4723994bdc
End-to-end error-handling overhaul. A user hitting any failure now sees
a plain-text message + stable error code + reference id. A super admin
can paste the id into /admin/errors/<id> for the full request shape,
sanitized body, error stack, and a heuristic likely-cause hint.
REQUEST CONTEXT (AsyncLocalStorage)
- src/lib/request-context.ts mints a per-request frame carrying
requestId + portId + userId + method + path + start timestamp.
- withAuth wraps every authenticated handler in runWithRequestContext
and accepts an upstream X-Request-Id header (validated shape) or
generates a fresh UUID. The id ALWAYS leaves on the X-Request-Id
response header, including early-return 401/403/4xx paths.
- Pino logger reads from the same context via mixin — every log
line emitted during the request automatically carries the ids
with no per-call threading.
ERROR CODE REGISTRY
- src/lib/error-codes.ts defines stable DOMAIN_REASON codes with
HTTP status + plain-text user-facing message (no jargon, written
for the rep on the phone with a customer).
- New CodedError class wraps a registered code + optional
internalMessage (admin-only — never sent to client).
- Existing AppError subclasses got plain-text default rewrites so
legacy throw sites improve immediately without migration.
- High-impact services migrated to specific codes:
expenses (RECEIPT_REQUIRED, INVOICE_LINKED), interest-berths
(CROSS_PORT_LINK_REJECTED), berth-pdf (PDF_MAGIC_BYTE / PDF_EMPTY /
PDF_TOO_LARGE / VERSION_ALREADY_CURRENT), recommender
(INTEREST_PORT_MISMATCH).
ERROR ENVELOPE
- errorResponse always sets X-Request-Id header + requestId field.
- 5xx responses include a "Quote error ID …" friendly line.
- 4xx kept clean (validation, permission, not-found don't pollute
the inspector — they're already in audit log).
PERSISTENCE (error_events table, migration 0040)
- One row per 5xx, keyed on requestId, with method/path/status/error
name+message/stack head (4KB cap)/sanitized body excerpt (1KB cap;
password/token/secret/etc keys redacted)/duration/IP/UA/metadata.
- captureErrorEvent extracts Postgres SQLSTATE/severity/cause.code
so the classifier can recognize FK / unique / NOT NULL / schema-
drift violations.
- Failure to persist is logged-not-thrown.
LIKELY-CULPRIT CLASSIFIER (src/lib/error-classifier.ts)
- 4-pass heuristic (first match wins):
1. Postgres SQLSTATE → human reason (23503 FK, 23505 unique,
42703 schema drift, 53300 connection limit, …)
2. Error class name (AbortError, TimeoutError, FetchError,
ZodError)
3. Stack-path patterns (/lib/storage/, /lib/email/, documenso,
openai|claude, /queue/workers/)
4. Free-text message keywords (econnrefused, rate limit, timeout,
unauthorized|invalid api key)
- Returns { label, hint, subsystem } for the inspector badge.
CLIENT SIDE
- apiFetch throws structured ApiError with message + code + requestId
+ details + retryAfter.
- toastError() helper renders the standard 3-line toast:
plain message / Error code: X / Reference ID: Y [Copy ID].
ADMIN INSPECTOR
- /<port>/admin/errors lists captured 5xx with status badge + path +
likely-culprit badge + truncated message + reference id. Filter by
status code; auto-refresh via TanStack Query.
- /<port>/admin/errors/<requestId> deep-dive: request shape, full
error name+message+stack, sanitized body excerpt, raw metadata,
registered-code lookup (so admin can compare to what user saw),
likely-culprit hint with subsystem tag.
- /<port>/admin/errors/codes is the in-app code reference page —
every registered code grouped by domain prefix, searchable, with
HTTP status + user message inline. Linked from inspector header
so admins can flip to it while triaging.
- Permission: admin.view_audit_log. Super admins see all ports;
regular admins port-scoped.
- system-monitoring dashboard now surfaces error_events alongside
permission_denied audit + queue failed jobs (RecentError gains
source: 'request' variant).
DOCS
- docs/error-handling.md walks through coded errors, plain-text
message guidelines, client toasting, admin inspector usage,
persistence rules, classifier internals, pruning, and the
legacy → CodedError migration path.
MIGRATION SAFETY
- Audit confirmed all 41 migrations (0000-0040) apply cleanly in
journal order against an empty DB. 0040 references ports(id)
which exists from 0000. 0035/0038 don't deadlock under sequential
psql -f. Removed redundant idx_ds_sent_by from 0038 (created in
0037).
