@terreno/api 0.13.2 → 0.14.0

package/dist/envConfigurationPlugin.test.js

@@ -0,0 +1,322 @@
+"use strict";
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+var __values = (this && this.__values) || function(o) {
+    var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
+    if (m) return m.call(o);
+    if (o && typeof o.length === "number") return {
+        next: function () {
+            if (o && i >= o.length) o = void 0;
+            return { value: o && o[i++], done: !o };
+        }
+    };
+    throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
+};
+var __read = (this && this.__read) || function (o, n) {
+    var m = typeof Symbol === "function" && o[Symbol.iterator];
+    if (!m) return o;
+    var i = m.call(o), r, ar = [], e;
+    try {
+        while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);
+    }
+    catch (error) { e = { error: error }; }
+    finally {
+        try {
+            if (r && !r.done && (m = i["return"])) m.call(i);
+        }
+        finally { if (e) throw e.error; }
+    }
+    return ar;
+};
+var _a;
+Object.defineProperty(exports, "__esModule", { value: true });
+// biome-ignore-all lint/suspicious/noExplicitAny: test model typing
+var bun_test_1 = require("bun:test");
+var mongoose_1 = __importStar(require("mongoose"));
+var config_1 = require("./config");
+var envConfigurationPlugin_1 = require("./envConfigurationPlugin");
+var testSchema = new mongoose_1.Schema({}, { strict: "throw" });
+testSchema.plugin(envConfigurationPlugin_1.envConfigurationPlugin);
+var TestEnvConfig = (_a = mongoose_1.default.models.TestEnvConfig) !== null && _a !== void 0 ? _a : mongoose_1.default.model("TestEnvConfig", testSchema);
+var setupLoader = function () {
+    config_1.Config.setEnvLoader(function () { return __awaiter(void 0, void 0, void 0, function () {
+        var doc, out, _a, _b, _c, k, v;
+        var e_1, _d;
+        return __generator(this, function (_e) {
+            switch (_e.label) {
+                case 0: return [4 /*yield*/, TestEnvConfig.findOne({}).lean()];
+                case 1:
+                    doc = (_e.sent());
+                    if (!(doc === null || doc === void 0 ? void 0 : doc.env)) {
+                        return [2 /*return*/, {}];
+                    }
+                    if (doc.env instanceof Map) {
+                        out = {};
+                        try {
+                            for (_a = __values(doc.env), _b = _a.next(); !_b.done; _b = _a.next()) {
+                                _c = __read(_b.value, 2), k = _c[0], v = _c[1];
+                                out[k] = v;
+                            }
+                        }
+                        catch (e_1_1) { e_1 = { error: e_1_1 }; }
+                        finally {
+                            try {
+                                if (_b && !_b.done && (_d = _a.return)) _d.call(_a);
+                            }
+                            finally { if (e_1) throw e_1.error; }
+                        }
+                        return [2 /*return*/, out];
+                    }
+                    return [2 /*return*/, __assign({}, doc.env)];
+            }
+        });
+    }); });
+};
+(0, bun_test_1.describe)("envConfigurationPlugin", function () {
+    (0, bun_test_1.beforeEach)(function () { return __awaiter(void 0, void 0, void 0, function () {
+        var _a;
+        return __generator(this, function (_b) {
+            switch (_b.label) {
+                case 0:
+                    config_1.Config.clearRegistryForTesting();
+                    config_1.Config.clearOverrides();
+                    config_1.Config.setCachedEnv(null);
+                    config_1.Config.setEnvLoader(null);
+                    Reflect.deleteProperty(process.env, "TERRENO_PLUGIN_KEY");
+                    config_1.Config.register("TERRENO_PLUGIN_KEY", { default: "fallback" });
+                    return [4 /*yield*/, ((_a = mongoose_1.default.connection.db) === null || _a === void 0 ? void 0 : _a.collection("testenvconfigs").deleteMany({}))];
+                case 1:
+                    _b.sent();
+                    setupLoader();
+                    return [2 /*return*/];
+            }
+        });
+    }); });
+    (0, bun_test_1.afterEach)(function () { return __awaiter(void 0, void 0, void 0, function () {
+        var _a;
+        return __generator(this, function (_b) {
+            switch (_b.label) {
