HFQR
diff --git a/‎examples/auth/Cargo.toml‎
Lines changed: 3 additions & 2 deletions b/‎examples/auth/Cargo.toml‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎examples/auth/src/db/db.rs‎ ‎examples/auth/src/db.rs‎examples/auth/src/db/db.rs renamed to examples/auth/src/db.rs
Lines changed: 1 addition & 3 deletions b/‎examples/auth/src/db/db.rs‎ ‎examples/auth/src/db.rs‎examples/auth/src/db/db.rs renamed to examples/auth/src/db.rs
Lines changed: 1 addition & 3 deletions
diff --git a/‎examples/auth/src/db/mod.rs‎
Lines changed: 0 additions & 1 deletion b/‎examples/auth/src/db/mod.rs‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎examples/auth/src/main.rs‎
Lines changed: 19 additions & 51 deletions b/‎examples/auth/src/main.rs‎
Lines changed: 19 additions & 51 deletions
diff --git a/‎examples/auth/src/routes/login.rs‎
Lines changed: 24 additions & 62 deletions b/‎examples/auth/src/routes/login.rs‎
Lines changed: 24 additions & 62 deletions
diff --git a/‎examples/auth/src/routes/register.rs‎
Lines changed: 17 additions & 67 deletions b/‎examples/auth/src/routes/register.rs‎
Lines changed: 17 additions & 67 deletions
@@ -6,10 +6,11 @@ edition = "2024"
 [dependencies]
 dotenvy = "0.15.7"
 password-auth = "1.0.0"
-serde = {version="1.0.228", features=["derive"]}
+serde = {version="1.0.228", features=["derive"] }
 serde_json = "1.0.148"
 validator = { version = "0.20.0", features = ["derive"] }
 xitca-postgres = "0.3.0"
-xitca-web = {version="0.7.1", features=["json","rate-limit", "compress-br", "compress-de", "compress-gz"]}
+xitca-web = { version="0.7.1", features=["json", "rate-limit", "compress-br", "compress-de", "compress-gz"]}
+thiserror = "2"
 tokio = { version = "1", features = ["full"] }
 cuid2 = "0.1.4"
@@ -13,9 +13,7 @@ impl DbClient {
     /// Pool automatically manages connection lifecycle and reuse.
     pub async fn new(database_url: &str) -> Result<Self, Error> {
         let pool = Pool::builder(database_url).capacity(10).build()?;
-        Ok(Self {
-            pool: Arc::new(pool),
-        })
+        Ok(Self { pool: Arc::new(pool) })
     }
 
     /// Returns a reference to the underlying connection pool.
 
@@ -3,17 +3,17 @@ mod routes;
 mod utils;
 
 use crate::{
-    db::db::DbClient,
+    db::DbClient,
     routes::{login::login, register::register},
     utils::structs::ApiResponse,
 };
 use dotenvy::dotenv;
 use xitca_web::{
     App, WebContext,
     error::Error,
-    handler::handler_service,
-    http::{Response, StatusCode, WebResponse},
-    middleware::{compress::Compress, decompress::Decompress, rate_limit::RateLimit},
+    handler::{Responder, handler_service, json::Json},
+    http::WebResponse,
+    middleware::{compress::Compress, rate_limit::RateLimit},
     route::post,
     service::Service,
 };
@@ -25,59 +25,30 @@ pub struct AppState {
 }
 
 /// Global error handler middleware.
-/// Converts all errors to appropriate HTTP responses with correct status codes.
-async fn error_handler<S, C, B>(
-    service: &S,
-    mut ctx: WebContext<'_, C, B>,
-) -> Result<WebResponse, Error>
+async fn error_handler<S, C>(service: &S, mut ctx: WebContext<'_, C>) -> Result<WebResponse, Error>
 where
     C: 'static,
-    B: 'static,
-    S: for<'r> Service<WebContext<'r, C, B>, Response = WebResponse, Error = Error>,
+    S: for<'r> Service<WebContext<'r, C>, Response = WebResponse, Error = Error>,
 {
     match service.call(ctx.reborrow()).await {
         Ok(res) => Ok(res),
         Err(e) => {
-            let error_msg = e.to_string();
+            // print and convert error to http response
+            eprintln!("{e}");
 
-            // Map error types to appropriate HTTP status codes.
-            let status = if error_msg.contains("InvalidInput") || error_msg.contains("Validation") {
-                StatusCode::BAD_REQUEST
-            } else if error_msg.contains("NotFound") {
-                StatusCode::NOT_FOUND
-            } else if error_msg.contains("PermissionDenied")
-                || error_msg.contains("Invalid email or password")
-            {
-                StatusCode::UNAUTHORIZED
-            } else if error_msg.contains("AlreadyExists")
-                || error_msg.contains("already registered")
-            {
-                StatusCode::CONFLICT
-            } else {
-                StatusCode::INTERNAL_SERVER_ERROR
-            };
+            let res = e.call(ctx.reborrow()).await?;
 