Tests: 1168/1168 vitest passing. tsc clean.
- security-error-responses tests updated for plain-text messages
+ new optional response keys (code/requestId/message).
- berth-pdf-versions tests assert stable error codes via
toMatchObject({ code }) rather than message regex.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
283 lines
10 KiB
TypeScript
283 lines
10 KiB
TypeScript
/**
|
|
* interest_berths junction helpers.
|
|
*
|
|
* The junction is the source of truth for which berths an interest is
|
|
* linked to. Callers should resolve "the berth for this deal" through
|
|
* `getPrimaryBerth(interestId)` rather than reading the legacy
|
|
* `interests.berth_id` column (slated for removal once every caller
|
|
* is migrated - see plan §3.4).
|
|
*
|
|
* Role-flag semantics (see plan §1):
|
|
* - is_primary : at most one row per interest. Templates,
|
|
* forms, and "the berth for this deal"
|
|
* UIs resolve through this row.
|
|
* - is_specific_interest : the berth shows as "Under Offer" on the
|
|
* public map. False = legal/EOI-only link.
|
|
* - is_in_eoi_bundle : covered by the interest's EOI signature.
|
|
*/
|
|
|
|
import { and, desc, eq, inArray } from 'drizzle-orm';
|
|
|
|
import { db } from '@/lib/db';
|
|
import { interestBerths, interests, type InterestBerth } from '@/lib/db/schema/interests';
|
|
import { berths } from '@/lib/db/schema/berths';
|
|
import { CodedError } from '@/lib/errors';
|
|
|
|
type DbOrTx = typeof db | Parameters<Parameters<typeof db.transaction>[0]>[0];
|
|
|
|
// ─── Reads ──────────────────────────────────────────────────────────────────
|
|
|
|
export interface PrimaryBerthRef {
|
|
berthId: string;
|
|
mooringNumber: string | null;
|
|
isInEoiBundle: boolean;
|
|
isSpecificInterest: boolean;
|
|
}
|
|
|
|
/**
|
|
* The primary berth for an interest, if any. Resolves the row marked
|
|
* `is_primary=true`; falls back to the most recently added berth row
|
|
* when no row is flagged primary (defensive — the unique partial index
|
|
* guarantees ≤1 primary, but reads should never throw on data drift).
|
|
*/
|
|
export async function getPrimaryBerth(interestId: string): Promise<PrimaryBerthRef | null> {
|
|
const rows = await db
|
|
.select({
|
|
berthId: interestBerths.berthId,
|
|
isPrimary: interestBerths.isPrimary,
|
|
isSpecificInterest: interestBerths.isSpecificInterest,
|
|
isInEoiBundle: interestBerths.isInEoiBundle,
|
|
addedAt: interestBerths.addedAt,
|
|
mooringNumber: berths.mooringNumber,
|
|
})
|
|
.from(interestBerths)
|
|
.innerJoin(berths, eq(berths.id, interestBerths.berthId))
|
|
.where(eq(interestBerths.interestId, interestId))
|
|
.orderBy(desc(interestBerths.isPrimary), desc(interestBerths.addedAt));
|
|
const first = rows[0];
|
|
if (!first) return null;
|
|
return {
|
|
berthId: first.berthId,
|
|
mooringNumber: first.mooringNumber,
|
|
isInEoiBundle: first.isInEoiBundle,
|
|
isSpecificInterest: first.isSpecificInterest,
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Map { interestId → primary berth ref } for a batch of interest ids.
|
|
* One round-trip; preferred for list pages over a per-row helper.
