@pawells/nestjs-shared 1.0.0-dev.3052c75

package/build/common/factories/security-bootstrap.factory.js

@@ -0,0 +1,222 @@
+/**
+ * Security Bootstrap Factory
+ *
+ * Provides a comprehensive factory function for applying security middleware and
+ * configurations to a NestJS application. This includes compression, MongoDB injection
+ * prevention, XSS protection, Helmet.js security headers, CORS, and global validation pipes.
+ *
+ * All security features are enabled by default and can be selectively disabled via options.
+ */
+import { Logger, ValidationPipe } from '@nestjs/common';
+import helmet from 'helmet';
+import compression from 'compression';
+import express from 'express';
+import { sanitizeObject, sanitizeXss } from '../utils/sanitization.utils.js';
+/**
+ * Applies comprehensive security middleware and configurations to a NestJS application
+ *
+ * Configured middleware stack (in order):
+ * 0. Body Size Limits - Enforces maximum request body size
+ * 1. Compression - Reduces response size for APIs larger than 1KB
+ * 2. MongoDB Injection Prevention - Sanitizes request body and params
+ * 3. XSS Protection - Sanitizes user input to prevent XSS attacks
+ * 4. Helmet.js - Sets security-related HTTP headers (CSP, HSTS, X-Frame-Options, etc)
+ * 5. Global Validation Pipe - Validates and transforms incoming data
+ * 6. CORS - Enables cross-origin resource sharing with configurable origins
+ *
+ * @param app The NestJS application instance
+ * @param options Configuration options for security bootstrap
+ *
+ * @example
+ * ```typescript
+ * import { NestFactory } from '@nestjs/core';
+ * import { ApplySecurityMiddleware } from '@pawells/nestjs-shared';
+ * import { AppModule } from './app.module';
+ *
+ * async function bootstrap() {
+ *   const app = await NestFactory.create(AppModule);
+ *
+ *   ApplySecurityMiddleware(app, {
+ *     corsOrigins: ['https://example.com'],
+ *     environment: 'production',
+ *   });
+ *
+ *   await app.listen(3000);
+ * }
+ *
+ * bootstrap();
+ * ```
+ */
+export function ApplySecurityMiddleware(app, options = {}) {
+    const { corsOrigins = [], environment = process.env['NODE_ENV'] ?? 'development', compressionEnabled = true, xssEnabled = true, helmetEnabled = true, mongoDbInjectionPreventionEnabled = true, corsEnabled = true, corsAllowedHeaders = ['Content-Type', 'Authorization', 'X-Requested-With', 'apollographql-client-name', 'apollographql-client-version', 'X-CSRF-Token'], cspConnectSrc = [], cspImgSrc = [], cspStyleSrc = [], cspFontSrc = [], maxBodySize = '10mb', logger = new Logger('SecurityBootstrap'), } = options;
+    // Named constants for configuration
+    const DEFAULT_COMPRESSION_LEVEL = 6;
+    const DEFAULT_COMPRESSION_THRESHOLD = 1024;
+    // Step 0: Apply request body size limits
+    app.use(express.json({ limit: maxBodySize }));
+    app.use(express.urlencoded({ extended: true, limit: maxBodySize }));
+    logger.log('Request body size limits applied');
+    // Step 1: Apply compression middleware
+    if (compressionEnabled) {
+        app.use(compression({
+            level: DEFAULT_COMPRESSION_LEVEL,
+            threshold: DEFAULT_COMPRESSION_THRESHOLD,
+            filter: (req, res) => {
+                // Don't compress responses with this request header
+                if (req.headers['x-no-compression']) {
+                    return false;
+                }
+                // Use default compression filter function
+                return compression.filter(req, res);
+            },
+        }));
+        logger.log('Compression middleware enabled for API response optimization');
+    }
+    // Step 2: Apply MongoDB injection prevention middleware
+    if (mongoDbInjectionPreventionEnabled) {
+        app.use((req, _res, next) => {
+            if (req.body) {
+                req.body = sanitizeObject(req.body, 0, logger);
+            }
+            if (req.params) {
+                req.params = sanitizeObject(req.params, 0, logger);
+            }
+            if (req.cookies && typeof req.cookies === 'object') {
+                req.cookies = sanitizeObject(req.cookies);
+            }
+            next();
+        });
+        logger.log('MongoDB injection prevention middleware applied');
+    }
+    // Step 3: Apply XSS protection middleware
+    if (xssEnabled) {
+        app.use((req, _res, next) => {
+            if (req.body) {
+                req.body = sanitizeXss(req.body, logger);
+            }
+            if (req.query) {
+                req.query = sanitizeXss(req.query, logger);
+            }
+            if (req.params) {
+                req.params = sanitizeXss(req.params, logger);
+            }
+            next();
+        });
+        logger.log('XSS sanitization middleware applied');
+    }
+    // Step 4: Apply Helmet.js for security headers
+    if (helmetEnabled) {
+        app.use(helmet({
+            contentSecurityPolicy: {
+                directives: {
+                    defaultSrc: [...new Set(['\'self\''])],
+                    scriptSrc: [...new Set(['\'self\''])],
+                    styleSrc: [...new Set(['\'self\'', ...cspStyleSrc])],
