npm - @valentine-efagene/qshelter-common - Versions diffs - 2.0.148 → 2.0.150 - Mend

@valentine-efagene/qshelter-common 2.0.148 → 2.0.150

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/src/middleware/error-handler.d.ts +1 -1
package/dist/src/middleware/error-handler.js +85 -1
package/dist/src/middleware/request-logger.d.ts +7 -3
package/dist/src/middleware/request-logger.js +142 -32
package/package.json +1 -1

package/dist/src/middleware/error-handler.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { Request, Response, NextFunction } from 'express';
 /**
  * Global error handler middleware for Express applications.
- * Handles ZodError, AppError, and generic errors with appropriate responses.
+ * Handles ZodError, AppError, Prisma errors, and generic errors with appropriate responses.
  */
 export declare function errorHandler(err: Error, req: Request, res: Response, next: NextFunction): Response<any, Record<string, any>>;

package/dist/src/middleware/error-handler.js CHANGED Viewed

@@ -1,10 +1,83 @@
 import { ZodError } from 'zod';
 import { AppError } from '../utils/errors';
+/**
+ * Extract a user-friendly field name from Prisma's target array.
+ * Handles composite unique constraints like `tenantId_cacNumber`.
+ */
+function extractFieldName(target) {
+    // Filter out common fields that are not user-facing
+    const userFacingFields = target.filter((f) => !['tenantId', 'id', 'createdAt', 'updatedAt'].includes(f));
+    if (userFacingFields.length === 0) {
+        // Fallback: use the last target field and make it readable
+        const lastField = target[target.length - 1];
+        return lastField.replace(/([A-Z])/g, ' $1').trim().toLowerCase();
+    }
+    // Convert camelCase to readable format
+    return userFacingFields
+        .map((f) => f.replace(/([A-Z])/g, ' $1').trim().toLowerCase())
+        .join(', ');
+}
+/**
+ * Handle Prisma-specific errors with user-friendly messages.
+ */
+function handlePrismaError(err) {
+    // Check if this is a Prisma error (has code property)
+    if (!err.code || typeof err.code !== 'string' || !err.code.startsWith('P')) {
+        return null;
+    }
+    switch (err.code) {
+        case 'P2002': {
+            // Unique constraint violation
+            const target = err.meta?.target;
+            const modelName = err.meta?.modelName;
+            if (target && target.length > 0) {
+                const fieldName = extractFieldName(target);
+                const entity = modelName || 'Record';
+                return {
+                    statusCode: 409,
+                    message: `A ${entity.toLowerCase()} with this ${fieldName} already exists`,
+                };
+            }
+            return {
+                statusCode: 409,
+                message: 'A record with these values already exists',
+            };
+        }
+        case 'P2003': {
+            // Foreign key constraint violation
+            const field = err.meta?.field_name;
+            return {
+                statusCode: 400,
+                message: field
+                    ? `Referenced ${field.replace(/([A-Z])/g, ' $1').trim().toLowerCase()} does not exist`
+                    : 'Referenced record does not exist',
+            };
+        }
+        case 'P2025': {
+            // Record not found for update/delete
+            return {
+                statusCode: 404,
+                message: 'Record not found',
+            };
+        }
+        case 'P2014': {
+            // Required relation violation
+            return {
+                statusCode: 400,
+                message: 'This operation would violate a required relation',
+            };
+        }
+        default:
+            // Unknown Prisma error - log it but return generic message
+            return null;
+    }
+}
 /**
  * Global error handler middleware for Express applications.
- * Handles ZodError, AppError, and generic errors with appropriate responses.
+ * Handles ZodError, AppError, Prisma errors, and generic errors with appropriate responses.
  */
 export function errorHandler(err, req, res, next) {
+    // Handle Zod validation errors
     if (err instanceof ZodError) {
         return res.status(400).json({
             success: false,
@@ -13,6 +86,7 @@ export function errorHandler(err, req, res, next) {
             details: err.issues,
         });
     }
+    // Handle custom application errors
     if (err instanceof AppError) {
         return res.status(err.statusCode).json({
             success: false,
@@ -20,6 +94,16 @@ export function errorHandler(err, req, res, next) {
             error: err.message,
         });
     }
+    // Handle Prisma errors
+    const prismaError = handlePrismaError(err);
+    if (prismaError) {
+        return res.status(prismaError.statusCode).json({
+            success: false,
+            message: prismaError.message,
+            error: prismaError.message,
+        });
+    }
+    // Unhandled error - log and return generic message
     console.error('Unhandled error:', err);
     return res.status(500).json({
         success: false,