+                case 0:
+                    config_1.Config.clearRegistryForTesting();
+                    config_1.Config.clearOverrides();
+                    config_1.Config.setCachedEnv(null);
+                    config_1.Config.setEnvLoader(null);
+                    Reflect.deleteProperty(process.env, "TERRENO_PLUGIN_KEY");
+                    return [4 /*yield*/, ((_a = mongoose_1.default.connection.db) === null || _a === void 0 ? void 0 : _a.collection("testenvconfigs").deleteMany({}))];
+                case 1:
+                    _b.sent();
+                    return [2 /*return*/];
+            }
+        });
+    }); });
+    (0, bun_test_1.it)("adds an env Map field to the schema", function () {
+        var doc = new TestEnvConfig();
+        (0, bun_test_1.expect)(doc.env).toBeInstanceOf(Map);
+    });
+    (0, bun_test_1.it)("Config.refresh() loads values from the document", function () { return __awaiter(void 0, void 0, void 0, function () {
+        var doc;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0:
+                    doc = new TestEnvConfig();
+                    doc.env.set("TERRENO_PLUGIN_KEY", "fromDoc");
+                    return [4 /*yield*/, doc.save()];
+                case 1:
+                    _a.sent();
+                    config_1.Config.setCachedEnv(null);
+                    return [4 /*yield*/, config_1.Config.refresh()];
+                case 2:
+                    _a.sent();
+                    (0, bun_test_1.expect)(config_1.Config.get("TERRENO_PLUGIN_KEY")).toBe("fromDoc");
+                    return [2 /*return*/];
+            }
+        });
+    }); });
+    (0, bun_test_1.it)("post-save hook refreshes the cache automatically", function () { return __awaiter(void 0, void 0, void 0, function () {
+        var doc;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0:
+                    doc = new TestEnvConfig();
+                    doc.env.set("TERRENO_PLUGIN_KEY", "first");
+                    return [4 /*yield*/, doc.save()];
+                case 1:
+                    _a.sent();
+                    (0, bun_test_1.expect)(config_1.Config.get("TERRENO_PLUGIN_KEY")).toBe("first");
+                    doc.env.set("TERRENO_PLUGIN_KEY", "second");
+                    return [4 /*yield*/, doc.save()];
+                case 2:
+                    _a.sent();
+                    (0, bun_test_1.expect)(config_1.Config.get("TERRENO_PLUGIN_KEY")).toBe("second");
+                    return [2 /*return*/];
+            }
+        });
+    }); });
+    (0, bun_test_1.it)("post-findOneAndUpdate hook refreshes the cache", function () { return __awaiter(void 0, void 0, void 0, function () {
+        var doc;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0:
+                    doc = new TestEnvConfig();
+                    doc.env.set("TERRENO_PLUGIN_KEY", "initial");
+                    return [4 /*yield*/, doc.save()];
+                case 1:
+                    _a.sent();
+                    return [4 /*yield*/, TestEnvConfig.findOneAndUpdate({ _id: doc._id }, { env: new Map([["TERRENO_PLUGIN_KEY", "updated"]]) })];
+                case 2:
+                    _a.sent();
+                    (0, bun_test_1.expect)(config_1.Config.get("TERRENO_PLUGIN_KEY")).toBe("updated");
+                    return [2 /*return*/];
+            }
+        });
+    }); });
+    (0, bun_test_1.it)("post-updateOne hook refreshes the cache", function () { return __awaiter(void 0, void 0, void 0, function () {
+        var doc;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0:
+                    doc = new TestEnvConfig();
+                    doc.env.set("TERRENO_PLUGIN_KEY", "initial");
+                    return [4 /*yield*/, doc.save()];
+                case 1:
+                    _a.sent();
+                    return [4 /*yield*/, TestEnvConfig.updateOne({ _id: doc._id }, { env: new Map([["TERRENO_PLUGIN_KEY", "updatedViaUpdateOne"]]) })];
+                case 2:
+                    _a.sent();
+                    (0, bun_test_1.expect)(config_1.Config.get("TERRENO_PLUGIN_KEY")).toBe("updatedViaUpdateOne");
+                    return [2 /*return*/];
+            }
+        });
+    }); });
+    (0, bun_test_1.it)("empty-string env values fall through to process.env", function () { return __awaiter(void 0, void 0, void 0, function () {
+        var doc;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0:
+                    process.env.TERRENO_PLUGIN_KEY = "fromEnv";
+                    doc = new TestEnvConfig();
+                    doc.env.set("TERRENO_PLUGIN_KEY", "");
+                    return [4 /*yield*/, doc.save()];
+                case 1:
+                    _a.sent();
+                    (0, bun_test_1.expect)(config_1.Config.get("TERRENO_PLUGIN_KEY")).toBe("fromEnv");
+                    return [2 /*return*/];
+            }
+        });
+    }); });
+    (0, bun_test_1.it)("missing document yields registered defaults", function () { return __awaiter(void 0, void 0, void 0, function () {
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0: return [4 /*yield*/, config_1.Config.refresh()];
+                case 1:
+                    _a.sent();
+                    (0, bun_test_1.expect)(config_1.Config.get("TERRENO_PLUGIN_KEY")).toBe("fallback");
+                    return [2 /*return*/];
+            }
+        });
+    }); });
+    (0, bun_test_1.it)("refreshFromDoc handles null document via Mongoose hook when collection is empty", function () { return __awaiter(void 0, void 0, void 0, function () {
+        var _a;
+        return __generator(this, function (_b) {
+            switch (_b.label) {
+                case 0: 
+                // Ensure collection is empty — no documents to find
+                return [4 /*yield*/, ((_a = mongoose_1.default.connection.db) === null || _a === void 0 ? void 0 : _a.collection("testenvconfigs").deleteMany({}))];
+                case 1:
+                    // Ensure collection is empty — no documents to find
+                    _b.sent();
+                    // Override the cache so we can verify it gets cleared by the hook
+                    config_1.Config.setCachedEnv({ TERRENO_PLUGIN_KEY: "stale" });
+                    (0, bun_test_1.expect)(config_1.Config.get("TERRENO_PLUGIN_KEY")).toBe("stale");
+                    // Trigger findOneAndUpdate hook on a non-existent doc — refreshFromDoc
+                    // calls findOneOrNone which returns null, so mapToObject(undefined) runs
+                    return [4 /*yield*/, TestEnvConfig.findOneAndUpdate({ _id: new mongoose_1.default.Types.ObjectId() }, { $set: { __v: 1 } })];
+                case 2:
+                    // Trigger findOneAndUpdate hook on a non-existent doc — refreshFromDoc
+                    // calls findOneOrNone which returns null, so mapToObject(undefined) runs
+                    _b.sent();
+                    // mapToObject(undefined) returns {}, so Config falls back to the registered default
+                    (0, bun_test_1.expect)(config_1.Config.get("TERRENO_PLUGIN_KEY")).toBe("fallback");
+                    return [2 /*return*/];
+            }
+        });
+    }); });
+});

package/dist/errors.d.ts

@@ -21,7 +21,7 @@ export interface APIErrorConstructor {
     meta?: {
         [id: string]: string;
     };
-    error?: Error;
+    error?: unknown;
     disableExternalErrorTracking?: boolean;
 }
 /**
@@ -54,22 +54,33 @@ export declare class APIError extends Error {
         header?: string;
     } | undefined;
     meta: {
-        [id: string]: any;
+        [id: string]: unknown;
     } | undefined;
-    error?: Error;
+    error?: unknown;
     disableExternalErrorTracking?: boolean;
     constructor(data: APIErrorConstructor);
 }
 export declare const errorsPlugin: (schema: Schema) => void;
-export declare const isAPIError: (error: Error) => error is APIError;
+export declare const isAPIError: (error: unknown) => error is APIError;
+/** Extract a human-readable message from an unknown error. */
+export declare const errorMessage: (error: unknown) => string;
+/** Extract a stack trace string from an unknown error. */
+export declare const errorStack: (error: unknown) => string;
 /**
  * Safely extracts the disableExternalErrorTracking property from an error.
  * Works with both APIError instances and regular Error objects that may have
  * this property attached.
  */
 export declare const getDisableExternalErrorTracking: (error: unknown) => boolean | undefined;
-export declare const getAPIErrorBody: (error: APIError) => {
-    [id: string]: any;
-};
+export declare const getAPIErrorBody: (error: APIError) => Record<string, unknown>;
 export declare const apiUnauthorizedMiddleware: (err: Error, _req: Request, res: Response, next: NextFunction) => void;
+/**
+ * Converts Mongoose validation/cast errors into client-friendly APIErrors.