+                    imgSrc: [...new Set(['\'self\'', ...cspImgSrc])],
+                    connectSrc: [...new Set(['\'self\'', ...cspConnectSrc])],
+                    fontSrc: [...new Set(['\'self\'', ...cspFontSrc])],
+                    baseUri: [...new Set(['\'self\''])],
+                    objectSrc: [...new Set(['\'none\''])],
+                    mediaSrc: [...new Set(['\'self\''])],
+                    frameSrc: [...new Set(['\'none\''])],
+                },
+            },
+            hsts: {
+                maxAge: 31536000, // 1 year
+                includeSubDomains: true,
+                preload: true,
+            },
+            frameguard: {
+                action: 'deny',
+            },
+            referrerPolicy: {
+                policy: 'strict-origin-when-cross-origin',
+            },
+            noSniff: true,
+            xssFilter: true,
+            dnsPrefetchControl: {
+                allow: false,
+            },
+        }));
+        logger.log('Helmet.js security headers applied');
+    }
+    // Step 5: Apply global validation pipe
+    app.useGlobalPipes(new ValidationPipe({
+        whitelist: true,
+        forbidNonWhitelisted: true,
+        transform: true,
+    }));
+    logger.log('Global ValidationPipe configured');
+    // Step 6: Enable CORS with smart origin validation
+    if (corsEnabled) {
+        // Apollo Studio origins that need access in development
+        const apolloStudioOrigins = [
+            'https://studio.apollographql.com',
+            'https://sandbox.apollo.dev',
+        ];
+        /**
+         * Smart CORS origin validation algorithm.
+         *
+         * This validator implements a layered origin checking strategy that balances
+         * development convenience with production security:
+         *
+         * 1. **No-origin requests**: Allows requests without an Origin header
+         *    (typical for same-origin, curl, Postman, and other non-browser clients).
+         *    These requests are safe and do not require CORS validation.
+         *
+         * 2. **Development localhost origins**: In development mode, permits all localhost origins
+         *    (http://localhost:*) to enable rapid iteration without configuration.
+         *    This includes any port number (e.g., http://localhost:3000, http://localhost:5173).
+         *
+         * 3. **Development Apollo Studio origins**: In development mode, explicitly allows
+         *    Apollo Studio (https://studio.apollographql.com) and Apollo Sandbox (https://sandbox.apollo.dev)
+         *    to facilitate GraphQL IDE testing without additional setup.
+         *
+         * 4. **Configured production origins**: Allows explicitly configured origins from the
+         *    corsOrigins option. This is the primary enforcement mechanism in production.
+         *
+         * 5. **Default rejection**: Any origin not matching the above is rejected with an
+         *    "Not allowed by CORS" error.
+         *
+         * **Security notes:**
+         * - Development mode origins (localhost, Apollo Studio) are disabled in production
+         * - Configured origins are checked case-insensitively for robustness
+         * - Wildcard origins (e.g., *.example.com) are not supported; specify each origin explicitly
+         */
+        app.enableCors({
+            origin: (origin, callback) => {
+                // Allow requests with no origin (same-origin, curl, Postman, etc.)
+                if (!origin) {
+                    callback(null, true);
+                    return;
+                }
+                // In development, allow all localhost origins (strict match: must be http://localhost or http://localhost:PORT)
+                if (environment === 'development' && /^http:\/\/localhost(?::\d+)?$/.test(origin)) {
+                    callback(null, true);
+                    return;
+                }
+                // In development, allow Apollo Studio origins
+                if (environment === 'development' && apolloStudioOrigins.includes(origin)) {
+                    callback(null, true);
+                    return;
+                }
+                // Check against configured allowed origins list (case-insensitive)
+                if (corsOrigins.some(allowed => allowed.toLowerCase() === origin.toLowerCase())) {
+                    callback(null, true);
+                    return;
+                }
+                // Reject unknown origins
+                callback(new Error('Not allowed by CORS'));
+            },
+            credentials: true,
+            methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
+            allowedHeaders: corsAllowedHeaders,
+            exposedHeaders: ['X-Total-Count', 'X-Page-Number'],
+            maxAge: 3600,
+        });
+        logger.log(corsOrigins.length > 0
+            ? `CORS configured for environment: ${environment}, Allowed origins: ${corsOrigins.join(', ')}`
+            : `CORS configured for environment: ${environment}, Using smart origin validation`);
+    }
+}
+//# sourceMappingURL=security-bootstrap.factory.js.map