package/dist/src/middleware/request-logger.d.ts CHANGED Viewed

@@ -1,8 +1,12 @@
 import { Request, Response, NextFunction } from 'express';
 /**
- * Request logging middleware that logs method, path, status code, and duration.
- * Logs in JSON format for easy parsing by log aggregation tools.
+ * Request logging middleware that logs:
+ * - HTTP method, path, status code, and duration
+ * - Request body (with sensitive fields redacted)
+ * - Caller info (userId, tenantId, email, roles)
+ * - Response body (with sensitive fields redacted)
+ * - Unique request ID for correlation
  *
- * In debug mode, also logs the authorizer context from API Gateway.
+ * Logs in JSON format for easy parsing by CloudWatch/log aggregation tools.
  */
 export declare function requestLogger(req: Request, res: Response, next: NextFunction): void;

package/dist/src/middleware/request-logger.js CHANGED Viewed

@@ -8,51 +8,161 @@ catch {
     // Package not available
 }
 /**
- * Request logging middleware that logs method, path, status code, and duration.
- * Logs in JSON format for easy parsing by log aggregation tools.
+ * Fields to redact from request/response logging for security.
+ */
+const SENSITIVE_FIELDS = ['password', 'token', 'accessToken', 'refreshToken', 'secret', 'apiKey', 'credential'];
+/**
+ * Redact sensitive fields from an object for safe logging.
+ */
+function redactSensitive(obj) {
+    if (!obj || typeof obj !== 'object')
+        return obj;
+    if (Array.isArray(obj))
+        return obj.map(redactSensitive);
+    const redacted = {};
+    for (const [key, value] of Object.entries(obj)) {
+        if (SENSITIVE_FIELDS.some(f => key.toLowerCase().includes(f.toLowerCase()))) {
+            redacted[key] = '[REDACTED]';
+        }
+        else if (typeof value === 'object' && value !== null) {
+            redacted[key] = redactSensitive(value);
+        }
+        else {
+            redacted[key] = value;
+        }
+    }
+    return redacted;
+}
+/**
+ * Extract caller context from the request (authorizer or headers).
+ */
+function extractCaller(req) {
+    let authorizer = null;
+    // Try getCurrentInvoke first
+    if (getCurrentInvoke) {
+        const { event } = getCurrentInvoke();
+        if (event?.requestContext?.authorizer) {
+            const auth = event.requestContext.authorizer;
+            authorizer = auth.lambda || auth;
+        }
+    }
+    // Fallback to req.apiGateway
+    if (!authorizer) {
+        const lambdaReq = req;
+        if (lambdaReq.apiGateway?.event?.requestContext?.authorizer) {
+            const auth = lambdaReq.apiGateway.event.requestContext.authorizer;
+            authorizer = auth.lambda || auth;
+        }
+    }
+    // Fallback to headers (for tests/local dev)
+    if (!authorizer) {
+        return {
+            userId: req.headers['x-user-id'],
+            tenantId: req.headers['x-tenant-id'],
+            email: req.headers['x-user-email'],
+            roles: req.headers['x-user-roles'] ? req.headers['x-user-roles'].split(',') : undefined,
+        };
+    }
+    return {
+        userId: authorizer.userId,
+        tenantId: authorizer.tenantId,
+        email: authorizer.email,
+        roles: authorizer.roles ? (typeof authorizer.roles === 'string' ? authorizer.roles.split(',') : authorizer.roles) : undefined,
+    };
+}
+/**
+ * Generate a unique request ID for correlation.
+ */
+function generateRequestId() {
+    return `req_${Date.now().toString(36)}_${Math.random().toString(36).substring(2, 9)}`;
+}
+/**
+ * Request logging middleware that logs:
+ * - HTTP method, path, status code, and duration
+ * - Request body (with sensitive fields redacted)
+ * - Caller info (userId, tenantId, email, roles)
+ * - Response body (with sensitive fields redacted)
+ * - Unique request ID for correlation
  *
- * In debug mode, also logs the authorizer context from API Gateway.
+ * Logs in JSON format for easy parsing by CloudWatch/log aggregation tools.
  */
 export function requestLogger(req, res, next) {
     const start = Date.now();
-    // Debug: Log authorizer context structure
-    if (process.env.DEBUG_AUTH === 'true' || process.env.NODE_ENV !== 'production') {
