letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
84468386d947829a989a7a9dd1e1cc7113f572fc
pn-new-crm/src/lib/services/error-events.service.ts
Matt 4233aa3ac3 fix(audit-wave-9): standardize on Sheet for previews; doctrine in CLAUDE.md 
Swap the one outlier (client-interests-tab.tsx) from Vaul Drawer to
Sheet side=right so every detail-preview surface uses the same
primitive. Document the doctrine: Sheet for side panels on both desktop
and mobile; Vaul Drawer reserved for mobile-only bottom-sheet UX
(currently just MoreSheet).

Closes ui/ux M11.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-13 11:50:07 +02:00

208 lines
6.5 KiB
TypeScript
Raw Blame History

/**
* Error event capture + retrieval.
*
* `captureErrorEvent(...)` is called from `errorResponse(...)` whenever
* an unhandled (5xx) error fires inside a route handler. It pulls the
* request context from AsyncLocalStorage, sanitizes the payload, and
* inserts one row into `error_events`. Failure to write must NEVER
* throw — the caller is already in the error path.
*
* `listErrorEvents` / `getErrorEventById` back the super-admin inspector.
*/
import { and, desc, eq, gte, lte } from 'drizzle-orm';
import { db } from '@/lib/db';
import { errorEvents, type ErrorEvent } from '@/lib/db/schema/system';
import { logger } from '@/lib/logger';
import { getRequestContext } from '@/lib/request-context';
const STACK_MAX_BYTES = 4 * 1024;
const BODY_MAX_BYTES = 1 * 1024;
/** Keys whose values are never persisted to the body excerpt. */
// gdpr-auditor HIGH H2: the previous list only covered credentials.
// A 5xx in /api/v1/clients (create / update) was landing full client
// PII (full name, DOB, address, phone, nationality, email) in
// error_events.request_body_excerpt for the super-admin inspector.
// Match fragments case-insensitively + snake/kebab-normalized so the
// redactor catches `recipientEmail`, `client_email`, `phone_number`,
// `tax_id`, `passwordHash`, etc. without an exhaustive enumeration.
const SENSITIVE_KEY_FRAGMENTS = [
// Credentials
'password',
'token',
'secret',
'api_key',
'apikey',
'access_key',
'secret_key',
'credit_card',
'card_number',
'cvv',
'ssn',
'authorization',
'cookie',
// PII
'email',
'phone',
'mobile',
'whatsapp',
'dob',
'date_of_birth',
'birthdate',
'address',
'street',
'postcode',
'zip',
'national_id',
'passport',
'iban',
'tax_id',
'taxid',
'full_name',
'fullname',
'first_name',
'last_name',
'recipient',
];
function isSensitiveKey(key: string): boolean {
const k = key.toLowerCase().replace(/[-]/g, '_');
return SENSITIVE_KEY_FRAGMENTS.some((frag) => k.includes(frag));
}
/** Drop sensitive keys + cap the JSON length. */
function sanitizeBody(body: unknown): string | null {
if (body === null || body === undefined) return null;
let cloned: unknown;
try {
cloned = JSON.parse(JSON.stringify(body));
} catch {
return null;
}
function walk(value: unknown): unknown {
if (Array.isArray(value)) return value.map(walk);
if (value && typeof value === 'object') {
const out: Record<string, unknown> = {};
for (const [k, v] of Object.entries(value)) {
if (isSensitiveKey(k)) {
out[k] = '[REDACTED]';
} else {
out[k] = walk(v);
}
}
return out;
}
return value;
}
const sanitized = walk(cloned);
let serialized: string;
try {
serialized = JSON.stringify(sanitized);
} catch {
return null;
}
if (Buffer.byteLength(serialized, 'utf8') > BODY_MAX_BYTES) {
serialized = serialized.slice(0, BODY_MAX_BYTES) + '…[truncated]';
}
return serialized;
}
interface CaptureArgs {
statusCode: number;
error: unknown;
/** Optional structured metadata (e.g. zod issues parsed from a ZodError). */
metadata?: Record<string, unknown>;
/** Sanitized request body (already JSON-serializable). Optional. */
body?: unknown;
}
/**
* Persist an error_events row tied to the active request context.
* Best-effort — silently swallows any DB failure (the caller is
* already returning the user an error response; we do NOT want to
* mask the original error with a logging-pipeline failure).
*/
export async function captureErrorEvent(args: CaptureArgs): Promise<void> {
const ctx = getRequestContext();
if (!ctx) {
// Outside a request context (e.g. queue worker). Log but skip — the
// queue has its own failure-capture in BullMQ.
return;
}
try {
const err = args.error;
const errorName = err instanceof Error ? err.name : typeof err;
const errorMessage = err instanceof Error ? err.message : err === undefined ? '' : String(err);
const stack = err instanceof Error && err.stack ? err.stack.slice(0, STACK_MAX_BYTES) : null;
const durationMs = Date.now() - ctx.startedAt;
// Pull through any well-known fields the upstream library decorated
// onto the error — Postgres driver uses `code` (SQLSTATE) and
// `severity`, fetch errors carry `cause.code`, etc. The classifier
// reads from `metadata.code` to drive the "likely culprit" badge.
const enriched: Record<string, unknown> = { ...(args.metadata ?? {}) };
if (err && typeof err === 'object') {
const e = err as { code?: unknown; severity?: unknown; cause?: { code?: unknown } };
if (typeof e.code === 'string') enriched.code = e.code;
if (typeof e.severity === 'string') enriched.severity = e.severity;
if (e.cause && typeof e.cause === 'object' && typeof e.cause.code === 'string') {
enriched.causeCode = e.cause.code;
}
}
await db
.insert(errorEvents)
.values({
requestId: ctx.requestId,
portId: ctx.portId || null,
userId: ctx.userId || null,
statusCode: args.statusCode,
method: ctx.method,
path: ctx.path,
errorName,
errorMessage,
errorStack: stack,
requestBodyExcerpt: sanitizeBody(args.body),
metadata: enriched,
durationMs,
})
.onConflictDoNothing();
} catch (writeErr) {
// Logged but never thrown — the caller is in the error path already.
logger.error({ err: writeErr }, 'Failed to persist error_events row');
}
}
export interface ListErrorEventsFilter {
portId?: string;
statusCode?: number;
/** ISO date strings; defaults to last 7 days. */
from?: string;
to?: string;
limit?: number;
}
export async function listErrorEvents(filter: ListErrorEventsFilter): Promise<ErrorEvent[]> {
const conditions = [];
if (filter.portId) conditions.push(eq(errorEvents.portId, filter.portId));
if (filter.statusCode) conditions.push(eq(errorEvents.statusCode, filter.statusCode));
if (filter.from) conditions.push(gte(errorEvents.createdAt, new Date(filter.from)));
if (filter.to) conditions.push(lte(errorEvents.createdAt, new Date(filter.to)));
return db
.select()
.from(errorEvents)
.where(conditions.length ? and(...conditions) : undefined)
.orderBy(desc(errorEvents.createdAt))
.limit(filter.limit ?? 100);
}
export async function getErrorEventById(requestId: string): Promise<ErrorEvent | null> {
const row = await db.query.errorEvents.findFirst({
where: eq(errorEvents.requestId, requestId),
});
return row ?? null;
}
Reference in New Issue View Git Blame Copy Permalink