package/build/common/factories/security-bootstrap.factory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-bootstrap.factory.js","sourceRoot":"","sources":["../../../src/common/factories/security-bootstrap.factory.ts"],"names":[],"mappings":"AACA;;;;;;;;GAQG;AAEH,OAAO,EAAoB,MAAM,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC1E,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,WAAW,MAAM,aAAa,CAAC;AACtC,OAAO,OAA4C,MAAM,SAAS,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAiC7E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AACH,MAAM,UAAU,uBAAuB,CACtC,GAAqB,EACrB,UAAoC,EAAE;IAEtC,MAAM,EACL,WAAW,GAAG,EAAE,EAChB,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,aAAa,EACtD,kBAAkB,GAAG,IAAI,EACzB,UAAU,GAAG,IAAI,EACjB,aAAa,GAAG,IAAI,EACpB,iCAAiC,GAAG,IAAI,EACxC,WAAW,GAAG,IAAI,EAClB,kBAAkB,GAAG,CAAC,cAAc,EAAE,eAAe,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,8BAA8B,EAAE,cAAc,CAAC,EACvJ,aAAa,GAAG,EAAE,EAClB,SAAS,GAAG,EAAE,EACd,WAAW,GAAG,EAAE,EAChB,UAAU,GAAG,EAAE,EACf,WAAW,GAAG,MAAM,EACpB,MAAM,GAAG,IAAI,MAAM,CAAC,mBAAmB,CAAC,GACxC,GAAG,OAAO,CAAC;IAEZ,oCAAoC;IACpC,MAAM,yBAAyB,GAAG,CAAC,CAAC;IACpC,MAAM,6BAA6B,GAAG,IAAI,CAAC;IAE3C,yCAAyC;IACzC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;IAC9C,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;IACpE,MAAM,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;IAE/C,uCAAuC;IACvC,IAAI,kBAAkB,EAAE,CAAC;QACxB,GAAG,CAAC,GAAG,CACN,WAAW,CAAC;YACX,KAAK,EAAE,yBAAyB;YAChC,SAAS,EAAE,6BAA6B;YACxC,MAAM,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;gBACvC,oDAAoD;gBACpD,IAAI,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;oBACrC,OAAO,KAAK,CAAC;gBACd,CAAC;gBACD,0CAA0C;gBAC1C,OAAO,WAAW,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACrC,CAAC;SACD,CAAC,CACF,CAAC;QACF,MAAM,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;IAC5E,CAAC;IAED,wDAAwD;IACxD,IAAI,iCAAiC,EAAE,CAAC;QACvC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAY,EAAE,IAAc,EAAE,IAAkB,EAAE,EAAE;YAC5D,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;gBACd,GAAG,CAAC,IAAI,GAAG,cAAc,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;YAChD,CAAC;YACD,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;gBAChB,GAAG,CAAC,MAAM,GAAG,cAAc,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;YACpD,CAAC;YACD,IAAI,GAAG,CAAC,OAAO,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;gBACpD,GAAG,CAAC,OAAO,GAAG,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC3C,CAAC;YACD,IAAI,EAAE,CAAC;QACR,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;IAC/D,CAAC;IAED,0CAA0C;IAC1C,IAAI,UAAU,EAAE,CAAC;QAChB,GAAG,CAAC,GAAG,CAAC,CAAC,GAAY,EAAE,IAAc,EAAE,IAAkB,EAAE,EAAE;YAC5D,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;gBACd,GAAG,CAAC,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAC1C,CAAC;YACD,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gBACf,GAAG,CAAC,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAsD,CAAC;YACjG,CAAC;YACD,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;gBAChB,GAAG,CAAC,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAA2B,CAAC;YACxE,CAAC;YACD,IAAI,EAAE,CAAC;QACR,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;IACnD,CAAC;IAED,+CAA+C;IAC/C,IAAI,aAAa,EAAE,CAAC;QACnB,GAAG,CAAC,GAAG,CACN,MAAM,CAAC;YACN,qBAAqB,EAAE;gBACtB,UAAU,EAAE;oBACX,UAAU,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;oBACtC,SAAS,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;oBACrC,QAAQ,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,EAAE,GAAG,WAAW,CAAC,CAAC,CAAC;oBACpD,MAAM,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,EAAE,GAAG,SAAS,CAAC,CAAC,CAAC;oBAChD,UAAU,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,EAAE,GAAG,aAAa,CAAC,CAAC,CAAC;oBACxD,OAAO,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,EAAE,GAAG,UAAU,CAAC,CAAC,CAAC;oBAClD,OAAO,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;oBACnC,SAAS,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;oBACrC,QAAQ,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;oBACpC,QAAQ,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;iBACpC;aACD;YACD,IAAI,EAAE;gBACL,MAAM,EAAE,QAAQ,EAAE,SAAS;gBAC3B,iBAAiB,EAAE,IAAI;gBACvB,OAAO,EAAE,IAAI;aACb;YACD,UAAU,EAAE;gBACX,MAAM,EAAE,MAAM;aACd;YACD,cAAc,EAAE;gBACf,MAAM,EAAE,iCAAiC;aACzC;YACD,OAAO,EAAE,IAAI;YACb,SAAS,EAAE,IAAI;YACf,kBAAkB,EAAE;gBACnB,KAAK,EAAE,KAAK;aACZ;SACD,CAAC,CACF,CAAC;QACF,MAAM,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;IAClD,CAAC;IAED,uCAAuC;IACvC,GAAG,CAAC,cAAc,CACjB,IAAI,cAAc,CAAC;QAClB,SAAS,EAAE,IAAI;QACf,oBAAoB,EAAE,IAAI;QAC1B,SAAS,EAAE,IAAI;KACf,CAAC,CACF,CAAC;IACF,MAAM,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;IAE/C,mDAAmD;IACnD,IAAI,WAAW,EAAE,CAAC;QACjB,wDAAwD;QACxD,MAAM,mBAAmB,GAAG;YAC3B,kCAAkC;YAClC,4BAA4B;SAC5B,CAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;WA4BG;QACH,GAAG,CAAC,UAAU,CAAC;YACd,MAAM,EAAE,CAAC,MAA0B,EAAE,QAAsD,EAAE,EAAE;gBAC9F,mEAAmE;gBACnE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACb,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;oBACrB,OAAO;gBACR,CAAC;gBAED,gHAAgH;gBAChH,IAAI,WAAW,KAAK,aAAa,IAAI,+BAA+B,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;oBACnF,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;oBACrB,OAAO;gBACR,CAAC;gBAED,8CAA8C;gBAC9C,IAAI,WAAW,KAAK,aAAa,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC3E,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;oBACrB,OAAO;gBACR,CAAC;gBAED,mEAAmE;gBACnE,IAAI,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;oBACjF,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;oBACrB,OAAO;gBACR,CAAC;gBAED,yBAAyB;gBACzB,QAAQ,CAAC,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;YAC5C,CAAC;YACD,WAAW,EAAE,IAAI;YACjB,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC;YAC7D,cAAc,EAAE,kBAAkB;YAClC,cAAc,EAAE,CAAC,eAAe,EAAE,eAAe,CAAC;YAClD,MAAM,EAAE,IAAI;SACZ,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CACT,WAAW,CAAC,MAAM,GAAG,CAAC;YACrB,CAAC,CAAC,oCAAoC,WAAW,sBAAsB,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YAC/F,CAAC,CAAC,oCAAoC,WAAW,iCAAiC,CACnF,CAAC;IACH,CAAC;AACF,CAAC"}