-            // If error message is already JSON, use it directly.
-            // Otherwise, wrap in ApiResponse structure.
-            let json_body = if error_msg.starts_with('{') && error_msg.ends_with('}') {
-                error_msg
-            } else {
-                let error_response = ApiResponse::<()> {
+            // override response body to json object.
+            (
+                res,
+                Json(ApiResponse::<()> {
                     success: false,
-                    message: error_msg,
+                    message: e.to_string(),
                     data: None,
-                };
-                serde_json::to_string(&error_response).unwrap_or_else(|_| {
-                    r#"{"success":false,"message":"Internal error"}"#.to_string()
-                })
-            };
-
-            Ok(Response::builder()
-                .status(status)
-                .header("content-type", "application/json")
-                .body(json_body.into())
-                .unwrap()
-                .into())
+                }),
+            )
+                .respond(ctx)
+                .await
         }
     }
 }
@@ -91,9 +62,7 @@ async fn main() -> std::io::Result<()> {
     let database_url = std::env::var("DATABASE_URL").expect("DATABASE_URL must be set");
 
     // Initialize connection pool.
-    let db_client = DbClient::new(&database_url)
-        .await
-        .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e))?;
+    let db_client = DbClient::new(&database_url).await.map_err(std::io::Error::other)?;
 
     println!("✓ Server running on http://localhost:8080");
 
@@ -107,7 +76,6 @@ async fn main() -> std::io::Result<()> {
         .enclosed_fn(error_handler) // Global error handling
         .enclosed(RateLimit::per_minute(60)) // Rate limiting: 60 requests/minute
         .enclosed(Compress) // Response compression
-        .enclosed(Decompress) // Request decompression
         .serve()
         .bind("localhost:8080")?
         .run()
 
@@ -1,6 +1,9 @@
 use crate::{
     AppState,
-    utils::{error::DbError, structs::ApiResponse, validator::flatten_errors},
+    utils::{
+        error::{AuthError, DbError, ValidationError},
+        structs::ApiResponse,
+    },
 };
 use password_auth::verify_password;
 use serde::{Deserialize, Serialize};
@@ -35,78 +38,37 @@ pub async fn login(
     Json(req): Json<Login>,
 ) -> Result<Json<ApiResponse<UserData>>, Error> {
     // Validate input structure (email format, password length).
-    // Using inspect_err for logging while preserving error handling.
-    if let Err(e) = req
-        .validate()
-        .inspect_err(|e| eprintln!("Validation error: {:?}", e))
-    {
-        let error_body = flatten_errors(e);
-        let response = ApiResponse {
-            success: false,
-            message: format!("Validation Failed: {:?}", error_body),
-            data: None::<UserData>,
-        };
-        return Err(Error::from(std::io::Error::new(
-            std::io::ErrorKind::InvalidInput,
-            serde_json::to_string(&response).unwrap(),
-        )));
-    }
+    req.validate().map_err(ValidationError)?;
 
     let Login { email, password } = req;
 
-    // Get connection from pool - follows TechEmpower benchmark pattern.
-    let conn = state.db_client.pool().get().await.map_err(DbError)?;
-
     // Prepare statement on the connection (prevents SQL injection).
     let mut rows = Statement::named(
         "SELECT id, name, email, password FROM users WHERE email = $1",
         &[Type::TEXT],
     )
     .bind([&email])
-    .query(&conn)
+    .query(state.db_client.pool())
     .await
     .map_err(DbError)?;
 
-    if let Some(row) = rows.try_next().await.map_err(DbError)? {
-        let user_id: String = row.get(0);
-        let user_name: String = row.get(1);
-        let user_email: String = row.get(2);
-        let password_hash: String = row.get(3);
+    let row = rows.try_next().await.map_err(DbError)?.ok_or(AuthError::NotFound)?;
+
+    let user_id: String = row.get(0);
+    let user_name: String = row.get(1);
+    let user_email: String = row.get(2);
+    let password_hash: String = row.get(3);
+
+    // Verify password against stored hash using password_auth crate.
+    verify_password(password, &password_hash).map_err(|_| AuthError::PermissionDenied)?;
 