+ */
+export declare const mongooseErrorToAPIError: (err: Error) => APIError | null;
 export declare const apiErrorMiddleware: (err: Error, _req: Request, res: Response, next: NextFunction) => void;
+/**
+ * Final Express error handler for unexpected errors. Always returns JSON so
+ * clients (e.g. RTK Query) can parse the response.
+ */
+export declare const apiFallthroughErrorMiddleware: (err: Error, _req: Request, res: Response, _next: NextFunction) => void;

package/dist/errors.js

@@ -58,11 +58,27 @@ var __values = (this && this.__values) || function(o) {
     };
     throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
 };
+var __read = (this && this.__read) || function (o, n) {
+    var m = typeof Symbol === "function" && o[Symbol.iterator];
+    if (!m) return o;
+    var i = m.call(o), r, ar = [], e;
+    try {
+        while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);
+    }
+    catch (error) { e = { error: error }; }
+    finally {
+        try {
+            if (r && !r.done && (m = i["return"])) m.call(i);
+        }
+        finally { if (e) throw e.error; }
+    }
+    return ar;
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.apiErrorMiddleware = exports.apiUnauthorizedMiddleware = exports.getAPIErrorBody = exports.getDisableExternalErrorTracking = exports.isAPIError = exports.errorsPlugin = exports.APIError = void 0;
+exports.apiFallthroughErrorMiddleware = exports.apiErrorMiddleware = exports.mongooseErrorToAPIError = exports.apiUnauthorizedMiddleware = exports.getAPIErrorBody = exports.getDisableExternalErrorTracking = exports.errorStack = exports.errorMessage = exports.isAPIError = exports.errorsPlugin = exports.APIError = void 0;
 // https://jsonapi.org/format/#errors
 var Sentry = __importStar(require("@sentry/bun"));
-var mongoose_1 = require("mongoose");
+var mongoose_1 = __importStar(require("mongoose"));
 var logger_1 = require("./logger");
 /**
  * APIError is a simple way to throw an error in an API route and control what is shown and the
@@ -81,9 +97,10 @@ var logger_1 = require("./logger");
 var APIError = /** @class */ (function (_super) {
     __extends(APIError, _super);
     function APIError(data) {
-        var _a, _b;
+        var _this = this;
+        var errorStack = data.error instanceof Error && data.error.stack ? "\n".concat(data.error.stack) : "";
         // Include details in when the error is printed to the console or sent to Sentry.
-        var _this = _super.call(this, "".concat(data.title).concat(data.detail ? ": ".concat(data.detail) : "").concat(data.error ? "\n".concat(data.error.stack) : "")) || this;
+        _this = _super.call(this, "".concat(data.title).concat(data.detail ? ": ".concat(data.detail) : "").concat(errorStack)) || this;
         _this.name = "APIError";
         var title = data.title, id = data.id, links = data.links, status = data.status, code = data.code, detail = data.detail, source = data.source, meta = data.meta, fields = data.fields, error = data.error;
         if (!status) {
@@ -106,7 +123,8 @@ var APIError = /** @class */ (function (_super) {
             _this.meta.fields = fields;
         }
         _this.error = error;
-        var logMessage = "APIError(".concat(status, "): ").concat(title, " ").concat(detail ? detail : "").concat(((_a = data.error) === null || _a === void 0 ? void 0 : _a.stack) ? "\n".concat((_b = data.error) === null || _b === void 0 ? void 0 : _b.stack) : "");
+        var dataErrorStack = data.error instanceof Error && data.error.stack ? "\n".concat(data.error.stack) : "";
+        var logMessage = "APIError(".concat(status, "): ").concat(title, " ").concat(detail ? detail : "").concat(dataErrorStack);
         if (data.disableExternalErrorTracking) {
             logger_1.logger.warn(logMessage);
         }
@@ -148,9 +166,25 @@ var errorsPlugin = function (schema) {
 };
 exports.errorsPlugin = errorsPlugin;
 var isAPIError = function (error) {
-    return error.name === "APIError";
+    return error instanceof Error && error.name === "APIError";
 };
 exports.isAPIError = isAPIError;
+/** Extract a human-readable message from an unknown error. */
+var errorMessage = function (error) {
+    if (error instanceof Error) {
+        return error.message;
+    }
+    return String(error);
+};
+exports.errorMessage = errorMessage;
+/** Extract a stack trace string from an unknown error. */
+var errorStack = function (error) {
+    if (error instanceof Error && error.stack) {
+        return error.stack;
+    }
+    return String(error);
+};
+exports.errorStack = errorStack;
 /**
  * Safely extracts the disableExternalErrorTracking property from an error.