package/build/common/filters/global-exception.filter.d.ts

@@ -0,0 +1,78 @@
+import { ExceptionFilter, ArgumentsHost } from '@nestjs/common';
+import { ModuleRef } from '@nestjs/core';
+import { LazyModuleRefService } from '../utils/lazy-getter.types.js';
+/**
+ * Standard error response structure for all exceptions.
+ */
+export interface ErrorResponseBody {
+    success: false;
+    error: {
+        code: string;
+        message: string;
+        timestamp: string;
+        context?: Record<string, any>;
+        stack?: string;
+    };
+}
+/**
+ * Global Exception Filter.
+ * Catches all unhandled exceptions except HttpException (which is handled by HttpExceptionFilter).
+ * Standardizes error responses with consistent structure and logs all errors with categorization.
+ *
+ * Handles:
+ * - BaseApplicationError: Standardized application errors with code, status, context
+ * - Error: Generic JavaScript errors
+ * - Unknown: Unclassified exceptions
+ *
+ * Error Response Format:
+ * - success: false
+ * - error.code: Error code for programmatic handling
+ * - error.message: Human-readable error message
+ * - error.timestamp: ISO timestamp of error occurrence
+ * - error.context: Additional context (development only)
+ * - error.stack: Stack trace (development only)
+ *
+ * @remarks
+ * - Automatically redacts sensitive information via ErrorSanitizerService
+ * - Categorizes errors for logging (transient vs permanent, retryable, strategy)
+ * - Development mode includes full context and stack traces
+ * - Production mode shows generic error messages for security
+ * - Logs request details: method, URL, IP, user-agent
+ *
+ * @example
+ * ```typescript
+ * // Development response
+ * {
+ *   success: false,
+ *   error: {
+ *     code: 'USER_NOT_FOUND',
+ *     message: 'User with ID 123 not found',
+ *     timestamp: '2024-01-01T12:00:00.000Z',
+ *     context: { userId: '123' },
+ *     stack: '...'
+ *   }
+ * }
+ *
+ * // Production response
+ * {
+ *   success: false,
+ *   error: {
+ *     code: 'USER_NOT_FOUND',
+ *     message: 'User with ID 123 not found',
+ *     timestamp: '2024-01-01T12:00:00.000Z'
+ *   }
+ * }
+ * ```
+ */
+export declare class GlobalExceptionFilter implements ExceptionFilter, LazyModuleRefService {
+    private _logger;
+    private _errorSanitizer;
+    private _errorCategorizer;
+    readonly Module: ModuleRef;
+    constructor(module: ModuleRef);
+    private get Logger();
+    private get ErrorSanitizer();
+    private get ErrorCategorizer();
+    catch(exception: unknown, host: ArgumentsHost): void;
+}
+//# sourceMappingURL=global-exception.filter.d.ts.map

package/build/common/filters/global-exception.filter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"global-exception.filter.d.ts","sourceRoot":"","sources":["../../../src/common/filters/global-exception.filter.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,eAAe,EAEf,aAAa,EAEb,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAMzC,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAErE;;GAEG;AACH,MAAM,WAAW,iBAAiB;IACjC,OAAO,EAAE,KAAK,CAAC;IACf,KAAK,EAAE;QACN,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,EAAE,MAAM,CAAC;QAClB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACF;AAOD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;AACH,qBACa,qBAAsB,YAAW,eAAe,EAAE,oBAAoB;IAClF,OAAO,CAAC,OAAO,CAAwB;IACvC,OAAO,CAAC,eAAe,CAAoC;IAC3D,OAAO,CAAC,iBAAiB,CAAsC;IAC/D,SAAgB,MAAM,EAAE,SAAS,CAAC;gBAEtB,MAAM,EAAE,SAAS;IAI7B,OAAO,KAAK,MAAM,GAGjB;IAED,OAAO,KAAK,cAAc,GAGzB;IAED,OAAO,KAAK,gBAAgB,GAG3B;IAEM,KAAK,CAAC,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa,GAAG,IAAI;CAuG3D"}

