chore: wip

Author: chrisbbreuer

.claude/settings.local.json

@@ -93,7 +93,8 @@
       "Bash(pgrep:*)",
       "Bash(zig build:*)",
       "Bash(/usr/bin/grep:*)",
-      "Bash(node -e:*)"
+      "Bash(node -e:*)",
+      "Bash(cd:*)"
     ],
     "deny": [],
     "ask": []

storage/framework/core/error-handling/src/index.ts

@@ -25,10 +25,12 @@ export type {
   ErrorPageData,
   HttpError as HttpErrorInfo,
   HttpStatusCode,
+  JobContext,
   QueryInfo,
   RequestContext,
   RoutingContext,
   StackFrame,
+  UserContext,
 } from 'ts-error-handling'
 
 export {

storage/framework/core/router/src/error-handler.ts

@@ -52,10 +52,96 @@ function getErrorHandlerConfig(): ErrorPageConfig {
   }
 }
 
+/**
+ * Sensitive fields that should be hidden in error pages
+ */
+const SENSITIVE_FIELDS = [
+  'password',
+  'password_confirmation',
+  'secret',
+  'token',
+  'api_key',
+  'apiKey',
+  'api_secret',
+  'apiSecret',
+  'access_token',
+  'accessToken',
+  'refresh_token',
+  'refreshToken',
+  'private_key',
+  'privateKey',
+  'credit_card',
+  'creditCard',
+  'card_number',
+  'cardNumber',
+  'cvv',
+  'ssn',
+  'authorization',
+]
+
+/**
+ * Sanitize object by hiding sensitive fields
+ */
+function sanitizeData(data: unknown): unknown {
+  if (!data || typeof data !== 'object') {
+    return data
+  }
+
+  if (Array.isArray(data)) {
+    return data.map(sanitizeData)
+  }
+
+  const sanitized: Record<string, unknown> = {}
+  for (const [key, value] of Object.entries(data as Record<string, unknown>)) {
+    const lowerKey = key.toLowerCase()
+    if (SENSITIVE_FIELDS.some(field => lowerKey.includes(field.toLowerCase()))) {
+      sanitized[key] = '********'
+    }
+    else if (typeof value === 'object' && value !== null) {
+      sanitized[key] = sanitizeData(value)
+    }
+    else {
+      sanitized[key] = value
+    }
+  }
+  return sanitized
+}
+
+/**
+ * Get request body from enhanced request (already parsed)
+ */
+function getRequestBody(request: Request | EnhancedRequest): unknown {
+  const req = request as any
+  if (req.jsonBody) {
+    return sanitizeData(req.jsonBody)
+  }
+  if (req.formBody) {
+    return sanitizeData(req.formBody)
+  }
+  return undefined
+}
+
+/**
+ * Get user context from authenticated user on request
+ */
+async function getUserContext(request: Request | EnhancedRequest): Promise<{ id?: string | number; email?: string; name?: string } | undefined> {
+  const req = request as any
+  // Check if user was set by auth middleware
+  if (req._authenticatedUser) {
+    const user = req._authenticatedUser
+    return {
+      id: user.id,
+      email: user.email,
+      name: user.name || user.username,
+    }
+  }
+  return undefined
+}
+
 /**
  * Create an Ignition-style error response for development
  */
-export function createErrorResponse(
+export async function createErrorResponse(
   error: Error,
   request: Request | EnhancedRequest,
   options?: {
@@ -67,7 +153,7 @@ export function createErrorResponse(
       middleware?: string[]
     }
   },
-): Response {
+): Promise<Response> {
   const status = options?.status || 500
   const isDevelopment = process.env.APP_ENV !== 'production' && process.env.NODE_ENV !== 'production'
 
@@ -102,8 +188,27 @@ export function createErrorResponse(
     // Set framework info
     handler.setFramework('Stacks', '0.70.0')
 
-    // Set request context
-    handler.setRequest(request)
+    // Set request context with body
+    const requestBody = getRequestBody(request)
+    if (requestBody) {
+      const url = new URL(request.url)
+      handler.setRequest({
+        method: request.method,
+        url: request.url,
+        headers: Object.fromEntries(request.headers.entries()),
+        queryParams: Object.fromEntries(url.searchParams.entries()),
+        body: requestBody,
+      })
+    }
+    else {
+      handler.setRequest(request)
+    }
+
+    // Set user context if authenticated
+    const userContext = await getUserContext(request)
+    if (userContext) {
+      handler.setUser(userContext)
+    }
 
     // Set routing context if available
     if (options?.routingContext) {
@@ -177,10 +282,10 @@ export function createErrorResponse(
 /**
  * Create a middleware error response (401, 403, etc.)
  */
-export function createMiddlewareErrorResponse(
+export async function createMiddlewareErrorResponse(
   error: Error & { statusCode?: number },
   request: Request | EnhancedRequest,
-): Response {
+): Promise<Response> {
   const status = error.statusCode || 500
   const isDevelopment = process.env.APP_ENV !== 'production' && process.env.NODE_ENV !== 'production'
 
@@ -200,7 +305,7 @@ export function createMiddlewareErrorResponse(
 
   // For 5xx errors in development, show full error page
   if (isDevelopment) {
-    return createErrorResponse(error, request, { status })
+    return await createErrorResponse(error, request, { status })
   }
 
   // Production 5xx
@@ -241,16 +346,16 @@ export function createValidationErrorResponse(
 /**
  * Create a 404 Not Found response
  */
-export function createNotFoundResponse(
+export async function createNotFoundResponse(
   path: string,
   request: Request | EnhancedRequest,
-): Response {
+): Promise<Response> {
   const isDevelopment = process.env.APP_ENV !== 'production' && process.env.NODE_ENV !== 'production'
 
   if (isDevelopment) {
     const error = new Error(`Route not found: ${path}`)
     error.name = 'NotFoundError'
-    return createErrorResponse(error, request, { status: 404 })
+    return await createErrorResponse(error, request, { status: 404 })
   }
 
   return new Response(renderProductionErrorPage(404), {

storage/framework/core/router/src/stacks-router.ts

@@ -133,7 +133,7 @@ function createMiddlewareHandler(routeKey: string, handler: StacksHandler): Acti
           catch (error) {
             // Middleware threw an error (e.g., 401 Unauthorized)
             if (error instanceof Error && 'statusCode' in error) {
-              return createMiddlewareErrorResponse(
+              return await createMiddlewareErrorResponse(
                 error as Error & { statusCode: number },
                 enhancedReq,
               )
@@ -615,7 +615,7 @@ function wrapHandler(handler: StacksHandler, skipParsing = false): ActionHandler
       catch (error) {
         log.error(`[Router] Error handling request for '${handlerPath}':`, error)
         // Return Ignition-style error page in development, JSON in production
-        return createErrorResponse(
+        return await createErrorResponse(
           error instanceof Error ? error : new Error(String(error)),
           req,
           { handlerPath },