-        let authorizer = null;
-        let source = 'none';
-        // Try getCurrentInvoke first (preferred for @codegenie/serverless-express)
-        if (getCurrentInvoke) {
-            const { event } = getCurrentInvoke();
-            if (event?.requestContext?.authorizer) {
-                authorizer = event.requestContext.authorizer;
-                source = 'getCurrentInvoke';
-            }
+    const requestId = generateRequestId();
+    // Attach requestId to request for downstream use
+    req.requestId = requestId;
+    // Extract caller info
+    const caller = extractCaller(req);
+    // Capture request body (redacted)
+    const requestBody = req.body && Object.keys(req.body).length > 0
+        ? redactSensitive(req.body)
+        : undefined;
+    // Log incoming request
+    console.log(JSON.stringify({
+        type: 'http_request',
+        requestId,
+        method: req.method,
+        path: req.path,
+        query: Object.keys(req.query).length > 0 ? req.query : undefined,
+        caller: caller.userId ? caller : undefined,
+        body: requestBody,
+        timestamp: new Date().toISOString(),
+    }));
+    // Capture response body by intercepting res.json and res.send
+    let responseBody = undefined;
+    const originalJson = res.json.bind(res);
+    const originalSend = res.send.bind(res);
+    res.json = function (body) {
+        responseBody = body;
+        return originalJson(body);
+    };
+    res.send = function (body) {
+        // Only capture if it looks like JSON
+        if (typeof body === 'object') {
+            responseBody = body;
         }
-        // Fallback to req.apiGateway (for other packages)
-        if (!authorizer) {
-            // eslint-disable-next-line @typescript-eslint/no-explicit-any
-            const lambdaReq = req;
-            if (lambdaReq.apiGateway?.event?.requestContext?.authorizer) {
-                authorizer = lambdaReq.apiGateway.event.requestContext.authorizer;
-                source = 'req.apiGateway';
+        else if (typeof body === 'string') {
+            try {
+                responseBody = JSON.parse(body);
+            }
+            catch {
+                // Not JSON, don't capture
             }
         }
-        console.log(JSON.stringify({
-            type: 'auth_debug',
-            path: req.path,
-            source,
-            hasAuthorizer: !!authorizer,
-            authorizerKeys: authorizer ? Object.keys(authorizer) : [],
-            authorizer: authorizer,
-        }));
-    }
+        return originalSend(body);
+    };
     res.on('finish', () => {
         const duration = Date.now() - start;
-        console.log(JSON.stringify({
+        // Determine log level based on status code
+        const isError = res.statusCode >= 400;
+        // Build response log
+        const logEntry = {
+            type: 'http_response',
+            requestId,
             method: req.method,
             path: req.path,
             statusCode: res.statusCode,
             duration,
-        }));
+            caller: caller.userId ? { userId: caller.userId, tenantId: caller.tenantId } : undefined,
+        };
+        // Include response body for errors or when DEBUG_RESPONSE is set
+        if (isError || process.env.DEBUG_RESPONSE === 'true') {
+            logEntry.response = responseBody ? redactSensitive(responseBody) : undefined;
+            // Also include request body for errors to aid debugging
+            if (isError) {
+                logEntry.request = requestBody;
+            }
+        }
+        // Log with appropriate level
+        if (res.statusCode >= 500) {
+            console.error(JSON.stringify(logEntry));
+        }
+        else if (res.statusCode >= 400) {
+            console.warn(JSON.stringify(logEntry));
+        }
+        else {
+            console.log(JSON.stringify(logEntry));
+        }
     });
     next();
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@valentine-efagene/qshelter-common",
-  "version": "2.0.148",
+  "version": "2.0.150",
   "description": "Shared database schemas and utilities for QShelter services",
   "main": "dist/src/index.js",
   "types": "dist/src/index.d.ts",