// Error handling middleware for API routes import { NextApiRequest, NextApiResponse } from 'next'; export function withErrorHandler(handler: (req: NextApiRequest, res: NextApiResponse) => Promise) { return async (req: NextApiRequest, res: NextApiResponse) => { try { await handler(req, res); } catch (error: any) { console.error('API Error:', error); // Database connection errors if (error.code === 'ECONNREFUSED' || error.code === 'ENOTFOUND') { return res.status(503).json({ success: false, error: 'Database connection failed', code: 'DB_CONNECTION_ERROR' }); } // MySQL specific errors if (error.code === 'ER_DUP_ENTRY') { return res.status(409).json({ success: false, error: 'Duplicate entry', code: 'DUPLICATE_ENTRY' }); } if (error.code === 'ER_NO_REFERENCED_ROW_2') { return res.status(400).json({ success: false, error: 'Referenced record not found', code: 'FOREIGN_KEY_ERROR' }); } // Validation errors if (error.name === 'ZodError') { return res.status(400).json({ success: false, error: 'Validation error', details: error.errors, code: 'VALIDATION_ERROR' }); } // JWT errors if (error.name === 'JsonWebTokenError') { return res.status(401).json({ success: false, error: 'Invalid token', code: 'INVALID_TOKEN' }); } if (error.name === 'TokenExpiredError') { return res.status(401).json({ success: false, error: 'Token expired', code: 'TOKEN_EXPIRED' }); } // Generic server error return res.status(500).json({ success: false, error: 'Internal server error', message: process.env.NODE_ENV === 'development' ? error.message : 'Something went wrong', code: 'INTERNAL_ERROR' }); } }; } // CORS middleware export function withCors(handler: (req: NextApiRequest, res: NextApiResponse) => Promise) { return async (req: NextApiRequest, res: NextApiResponse) => { // Set CORS headers res.setHeader('Access-Control-Allow-Origin', '*'); res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS'); res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization'); // Handle preflight requests if (req.method === 'OPTIONS') { return res.status(200).end(); } return handler(req, res); }; } // Rate limiting middleware (simple implementation) const requestCounts = new Map(); export function withRateLimit(maxRequests: number = 100, windowMs: number = 15 * 60 * 1000) { return function(handler: (req: NextApiRequest, res: NextApiResponse) => Promise) { return async (req: NextApiRequest, res: NextApiResponse) => { const clientId = req.headers['x-forwarded-for'] || req.connection.remoteAddress || 'unknown'; const now = Date.now(); const clientData = requestCounts.get(clientId as string); if (!clientData || now > clientData.resetTime) { requestCounts.set(clientId as string, { count: 1, resetTime: now + windowMs }); } else { clientData.count++; if (clientData.count > maxRequests) { return res.status(429).json({ success: false, error: 'Too many requests', code: 'RATE_LIMIT_EXCEEDED' }); } } return handler(req, res); }; }; } // Request logging middleware export function withLogging(handler: (req: NextApiRequest, res: NextApiResponse) => Promise) { return async (req: NextApiRequest, res: NextApiResponse) => { const start = Date.now(); console.log(`[${new Date().toISOString()}] ${req.method} ${req.url}`); // Override res.json to log response const originalJson = res.json; res.json = function(body: any) { const duration = Date.now() - start; console.log(`[${new Date().toISOString()}] ${req.method} ${req.url} - ${res.statusCode} (${duration}ms)`); return originalJson.call(this, body); }; return handler(req, res); }; }