package/build/common/filters/global-exception.filter.js

@@ -0,0 +1,192 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+import { Catch, HttpStatus, } from '@nestjs/common';
+import { ModuleRef } from '@nestjs/core';
+import { BaseApplicationError } from '../errors/base-application-error.js';
+import { AppLogger } from '../services/logger.service.js';
+import { ErrorSanitizerService } from '../services/error-sanitizer.service.js';
+import { ErrorCategorizerService } from '../services/error-categorizer.service.js';
+/**
+ * Development environments where stack traces and full error details are shown
+ */
+const DEV_ENVIRONMENTS = new Set(['development', 'dev', 'local', 'test']);
+/**
+ * Global Exception Filter.
+ * Catches all unhandled exceptions except HttpException (which is handled by HttpExceptionFilter).
+ * Standardizes error responses with consistent structure and logs all errors with categorization.
+ *
+ * Handles:
+ * - BaseApplicationError: Standardized application errors with code, status, context
+ * - Error: Generic JavaScript errors
+ * - Unknown: Unclassified exceptions
+ *
+ * Error Response Format:
+ * - success: false
+ * - error.code: Error code for programmatic handling
+ * - error.message: Human-readable error message
+ * - error.timestamp: ISO timestamp of error occurrence
+ * - error.context: Additional context (development only)
+ * - error.stack: Stack trace (development only)
+ *
+ * @remarks
+ * - Automatically redacts sensitive information via ErrorSanitizerService
+ * - Categorizes errors for logging (transient vs permanent, retryable, strategy)
+ * - Development mode includes full context and stack traces
+ * - Production mode shows generic error messages for security
+ * - Logs request details: method, URL, IP, user-agent
+ *
+ * @example
+ * ```typescript
+ * // Development response
+ * {
+ *   success: false,
+ *   error: {
+ *     code: 'USER_NOT_FOUND',
+ *     message: 'User with ID 123 not found',
+ *     timestamp: '2024-01-01T12:00:00.000Z',
+ *     context: { userId: '123' },
+ *     stack: '...'
+ *   }
+ * }
+ *
+ * // Production response
+ * {
+ *   success: false,
+ *   error: {
+ *     code: 'USER_NOT_FOUND',
+ *     message: 'User with ID 123 not found',
+ *     timestamp: '2024-01-01T12:00:00.000Z'
+ *   }
+ * }
+ * ```
+ */
+let GlobalExceptionFilter = class GlobalExceptionFilter {
+    _logger;
+    _errorSanitizer;
+    _errorCategorizer;
+    Module;
+    constructor(module) {
+        this.Module = module;
+    }
+    get Logger() {
+        this._logger ??= this.Module.get(AppLogger);
+        return this._logger;
+    }
+    get ErrorSanitizer() {
+        this._errorSanitizer ??= this.Module.get(ErrorSanitizerService);
+        return this._errorSanitizer;
+    }
+    get ErrorCategorizer() {
+        this._errorCategorizer ??= this.Module.get(ErrorCategorizerService);
+        return this._errorCategorizer;
+    }
+    catch(exception, host) {
+        // Handle regular HTTP requests
+        const ctx = host.switchToHttp();
+        const response = ctx.getResponse();
+        const request = ctx.getRequest();
+        const isProduction = !DEV_ENVIRONMENTS.has(process.env['NODE_ENV'] ?? '');
+        const isDevelopment = !isProduction;
+        let status;
+        let errorResponse;
+        let errorCategory;
+        let errorTrace;
+        // Standardize error response structure for all exception types
+        if (exception instanceof BaseApplicationError) {
+            // Standardized application error
+            status = exception.statusCode;
+            errorResponse = {
+                success: false,
+                error: {
+                    code: exception.code,
+                    message: exception.message,
+                    timestamp: exception.timestamp.toISOString(),
+                    ...(isDevelopment ? {
+                        context: exception.context,
+                        stack: exception.stack,
+                    } : {}),
+                },
+            };
+            errorCategory = this.ErrorCategorizer.categorizeError(exception);
+            errorTrace = isDevelopment ? exception.stack : undefined;
+        }
+        else if (exception instanceof Error) {
+            // Generic Error
+            status = HttpStatus.INTERNAL_SERVER_ERROR;
+            errorResponse = {
+                success: false,
+                error: {
+                    code: 'INTERNAL_SERVER_ERROR',
+                    message: isDevelopment ? exception.message : 'An unexpected error occurred',
+                    timestamp: new Date().toISOString(),
+                    ...(isDevelopment ? { stack: exception.stack } : {}),
+                },
+            };
+            errorCategory = this.ErrorCategorizer.categorizeError(exception);
+            errorTrace = isDevelopment ? exception.stack : undefined;
+        }
+        else {
+            // Unknown exception type
+            status = HttpStatus.INTERNAL_SERVER_ERROR;
+            errorResponse = {
+                success: false,
+                error: {
+                    code: 'UNKNOWN_ERROR',
+                    message: isDevelopment ? String(exception) : 'An unexpected error occurred',
+                    timestamp: new Date().toISOString(),
+                },
+            };
+            errorCategory = {
+                type: 'permanent',
+                retryable: false,
+                strategy: 'fail',
+            };
+        }
+        // Log the error with categorization
+        this.Logger.error('Global exception caught', errorTrace, undefined, {
+            message: errorResponse.error.message,
+            status,
+            errorType: errorCategory.type,
+            retryable: errorCategory.retryable,
+            strategy: errorCategory.strategy,
+            backoffMs: errorCategory.backoffMs,
+            url: request.url,
+            method: request.method,
+            userAgent: request.get('User-Agent'),
+            ip: request.ip,
+        });
+        // Sanitize error response for production
+        // Pass the nested error object (which has .message, .stack, .context) to the sanitizer,
+        // then reconstruct the full response envelope with the sanitized inner object.
+        const sanitizedInner = this.ErrorSanitizer.sanitizeErrorResponse({
+            message: errorResponse.error.message,
+            statusCode: status,
+            stack: errorResponse.error.stack,
+            context: errorResponse.error.context,
+        }, isDevelopment);
+        const sanitizedError = {
+            success: false,
+            error: {
+                code: errorResponse.error.code,
+                message: sanitizedInner.message,
+                timestamp: errorResponse.error.timestamp,
+                ...(isDevelopment && sanitizedInner.context ? { context: sanitizedInner.context } : {}),
+                ...(isDevelopment && sanitizedInner.stack ? { stack: sanitizedInner.stack } : {}),
+            },
+        };
+        response.status(status).json(sanitizedError);
+    }
+};
+GlobalExceptionFilter = __decorate([
+    Catch(BaseApplicationError, Error),
+    __metadata("design:paramtypes", [ModuleRef])
+], GlobalExceptionFilter);
+export { GlobalExceptionFilter };
+//# sourceMappingURL=global-exception.filter.js.map