  * Works with both APIError instances and regular Error objects that may have
@@ -174,6 +208,7 @@ exports.getDisableExternalErrorTracking = getDisableExternalErrorTracking;
 var getAPIErrorBody = function (error) {
     var e_1, _a;
     var errorData = { status: error.status, title: error.title };
+    var indexable = error;
     try {
         for (var _b = __values([
             "id",
@@ -186,8 +221,8 @@ var getAPIErrorBody = function (error) {
             "disableExternalErrorTracking",
         ]), _c = _b.next(); !_c.done; _c = _b.next()) {
             var key = _c.value;
-            if (error[key]) {
-                errorData[key] = error[key];
+            if (indexable[key]) {
+                errorData[key] = indexable[key];
             }
         }
     }
@@ -211,15 +246,76 @@ var apiUnauthorizedMiddleware = function (err, _req, res, next) {
     }
 };
 exports.apiUnauthorizedMiddleware = apiUnauthorizedMiddleware;
+/**
+ * Converts Mongoose validation/cast errors into client-friendly APIErrors.
+ */
+var mongooseErrorToAPIError = function (err) {
+    var e_2, _a, _b;
+    var _c, _d;
+    if (err instanceof mongoose_1.default.Error.ValidationError) {
+        var fields = {};
+        try {
+            for (var _e = __values(Object.entries(err.errors)), _f = _e.next(); !_f.done; _f = _e.next()) {
+                var _g = __read(_f.value, 2), path = _g[0], subErr = _g[1];
+                fields[path] = subErr.message;
+            }
+        }
+        catch (e_2_1) { e_2 = { error: e_2_1 }; }
+        finally {
+            try {
+                if (_f && !_f.done && (_a = _e.return)) _a.call(_e);
+            }
+            finally { if (e_2) throw e_2.error; }
+        }
+        return new APIError({
+            detail: err.message,
+            disableExternalErrorTracking: true,
+            fields: fields,
+            status: 400,
+            title: "Validation failed",
+        });
+    }
+    if (err instanceof mongoose_1.default.Error.CastError) {
+        var path = (_c = err.path) !== null && _c !== void 0 ? _c : "field";
+        return new APIError({
+            detail: "Invalid value for ".concat(path),
+            disableExternalErrorTracking: true,
+            fields: (_b = {},
+                _b[path] = "Expected ".concat((_d = err.kind) !== null && _d !== void 0 ? _d : "a valid value", ", got ").concat(JSON.stringify(err.value)),
+                _b),
+            status: 400,
+            title: "Validation failed",
+        });
+    }
+    return null;
+};
+exports.mongooseErrorToAPIError = mongooseErrorToAPIError;
 var apiErrorMiddleware = function (err, _req, res, next) {
     if ((0, exports.isAPIError)(err)) {
         if (!err.disableExternalErrorTracking) {
             Sentry.captureException(err);
         }
         res.status(err.status).json((0, exports.getAPIErrorBody)(err)).send();
+        return;
     }
-    else {
-        next(err);
+    var mongooseError = (0, exports.mongooseErrorToAPIError)(err);
+    if (mongooseError) {
+        res.status(mongooseError.status).json((0, exports.getAPIErrorBody)(mongooseError)).send();
+        return;
     }
+    next(err);
 };
 exports.apiErrorMiddleware = apiErrorMiddleware;
+/**
+ * Final Express error handler for unexpected errors. Always returns JSON so
+ * clients (e.g. RTK Query) can parse the response.
