Error Handling Strategy

Error Response Format

interface ApiError {
  error: {
    code: string;
    message: string;
    details?: Record<string, any>;
    timestamp: string;
    requestId: string;
  };
}

Backend Error Handling

@Catch(ForbiddenException, UnauthorizedException)
export class AuthExceptionFilter implements ExceptionFilter {
  catch(exception: ForbiddenException | UnauthorizedException, host: ArgumentsHost) {
    // Log security violation with full context (server-side only)
    this.auditLog.logSecurityViolation({
      requestId: randomUUID(),
      userId: request.user?.auth0Id || 'anonymous',
      action: `${request.method} ${request.path}`,
      reason: exception.message,
    });

    // Return sanitized error to client
    response.status(status).json({
      error: {
        code: status === 401 ? 'ERROR_UNAUTHORIZED' : 'ERROR_FORBIDDEN',
        message: 'You do not have permission to access this resource',
        timestamp: new Date().toISOString(),
        requestId,
      },
    });
  }
}