|
|
*/
|
|
export async function getPrimaryBerthsForInterests(
|
|
interestIds: string[],
|
|
): Promise<Map<string, PrimaryBerthRef>> {
|
|
if (interestIds.length === 0) return new Map();
|
|
const rows = await db
|
|
.select({
|
|
interestId: interestBerths.interestId,
|
|
berthId: interestBerths.berthId,
|
|
isPrimary: interestBerths.isPrimary,
|
|
isSpecificInterest: interestBerths.isSpecificInterest,
|
|
isInEoiBundle: interestBerths.isInEoiBundle,
|
|
addedAt: interestBerths.addedAt,
|
|
mooringNumber: berths.mooringNumber,
|
|
})
|
|
.from(interestBerths)
|
|
.innerJoin(berths, eq(berths.id, interestBerths.berthId))
|
|
.where(inArray(interestBerths.interestId, interestIds))
|
|
.orderBy(desc(interestBerths.isPrimary), desc(interestBerths.addedAt));
|
|
|
|
const out = new Map<string, PrimaryBerthRef>();
|
|
for (const r of rows) {
|
|
if (out.has(r.interestId)) continue;
|
|
out.set(r.interestId, {
|
|
berthId: r.berthId,
|
|
mooringNumber: r.mooringNumber,
|
|
isInEoiBundle: r.isInEoiBundle,
|
|
isSpecificInterest: r.isSpecificInterest,
|
|
});
|
|
}
|
|
return out;
|
|
}
|
|
|
|
/** Berth metadata surfaced alongside each junction row by {@link listBerthsForInterest}. */
|
|
export interface InterestBerthWithDetails extends InterestBerth {
|
|
mooringNumber: string | null;
|
|
area: string | null;
|
|
status: string;
|
|
lengthFt: string | null;
|
|
widthFt: string | null;
|
|
draftFt: string | null;
|
|
}
|
|
|
|
/** All berth links for a single interest, ordered with primary first. */
|
|
export async function listBerthsForInterest(
|
|
interestId: string,
|
|
): Promise<Array<InterestBerthWithDetails>> {
|
|
return db
|
|
.select({
|
|
id: interestBerths.id,
|
|
interestId: interestBerths.interestId,
|
|
berthId: interestBerths.berthId,
|
|
isPrimary: interestBerths.isPrimary,
|
|
isSpecificInterest: interestBerths.isSpecificInterest,
|
|
isInEoiBundle: interestBerths.isInEoiBundle,
|
|
eoiBypassReason: interestBerths.eoiBypassReason,
|
|
eoiBypassedBy: interestBerths.eoiBypassedBy,
|
|
eoiBypassedAt: interestBerths.eoiBypassedAt,
|
|
addedBy: interestBerths.addedBy,
|
|
addedAt: interestBerths.addedAt,
|
|
notes: interestBerths.notes,
|
|
mooringNumber: berths.mooringNumber,
|
|
area: berths.area,
|
|
status: berths.status,
|
|
lengthFt: berths.lengthFt,
|
|
widthFt: berths.widthFt,
|
|
draftFt: berths.draftFt,
|
|
})
|
|
.from(interestBerths)
|
|
.innerJoin(berths, eq(berths.id, interestBerths.berthId))
|
|
.where(eq(interestBerths.interestId, interestId))
|
|
.orderBy(desc(interestBerths.isPrimary), desc(interestBerths.addedAt));
|
|
}
|
|
|
|
/** All interest links for a single berth (used by the recommender + admin UI). */
|
|
export async function listInterestsForBerth(berthId: string): Promise<Array<InterestBerth>> {
|
|
return db
|
|
.select()
|
|
.from(interestBerths)
|
|
.where(eq(interestBerths.berthId, berthId))
|
|
.orderBy(desc(interestBerths.addedAt));
|
|
}
|
|
|
|
// ─── Writes ─────────────────────────────────────────────────────────────────
|
|
|
|
interface AddOrUpdateOpts {
|
|
isPrimary?: boolean;
|
|
isSpecificInterest?: boolean;
|
|
isInEoiBundle?: boolean;
|
|
addedBy?: string;
|
|
notes?: string;
|
|
/**
|
|
* EOI bypass fields. Set `eoiBypassReason` to a non-empty string to record
|
|
* that the berth's own EOI is waived (the parent interest's primary EOI
|
|
* covers it), or to `null` to clear the bypass and re-require it.
|
|
* `eoiBypassedBy` should be the acting user id; the timestamp is stamped
|
|
* server-side.
|
|
*/
|
|
eoiBypassReason?: string | null;
|
|
eoiBypassedBy?: string | null;
|
|
}
|
|
|
|
/**
|
|
* Idempotently link a berth to an interest. If the row already exists,
|
|
* provided flags are merged; otherwise a fresh row is inserted.
|
|
*
|
|
* When `isPrimary=true` is requested, the previous primary (if any) is
|
|
* demoted in the same transaction so the unique partial index is never
|
|
* violated.
|
|
*/
|
|
export async function upsertInterestBerth(
|
|
interestId: string,
|
|
berthId: string,
|
|
opts: AddOrUpdateOpts = {},
|
|
): Promise<InterestBerth> {
|
|
return db.transaction(async (tx) => {
|
|
return upsertInterestBerthTx(tx, interestId, berthId, opts);
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Transaction-bound variant of {@link upsertInterestBerth}. Use this when the
|
|
* junction write must roll back together with another write (e.g. inserting
|
|
* the parent interest row in the same transaction).
