will/adopt-a-street
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2cdbcfef64dabcb7ea3b2ee7e2509c6d8fa08359
adopt-a-street/backend/middleware/errorHandler.js
William Valentin b3dc608750 feat(backend): implement comprehensive security and validation 
Implement enterprise-grade security measures and input validation:

Security Features:
- Add Helmet.js for security headers (XSS, clickjacking, MIME protection)
- Implement rate limiting (5/15min for auth, 100/15min for API)
- Add Socket.IO JWT authentication middleware
- Fix JWT auth middleware (remove throw in catch, extend token to 7 days)
- Implement centralized error handling with AppError class
- Add CORS restrictive configuration

Input Validation:
- Add express-validator to all routes (auth, streets, tasks, posts, events, rewards, reports, users)
- Create comprehensive validation schemas in middleware/validators/
- Consistent error response format for validation failures

Additional Features:
- Add pagination middleware for all list endpoints
- Add Multer file upload middleware (5MB limit, image validation)
- Update .env.example with all required environment variables

Dependencies Added:
- helmet@8.1.0
- express-rate-limit@8.2.1
- express-validator@7.3.0
- multer@1.4.5-lts.1
- cloudinary@2.8.0

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-01 10:42:19 -07:00

78 lines
1.9 KiB
JavaScript
Raw Blame History

/**
* Centralized Error Handling Middleware
* Handles all errors throughout the application with consistent formatting
*/
// Custom error class for application-specific errors
class AppError extends Error {
constructor(message, statusCode) {
super(message);
this.statusCode = statusCode;
this.isOperational = true;
Error.captureStackTrace(this, this.constructor);
}
}
// Global error handler middleware
const errorHandler = (err, req, res, next) => {
let error = { ...err };
error.message = err.message;
// Log error for debugging
console.error(`[ERROR] ${err.message}`, {
stack: err.stack,
path: req.path,
method: req.method,
timestamp: new Date().toISOString(),
});
// Mongoose bad ObjectId
if (err.name === "CastError") {
const message = "Resource not found";
error = new AppError(message, 404);
}
// Mongoose duplicate key
if (err.code === 11000) {
const message = "Duplicate field value entered";
error = new AppError(message, 400);
}
// Mongoose validation error
if (err.name === "ValidationError") {
const message = Object.values(err.errors)
.map((val) => val.message)
.join(", ");
error = new AppError(message, 400);
}
// JWT errors
if (err.name === "JsonWebTokenError") {
const message = "Invalid token";
error = new AppError(message, 401);
}
if (err.name === "TokenExpiredError") {
const message = "Token expired";
error = new AppError(message, 401);
}
// Send error response
res.status(error.statusCode || 500).json({
success: false,
error: error.message || "Server Error",
...(process.env.NODE_ENV === "development" && { stack: err.stack }),
});
};
// Async handler wrapper to catch errors in async route handlers
const asyncHandler = (fn) => (req, res, next) => {
Promise.resolve(fn(req, res, next)).catch(next);
};
module.exports = {
errorHandler,
asyncHandler,
AppError,
};
Reference in New Issue View Git Blame Copy Permalink