+ */
+var apiFallthroughErrorMiddleware = function (err, _req, res, _next) {
+    logger_1.logger.error("Fallthrough error: ".concat(err).concat(err.stack ? "\n".concat(err.stack) : ""));
+    Sentry.captureException(err);
+    if (res.headersSent) {
+        return;
+    }
+    res.status(500).json({ status: 500, title: "Internal server error" }).send();
+};
+exports.apiFallthroughErrorMiddleware = apiFallthroughErrorMiddleware;

package/dist/errors.test.js

@@ -35,7 +35,7 @@ var __importStar = (this && this.__importStar) || (function () {
 Object.defineProperty(exports, "__esModule", { value: true });
 var bun_test_1 = require("bun:test");
 var Sentry = __importStar(require("@sentry/bun"));
-var mongoose_1 = require("mongoose");
+var mongoose_1 = __importStar(require("mongoose"));
 var errors_1 = require("./errors");
 var buildResponse = function () {
     var res = {
@@ -277,4 +277,19 @@ var buildResponse = function () {
         (0, bun_test_1.expect)(next).toHaveBeenCalledWith(err);
         (0, bun_test_1.expect)(res.status).not.toHaveBeenCalled();
     });
+    (0, bun_test_1.it)("converts Mongoose CastError to a 400 APIError response", function () {
+        var err = new mongoose_1.default.Error.CastError("Number", "not-a-number", "general.maxUploadSizeMb");
+        (0, errors_1.apiErrorMiddleware)(err, req, res, next);
+        (0, bun_test_1.expect)(res.status).toHaveBeenCalledWith(400);
+        (0, bun_test_1.expect)(res.json).toHaveBeenCalledWith(bun_test_1.expect.objectContaining({
+            meta: bun_test_1.expect.objectContaining({
+                fields: bun_test_1.expect.objectContaining({
+                    "general.maxUploadSizeMb": bun_test_1.expect.stringContaining("Expected Number"),
+                }),
+            }),
+            status: 400,
+            title: "Validation failed",
+        }));
+        (0, bun_test_1.expect)(next).not.toHaveBeenCalled();
+    });
 });

package/dist/example.js

@@ -67,7 +67,8 @@ mongoose_1.default
 var userSchema = new mongoose_1.Schema({
     admin: { default: false, description: "Whether the user has admin privileges", type: Boolean },
     username: { description: "The user's username", type: String },
-});
+}, { strict: "throw", toJSON: { virtuals: true }, toObject: { virtuals: true } });
+// biome-ignore lint/suspicious/noExplicitAny: passport-local-mongoose's plugin type is incompatible with mongoose Schema generics
 userSchema.plugin(passport_local_mongoose_1.default, { usernameField: "email" });
 userSchema.plugin(plugins_1.createdUpdatedPlugin);
 userSchema.plugin(plugins_1.baseUserPlugin);
@@ -75,12 +76,20 @@ var UserModel = (0, mongoose_1.model)("User", userSchema);
 var schema = new mongoose_1.Schema({
     calories: { description: "Number of calories in the food", type: Number },
     created: { description: "When this food was created", type: Date },
-    hidden: { default: false, description: "Whether this food is hidden from listings", type: Boolean },
+    hidden: {
+        default: false,
+        description: "Whether this food is hidden from listings",
+        type: Boolean,
+    },
     name: { description: "The name of the food", type: String },
     ownerId: { description: "The user who owns this food entry", ref: "User", type: "ObjectId" },
-});
+}, { strict: "throw", toJSON: { virtuals: true }, toObject: { virtuals: true } });
+schema.plugin(plugins_1.createdUpdatedPlugin);
+schema.plugin(plugins_1.isDeletedPlugin);
+schema.plugin(plugins_1.findOneOrNone);
+schema.plugin(plugins_1.findExactlyOne);
 var FoodModel = (0, mongoose_1.model)("Food", schema);
-function getBaseServer() {
+var getBaseServer = function () {
     var app = (0, express_1.default)();
     app.use(function (req, res, next) {
         res.header("Access-Control-Allow-Origin", "*");
@@ -96,7 +105,7 @@ function getBaseServer() {
     app.use(express_1.default.json());
     (0, auth_1.setupAuth)(app, UserModel);
     (0, auth_1.addAuthRoutes)(app, UserModel);
-    function addRoutes(router, options) {
+    var addRoutes = function (router, options) {
         router.use("/food", (0, api_1.modelRouter)(FoodModel, __assign(__assign({}, options), { openApiOverwrite: {
                 get: { responses: { 200: { description: "Get all the food" } } },
             }, permissions: {
@@ -106,7 +115,7 @@ function getBaseServer() {
                 read: [permissions_1.Permissions.IsAny],
                 update: [permissions_1.Permissions.IsOwner],
             }, queryFields: ["name", "calories", "created", "ownerId", "hidden"] })));
-    }
+    };
     return (0, expressServer_1.setupServer)({
         addRoutes: addRoutes,
         loggingOptions: {
@@ -114,5 +123,5 @@ function getBaseServer() {
         },
         userModel: UserModel,
     });
-}
+};
 getBaseServer();