fix(api): return 422 for validation errors with serializable payloads [FASE-3.3]

2026-05-18 14:16:53 +02:00
parent 6b076f52b2
commit 5b29c2fc56
3 changed files with 86 additions and 5 deletions
--- a/backend/app/main.py
+++ b/backend/app/main.py
@@ -6,9 +6,8 @@ from fastapi import FastAPI, Request, status
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.responses import JSONResponse
 from fastapi.exceptions import RequestValidationError
-from slowapi import Limiter, _rate_limit_exceeded_handler
+from slowapi import _rate_limit_exceeded_handler
 from slowapi.errors import RateLimitExceeded
-from slowapi.util import get_remote_address
 from sqlalchemy.exc import SQLAlchemyError

 from app.routers import auth as auth_router
@@ -40,6 +39,8 @@ from app.routers import advanced_metrics as advanced_metrics_router
 from app.routers import osint as osint_router
 from app.domain.errors import DomainError
 from app.middleware.error_handler import domain_exception_handler
+from app.middleware.request_context import RequestContextMiddleware
+from app.limiter import limiter
 from app.storage import ensure_bucket_exists
 from app.jobs.mitre_sync_job import start_scheduler, scheduler

@@ -71,10 +72,11 @@ app = FastAPI(
 )

 # ── Rate Limiter ──────────────────────────────────────────────────────────
-limiter = Limiter(key_func=get_remote_address)
 app.state.limiter = limiter
 app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)

+app.add_middleware(RequestContextMiddleware)
+
 # ── Domain exception → HTTP mapping ──────────────────────────────────────
 app.add_exception_handler(DomainError, domain_exception_handler)

@@ -136,15 +138,27 @@ def health():
 # ── Exception Handlers ────────────────────────────────────────────────────


+def _serialize_validation_errors(exc: RequestValidationError) -> list[dict]:
+    """Return validation errors safe for JSON (no raw exception objects)."""
+    serialized: list[dict] = []
+    for err in exc.errors():
+        item = dict(err)
+        ctx = item.get("ctx")
+        if isinstance(ctx, dict):
+            item["ctx"] = {key: str(value) for key, value in ctx.items()}
+        serialized.append(item)
+    return serialized
+
+
@app.exception_handler(RequestValidationError)
 async def validation_exception_handler(request: Request, exc: RequestValidationError):
    """Handle validation errors with consistent format."""
    return JSONResponse(
-        status_code=status.HTTP_400_BAD_REQUEST,
+        status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
        content={
            "detail": "Validation error",
            "code": "VALIDATION_ERROR",
-            "errors": exc.errors(),
+            "errors": _serialize_validation_errors(exc),
        },
    )