secure_errors 0.1.0

Secure error handling with public-safe responses, incident IDs, and panic boundaries.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

//! Centralized HTTP mapping — `AppError` → `PublicError` + HTTP status.
//!
//! This is the **only** place that decides what HTTP status and public body
//! an internal error produces. No ad hoc JSON construction is permitted elsewhere.

use crate::{kind::AppError, public::PublicError};

/// Maps an `AppError` to an HTTP status code and a safe `PublicError` response body.
///
/// This function is the single source of truth for all error-to-HTTP mappings.
/// It guarantees that no internal details (SQL, hostnames, backtraces) appear in
/// the returned `PublicError`.
///
/// # Examples
///
/// ```
/// use secure_errors::http::into_response_parts;
/// use secure_errors::kind::AppError;
///
/// let (status, body) = into_response_parts(&AppError::NotFound);
/// assert_eq!(status, 404);
/// assert_eq!(body.code, "not_found");
/// ```
pub fn into_response_parts(err: &AppError) -> (u16, PublicError) {
    match err {
        AppError::Validation { .. } => (
            400,
            PublicError::new(
                "invalid_request",
                "The request contains invalid data.",
                None,
            ),
        ),
        AppError::Forbidden { .. } => (403, PublicError::new("forbidden", "Access denied.", None)),
        AppError::NotFound => (
            404,
            PublicError::new("not_found", "The requested resource was not found.", None),
        ),
        AppError::Conflict => (
            409,
            PublicError::new(
                "conflict",
                "The request conflicts with the current state.",
                None,
            ),
        ),
        AppError::Dependency { .. } => (
            503,
            PublicError::new(
                "temporarily_unavailable",
                "A required service is temporarily unavailable.",
                None,
            ),
        ),
        AppError::Crypto | AppError::Internal => (
            500,
            PublicError::new("internal_error", "An internal error occurred.", None),
        ),
        AppError::RateLimit { .. } => (
            429,
            PublicError::new(
                "rate_limited",
                "Too many requests. Please retry later.",
                None,
            ),
        ),
    }
}

/// Returns the `Retry-After` value in seconds if the error is `RateLimit` with a configured value.
///
/// # Examples
///
/// ```
/// use secure_errors::http::retry_after_seconds;
/// use secure_errors::kind::AppError;
///
/// let err = AppError::RateLimit { retry_after_seconds: Some(30) };
/// assert_eq!(retry_after_seconds(&err), Some(30));
///
/// let err = AppError::NotFound;
/// assert_eq!(retry_after_seconds(&err), None);
/// ```
#[must_use]
pub fn retry_after_seconds(err: &AppError) -> Option<u64> {
    match err {
        AppError::RateLimit {
            retry_after_seconds,
        } => *retry_after_seconds,
        _ => None,
    }
}