-        // Verify password against stored hash using password_auth crate.
-        match verify_password(password, &password_hash) {
-            Ok(_) => Ok(Json(ApiResponse {
-                success: true,
-                message: "Login successful".to_string(),
-                data: Some(UserData {
-                    id: user_id,
-                    name: user_name,
-                    email: user_email,
-                }),
-            })),
-            Err(_) => {
-                // Return generic error message to prevent user enumeration.
-                let response = ApiResponse {
-                    success: false,
-                    message: "Invalid email or password".to_string(),
-                    data: None::<UserData>,
-                };
-                Err(Error::from(std::io::Error::new(
-                    std::io::ErrorKind::PermissionDenied,
-                    serde_json::to_string(&response).unwrap(),
-                )))
-            }
-        }
-    } else {
-        // User not found - return same error message as invalid password.
-        let response = ApiResponse {
-            success: false,
-            message: "Invalid email or password".to_string(),
-            data: None::<UserData>,
-        };
-        Err(Error::from(std::io::Error::new(
-            std::io::ErrorKind::NotFound,
-            serde_json::to_string(&response).unwrap(),
-        )))
-    }
+    Ok(Json(ApiResponse {
+        success: true,
+        message: "Login successful".to_string(),
+        data: Some(UserData {
+            id: user_id,
+            name: user_name,
+            email: user_email,
+        }),
+    }))
 }
@@ -1,6 +1,9 @@
 use crate::{
     AppState,
-    utils::{error::DbError, structs::ApiResponse, validator::flatten_errors},
+    utils::{
+        error::{DbError, ValidationError},
+        structs::ApiResponse,
+    },
 };
 use cuid2;
 use password_auth::generate_hash;
@@ -36,86 +39,33 @@ pub async fn register(
     Json(req): Json<RegisterRequest>,
 ) -> Result<Json<ApiResponse<RegisterResponse>>, Error> {
     // Validate input structure.
-    // Using inspect_err for logging while preserving error handling.
-    if let Err(e) = req
-        .validate()
-        .inspect_err(|e| eprintln!("Validation error: {:?}", e))
-    {
-        let error_body = flatten_errors(e);
-        let response = ApiResponse {
-            success: false,
-            message: format!("Validation Failed: {:?}", error_body),
-            data: None::<RegisterResponse>,
-        };
-        return Err(Error::from(std::io::Error::new(
-            std::io::ErrorKind::InvalidInput,
-            serde_json::to_string(&response).unwrap(),
-        )));
-    }
+    req.validate().map_err(ValidationError)?;
 
-    let RegisterRequest {
-        name,
-        email,
-        password,
-    } = req;
+    let RegisterRequest { name, email, password } = req;
 
     // Generate collision-resistant ID using CUID2.
     let user_id = cuid2::create_id();
 
     // Hash password using password_auth (Argon2 by default).
     let hashed_password = generate_hash(password);
 
-    // Get connection from pool.
-    let conn = state.db_client.pool().get().await.map_err(DbError)?;
-
     // Prepare INSERT statement.
     // Bind parameters and execute query.
-    let res = Statement::named(
+    let mut rows = Statement::named(
         "INSERT INTO users (id, name, email, password) VALUES ($1, $2, $3, $4) RETURNING id",
         &[Type::TEXT, Type::TEXT, Type::TEXT, Type::TEXT],
     )
     .bind([&user_id, &name, &email, &hashed_password])
-    .query(&conn)
-    .await;
-
-    match res {
-        Ok(mut rows) => {
-            let mut registered_id = String::new();
-            if let Some(row) = rows.try_next().await.map_err(DbError)? {
-                registered_id = row.get(0);
-            }
-
-            Ok(Json(ApiResponse {
-                success: true,
-                message: "Registration successful".to_string(),
-                data: Some(RegisterResponse {
-                    user_id: registered_id,
-                }),
-            }))
-        }
-        Err(e) => {
-            let db_error = e.to_string();
-
-            // Check for unique constraint violation (duplicate email).
-            let (message, kind) = if db_error.contains("unique constraint") {
-                (
-                    "Email is already registered",
-                    std::io::ErrorKind::AlreadyExists,
-                )
-            } else {
-                ("Internal server error", std::io::ErrorKind::Other)
-            };
+    .query(state.db_client.pool())
+    .await
+    .map_err(DbError)?;
 
-            let response = ApiResponse {
-                success: false,
-                message: message.to_string(),
-                data: None::<RegisterResponse>,
-            };
+    let row = rows.try_next().await.map_err(DbError)?.expect("sql must return id");
+    let user_id = row.get("id");
 
-            Err(Error::from(std::io::Error::new(
-                kind,
-                serde_json::to_string(&response).unwrap(),
-            )))
-        }
-    }
+    Ok(Json(ApiResponse {
+        success: true,
+        message: "Registration successful".to_string(),
+        data: Some(RegisterResponse { user_id }),
+    }))
 }