|
|
*/
|
|
export async function upsertInterestBerthTx(
|
|
tx: DbOrTx,
|
|
interestId: string,
|
|
berthId: string,
|
|
opts: AddOrUpdateOpts = {},
|
|
): Promise<InterestBerth> {
|
|
// Cross-port guard. The junction is silently multi-port-shaped (it has
|
|
// no port_id of its own — it inherits via the FKs) so a caller wiring
|
|
// an interest from one port to a berth from another would corrupt the
|
|
// recommender + public-berth aggregates with phantom rows. We assert
|
|
// both rows live in the same port BEFORE inserting; if either side is
|
|
// missing, the FK constraint will surface that on insert.
|
|
const sides = await tx
|
|
.select({
|
|
interestPortId: interests.portId,
|
|
berthPortId: berths.portId,
|
|
})
|
|
.from(interests)
|
|
.innerJoin(berths, eq(berths.id, berthId))
|
|
.where(eq(interests.id, interestId))
|
|
.limit(1);
|
|
const side = sides[0];
|
|
if (side && side.interestPortId !== side.berthPortId) {
|
|
throw new CodedError('CROSS_PORT_LINK_REJECTED', {
|
|
internalMessage: `interest ${interestId} (port ${side.interestPortId}) ↔ berth ${berthId} (port ${side.berthPortId})`,
|
|
});
|
|
}
|
|
|
|
if (opts.isPrimary === true) {
|
|
await tx
|
|
.update(interestBerths)
|
|
.set({ isPrimary: false })
|
|
.where(and(eq(interestBerths.interestId, interestId), eq(interestBerths.isPrimary, true)));
|
|
}
|
|
const setForUpdate: Partial<InterestBerth> = {};
|
|
if (opts.isPrimary !== undefined) setForUpdate.isPrimary = opts.isPrimary;
|
|
if (opts.isSpecificInterest !== undefined)
|
|
setForUpdate.isSpecificInterest = opts.isSpecificInterest;
|
|
if (opts.isInEoiBundle !== undefined) setForUpdate.isInEoiBundle = opts.isInEoiBundle;
|
|
if (opts.addedBy !== undefined) setForUpdate.addedBy = opts.addedBy;
|
|
if (opts.notes !== undefined) setForUpdate.notes = opts.notes;
|
|
// Bypass fields move as a unit — either we set all three to record a bypass
|
|
// or clear all three. Touching the reason field decides which.
|
|
if (opts.eoiBypassReason !== undefined) {
|
|
if (opts.eoiBypassReason && opts.eoiBypassReason.trim().length > 0) {
|
|
setForUpdate.eoiBypassReason = opts.eoiBypassReason;
|
|
setForUpdate.eoiBypassedBy = opts.eoiBypassedBy ?? null;
|
|
setForUpdate.eoiBypassedAt = new Date();
|
|
} else {
|
|
setForUpdate.eoiBypassReason = null;
|
|
setForUpdate.eoiBypassedBy = null;
|
|
setForUpdate.eoiBypassedAt = null;
|
|
}
|
|
}
|
|
|
|
const [row] = await tx
|
|
.insert(interestBerths)
|
|
.values({
|
|
interestId,
|
|
berthId,
|
|
isPrimary: opts.isPrimary ?? false,
|
|
isSpecificInterest: opts.isSpecificInterest ?? true,
|
|
isInEoiBundle: opts.isInEoiBundle ?? false,
|
|
addedBy: opts.addedBy,
|
|
notes: opts.notes,
|
|
eoiBypassReason: setForUpdate.eoiBypassReason ?? null,
|
|
eoiBypassedBy: setForUpdate.eoiBypassedBy ?? null,
|
|
eoiBypassedAt: setForUpdate.eoiBypassedAt ?? null,
|
|
})
|
|
.onConflictDoUpdate({
|
|
target: [interestBerths.interestId, interestBerths.berthId],
|
|
set: setForUpdate,
|
|
})
|
|
.returning();
|
|
return row!;
|
|
}
|
|
|
|
/** Promote a single berth to primary for the interest. Demotes any prior primary. */
|
|
export async function setPrimaryBerth(interestId: string, berthId: string): Promise<void> {
|
|
await upsertInterestBerth(interestId, berthId, { isPrimary: true });
|
|
}
|
|
|
|
/** Remove a berth from an interest. */
|
|
export async function removeInterestBerth(interestId: string, berthId: string): Promise<void> {
|
|
await db
|
|
.delete(interestBerths)
|
|
.where(and(eq(interestBerths.interestId, interestId), eq(interestBerths.berthId, berthId)));
|
|
}
|