package/build/common/filters/global-exception.filter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"global-exception.filter.js","sourceRoot":"","sources":["../../../src/common/filters/global-exception.filter.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAEN,KAAK,EAEL,UAAU,GACV,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,OAAO,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAC;AAC3E,OAAO,EAAE,SAAS,EAAE,MAAM,+BAA+B,CAAC;AAC1D,OAAO,EAAE,qBAAqB,EAAE,MAAM,wCAAwC,CAAC;AAC/E,OAAO,EAAE,uBAAuB,EAAsB,MAAM,0CAA0C,CAAC;AAiBvG;;GAEG;AACH,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,CAAC,aAAa,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;AAE1E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;AAEI,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IACzB,OAAO,CAAwB;IAC/B,eAAe,CAAoC;IACnD,iBAAiB,CAAsC;IAC/C,MAAM,CAAY;IAElC,YAAY,MAAiB;QAC5B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACtB,CAAC;IAED,IAAY,MAAM;QACjB,IAAI,CAAC,OAAO,KAAK,IAAI,CAAC,MAAM,CAAC,GAAG,CAAY,SAAS,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC,OAAO,CAAC;IACrB,CAAC;IAED,IAAY,cAAc;QACzB,IAAI,CAAC,eAAe,KAAK,IAAI,CAAC,MAAM,CAAC,GAAG,CAAwB,qBAAqB,CAAC,CAAC;QACvF,OAAO,IAAI,CAAC,eAAe,CAAC;IAC7B,CAAC;IAED,IAAY,gBAAgB;QAC3B,IAAI,CAAC,iBAAiB,KAAK,IAAI,CAAC,MAAM,CAAC,GAAG,CAA0B,uBAAuB,CAAC,CAAC;QAC7F,OAAO,IAAI,CAAC,iBAAiB,CAAC;IAC/B,CAAC;IAEM,KAAK,CAAC,SAAkB,EAAE,IAAmB;QACnD,+BAA+B;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAY,CAAC;QAC7C,MAAM,OAAO,GAAG,GAAG,CAAC,UAAU,EAAW,CAAC;QAE1C,MAAM,YAAY,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;QAC1E,MAAM,aAAa,GAAG,CAAC,YAAY,CAAC;QAEpC,IAAI,MAAc,CAAC;QACnB,IAAI,aAAgC,CAAC;QACrC,IAAI,aAA4B,CAAC;QACjC,IAAI,UAA8B,CAAC;QAEnC,+DAA+D;QAC/D,IAAI,SAAS,YAAY,oBAAoB,EAAE,CAAC;YAC/C,iCAAiC;YACjC,MAAM,GAAG,SAAS,CAAC,UAAU,CAAC;YAC9B,aAAa,GAAG;gBACf,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACN,IAAI,EAAE,SAAS,CAAC,IAAI;oBACpB,OAAO,EAAE,SAAS,CAAC,OAAO;oBAC1B,SAAS,EAAE,SAAS,CAAC,SAAS,CAAC,WAAW,EAAE;oBAC5C,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;wBACnB,OAAO,EAAE,SAAS,CAAC,OAAO;wBAC1B,KAAK,EAAE,SAAS,CAAC,KAAK;qBACtB,CAAC,CAAC,CAAC,EAAE,CAAC;iBACP;aACD,CAAC;YACF,aAAa,GAAG,IAAI,CAAC,gBAAgB,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;YACjE,UAAU,GAAG,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAC1D,CAAC;aAAM,IAAI,SAAS,YAAY,KAAK,EAAE,CAAC;YACvC,gBAAgB;YAChB,MAAM,GAAG,UAAU,CAAC,qBAAqB,CAAC;YAC1C,aAAa,GAAG;gBACf,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACN,IAAI,EAAE,uBAAuB;oBAC7B,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,8BAA8B;oBAC3E,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACpD;aACD,CAAC;YACF,aAAa,GAAG,IAAI,CAAC,gBAAgB,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;YACjE,UAAU,GAAG,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAC1D,CAAC;aAAM,CAAC;YACP,yBAAyB;YACzB,MAAM,GAAG,UAAU,CAAC,qBAAqB,CAAC;YAC1C,aAAa,GAAG;gBACf,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACN,IAAI,EAAE,eAAe;oBACrB,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,8BAA8B;oBAC3E,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACnC;aACD,CAAC;YACF,aAAa,GAAG;gBACf,IAAI,EAAE,WAAW;gBACjB,SAAS,EAAE,KAAK;gBAChB,QAAQ,EAAE,MAAM;aAChB,CAAC;QACH,CAAC;QAED,oCAAoC;QACpC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,UAAU,EAAE,SAAS,EAAE;YACnE,OAAO,EAAE,aAAa,CAAC,KAAK,CAAC,OAAO;YACpC,MAAM;YACN,SAAS,EAAE,aAAa,CAAC,IAAI;YAC7B,SAAS,EAAE,aAAa,CAAC,SAAS;YAClC,QAAQ,EAAE,aAAa,CAAC,QAAQ;YAChC,SAAS,EAAE,aAAa,CAAC,SAAS;YAClC,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;YACpC,EAAE,EAAE,OAAO,CAAC,EAAE;SACd,CAAC,CAAC;QAEH,yCAAyC;QACzC,wFAAwF;QACxF,+EAA+E;QAC/E,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,qBAAqB,CAC/D;YACC,OAAO,EAAE,aAAa,CAAC,KAAK,CAAC,OAAO;YACpC,UAAU,EAAE,MAAM;YAClB,KAAK,EAAE,aAAa,CAAC,KAAK,CAAC,KAAK;YAChC,OAAO,EAAE,aAAa,CAAC,KAAK,CAAC,OAAO;SACpC,EACD,aAAa,CACb,CAAC;QACF,MAAM,cAAc,GAAsB;YACzC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE;gBACN,IAAI,EAAE,aAAa,CAAC,KAAK,CAAC,IAAI;gBAC9B,OAAO,EAAE,cAAc,CAAC,OAAiB;gBACzC,SAAS,EAAE,aAAa,CAAC,KAAK,CAAC,SAAS;gBACxC,GAAG,CAAC,aAAa,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,cAAc,CAAC,OAA8B,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC9G,GAAG,CAAC,aAAa,IAAI,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,cAAc,CAAC,KAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC3F;SACD,CAAC;QAEF,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC9C,CAAC;CACD,CAAA;AAhIY,qBAAqB;IADjC,KAAK,CAAC,oBAAoB,EAAE,KAAK,CAAC;qCAOd,SAAS;GANjB,qBAAqB,CAgIjC"}

