verification key.',
+  } as any,
+  LovatAuth: {
+    type: 'http',
+    scheme: 'none',
+    description:
+      'Lovat signed requests verified via x-signature and x-timestamp using server-side signing key.',
+  } as any,
+} as const;

src/routes/index.ts

@@ -2,10 +2,15 @@ import { logger } from '../middleware/logger';
 import userRouter from './users.routes';
 import { api } from '../openapi/registry';
 import openapiDocHandler from '../openapi/doc';
+import { handleErrors } from '../middleware/error';
+import { version } from 'bun';
+import { securitySchemes } from '../openapi/security';
+import { errorExamplesComponents } from '../openapi/examples';
 
 // Use OpenAPIHono as the central router
 const router = api;
 router.use('/*', logger);
+router.use('/*', handleErrors);
 
 // Health endpoint
 router.get('/health', (c) => c.json({ ok: true }));
@@ -18,37 +23,13 @@ const openapiConfig = {
   openapi: '3.1.0',
   info: {
     title: 'Lovat API',
-    version: '1.0.0',
+    version: version,
   },
   components: {
-    securitySchemes: {
-      DashboardAuth: {
-        type: 'http',
-        scheme: 'bearer',
-        bearerFormat: 'JWT',
-        description:
-          'Dashboard auth: Bearer JWT from Auth0. Some endpoints may also accept API keys (lvt-...).',
-      },
-      ApiKeyAuth: {
-        type: 'apiKey',
-        in: 'header',
-        name: 'Authorization',
-        description: 'API Key auth: Authorization: Bearer lvt-<key>',
-      },
-      SlackAuth: {
-        type: 'http',
-        scheme: 'none',
-        description:
-          'Slack signed requests verified via x-slack-signature, x-slack-request-timestamp, and verification key.',
-      } as any,
-      LovatAuth: {
-        type: 'http',
-        scheme: 'none',
-        description:
-          'Lovat signed requests verified via x-signature and x-timestamp using server-side signing key.',
-      } as any,
-    },
+    securitySchemes,
+    examples: errorExamplesComponents as any,
   },
+  security: [{ DashboardAuth: [] }, { ApiKeyAuth: [] }] as any,
 };
 
 // Raw OpenAPI JSON