package/build/common/filters/http-exception.filter.d.ts

@@ -0,0 +1,37 @@
+import { ExceptionFilter, ArgumentsHost, HttpException } from '@nestjs/common';
+import { ModuleRef } from '@nestjs/core';
+import { LazyModuleRefService } from '../utils/lazy-getter.types.js';
+/**
+ * HTTP Exception Filter.
+ * Handles all HTTP exceptions (400, 401, 403, 404, etc.) and formats error responses consistently.
+ * Complements GlobalExceptionFilter by handling NestJS built-in and thrown HTTP exceptions.
+ *
+ * Error Response Format:
+ * - Preserves original HTTP status code and response body
+ * - Sanitizes sensitive information before sending to client
+ * - Categorizes error for logging (transient vs permanent)
+ *
+ * @remarks
+ * - Automatically redacts sensitive data via ErrorSanitizerService
+ * - Logs error with categorization for monitoring
+ * - Preserves original exception response structure
+ * - Works in conjunction with GlobalExceptionFilter (processes first)
+ *
+ * @example
+ * ```typescript
+ * // Handled exceptions
+ * throw new BadRequestException('Invalid input'); // 400
+ * throw new UnauthorizedException('Invalid token'); // 401
+ * throw new ForbiddenException('Access denied'); // 403
+ * throw new NotFoundException('User not found'); // 404
+ * ```
+ */
+export declare class HttpExceptionFilter implements ExceptionFilter, LazyModuleRefService {
+    readonly Module: ModuleRef;
+    constructor(module: ModuleRef);
+    private get Logger();
+    private get ErrorSanitizer();
+    private get ErrorCategorizer();
+    catch(exception: HttpException, host: ArgumentsHost): void;
+}
+//# sourceMappingURL=http-exception.filter.d.ts.map

package/build/common/filters/http-exception.filter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-exception.filter.d.ts","sourceRoot":"","sources":["../../../src/common/filters/http-exception.filter.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,eAAe,EAEf,aAAa,EACb,aAAa,EACb,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAKzC,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAOrE;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,qBACa,mBAAoB,YAAW,eAAe,EAAE,oBAAoB;IAChF,SAAgB,MAAM,EAAE,SAAS,CAAC;gBAEtB,MAAM,EAAE,SAAS;IAI7B,OAAO,KAAK,MAAM,GAEjB;IAED,OAAO,KAAK,cAAc,GAEzB;IAED,OAAO,KAAK,gBAAgB,GAE3B;IAEM,KAAK,CAAC,SAAS,EAAE,aAAa,EAAE,IAAI,EAAE,aAAa,GAAG,IAAI;CAmCjE"}

package/build/common/filters/http-exception.filter.js

@@ -0,0 +1,91 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+import { Catch, HttpException, } from '@nestjs/common';
+import { ModuleRef } from '@nestjs/core';
+import { AppLogger } from '../services/logger.service.js';
+import { ErrorSanitizerService } from '../services/error-sanitizer.service.js';
+import { ErrorCategorizerService } from '../services/error-categorizer.service.js';
+/**
+ * Development environments where stack traces and full error details are shown
+ */
+const DEV_ENVIRONMENTS = new Set(['development', 'dev', 'local', 'test']);
+/**
+ * HTTP Exception Filter.
+ * Handles all HTTP exceptions (400, 401, 403, 404, etc.) and formats error responses consistently.
+ * Complements GlobalExceptionFilter by handling NestJS built-in and thrown HTTP exceptions.
+ *
+ * Error Response Format:
+ * - Preserves original HTTP status code and response body
+ * - Sanitizes sensitive information before sending to client
+ * - Categorizes error for logging (transient vs permanent)
+ *
+ * @remarks
+ * - Automatically redacts sensitive data via ErrorSanitizerService
+ * - Logs error with categorization for monitoring
+ * - Preserves original exception response structure
+ * - Works in conjunction with GlobalExceptionFilter (processes first)
+ *
+ * @example
+ * ```typescript
+ * // Handled exceptions
+ * throw new BadRequestException('Invalid input'); // 400
+ * throw new UnauthorizedException('Invalid token'); // 401
+ * throw new ForbiddenException('Access denied'); // 403
+ * throw new NotFoundException('User not found'); // 404
+ * ```
+ */
+let HttpExceptionFilter = class HttpExceptionFilter {
+    Module;
+    constructor(module) {
+        this.Module = module;
+    }
+    get Logger() {
+        return this.Module.get(AppLogger);
+    }
+    get ErrorSanitizer() {
+        return this.Module.get(ErrorSanitizerService);
+    }
+    get ErrorCategorizer() {
+        return this.Module.get(ErrorCategorizerService);
+    }
+    catch(exception, host) {
+        // Handle regular HTTP requests
+        const ctx = host.switchToHttp();
+        const response = ctx.getResponse();
+        const status = exception.getStatus();
+        const isProduction = !DEV_ENVIRONMENTS.has(process.env['NODE_ENV'] ?? '');
+        const isDevelopment = !isProduction;
+        // Normalize response to object for sanitization
+        const exceptionResponse = exception.getResponse();
+        const errorObj = typeof exceptionResponse === 'string'
+            ? { message: exceptionResponse, statusCode: status }
+            : exceptionResponse;
+        // Sanitize error response
+        const sanitizedError = this.ErrorSanitizer.sanitizeErrorResponse(errorObj, isDevelopment);
+        // Categorize and log error
+        const errorCategory = this.ErrorCategorizer.categorizeError(exception);
+        this.Logger.error('HTTP Exception caught', undefined, undefined, {
+            message: exception.message,
+            status,
+            errorType: errorCategory.type,
+            retryable: errorCategory.retryable,
+            strategy: errorCategory.strategy,
+            backoffMs: errorCategory.backoffMs,
+            stack: isDevelopment ? exception.stack : undefined,
+        });
+        response.status(status).json(sanitizedError);
+    }
+};
+HttpExceptionFilter = __decorate([
+    Catch(HttpException),
+    __metadata("design:paramtypes", [ModuleRef])
+], HttpExceptionFilter);
+export { HttpExceptionFilter };
+//# sourceMappingURL=http-exception.filter.js.map

package/build/common/filters/http-exception.filter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-exception.filter.js","sourceRoot":"","sources":["../../../src/common/filters/http-exception.filter.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAEN,KAAK,EAEL,aAAa,GACb,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,OAAO,EAAE,SAAS,EAAE,MAAM,+BAA+B,CAAC;AAC1D,OAAO,EAAE,qBAAqB,EAAE,MAAM,wCAAwC,CAAC;AAC/E,OAAO,EAAE,uBAAuB,EAAE,MAAM,0CAA0C,CAAC;AAGnF;;GAEG;AACH,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,CAAC,aAAa,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;AAE1E;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEI,IAAM,mBAAmB,GAAzB,MAAM,mBAAmB;IACf,MAAM,CAAY;IAElC,YAAY,MAAiB;QAC5B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACtB,CAAC;IAED,IAAY,MAAM;QACjB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACnC,CAAC;IAED,IAAY,cAAc;QACzB,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAC/C,CAAC;IAED,IAAY,gBAAgB;QAC3B,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;IACjD,CAAC;IAEM,KAAK,CAAC,SAAwB,EAAE,IAAmB;QACzD,+BAA+B;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAY,CAAC;QAC7C,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,EAAE,CAAC;QAErC,MAAM,YAAY,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;QAC1E,MAAM,aAAa,GAAG,CAAC,YAAY,CAAC;QAEpC,gDAAgD;QAChD,MAAM,iBAAiB,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;QAClD,MAAM,QAAQ,GAAG,OAAO,iBAAiB,KAAK,QAAQ;YACrD,CAAC,CAAC,EAAE,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,EAAE;YACpD,CAAC,CAAC,iBAAiB,CAAC;QAErB,0BAA0B;QAC1B,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,qBAAqB,CAC/D,QAA+B,EAC/B,aAAa,CACb,CAAC;QAEF,2BAA2B;QAC3B,MAAM,aAAa,GAAG,IAAI,CAAC,gBAAgB,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QACvE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE,SAAS,EAAE,SAAS,EAAE;YAChE,OAAO,EAAE,SAAS,CAAC,OAAO;YAC1B,MAAM;YACN,SAAS,EAAE,aAAa,CAAC,IAAI;YAC7B,SAAS,EAAE,aAAa,CAAC,SAAS;YAClC,QAAQ,EAAE,aAAa,CAAC,QAAQ;YAChC,SAAS,EAAE,aAAa,CAAC,SAAS;YAClC,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;SAClD,CAAC,CAAC;QAEH,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC9C,CAAC;CACD,CAAA;AAtDY,mBAAmB;IAD/B,KAAK,CAAC,aAAa,CAAC;qCAIA,SAAS;GAHjB,mBAAmB,CAsD/B"}