refactor: replace TRPCError with ErrorWithCode in packages/features (calcom#25482)

* refactor: replace TRPCError with ErrorWithCode in packages/features

This refactor moves error handling from throwing TRPCError directly in
packages/features to throwing ErrorWithCode instead. The conversion to
TRPCError now happens at the TRPC layer.

Changes:
- Add generic ErrorCode values (Unauthorized, Forbidden, NotFound,
  BadRequest, InternalServerError) to errorCodes.ts
- Update getServerErrorFromUnknown to map new ErrorCodes to proper
  HTTP status codes
- Create toTRPCError helper in packages/trpc/server/lib
- Create errorMappingMiddleware in packages/trpc/server/middlewares
- Migrate TRPCError throws in packages/features to ErrorWithCode:
  - teamService.ts
  - getEventTypeById.ts
  - eventTypeRepository.ts
  - OrganizationPermissionService.ts
  - OrganizationPaymentService.ts
  - sso.ts
  - handleCreatePhoneCall.ts
  - userCanCreateTeamGroupMapping.ts

This improves separation of concerns by making packages/features
transport-agnostic, allowing the same feature code to be reused from
tRPC, API routes, workers, etc.

Co-Authored-By: benny@cal.com <sldisek783@gmail.com>

* fix: remove isTrpcCall parameter and fix lint warning

- Remove isTrpcCall parameter from get.handler.ts call since the
  feature layer no longer needs to know about tRPC
- Fix unsafe optional chaining lint warning in getEventTypesByViewer.ts
  by precomputing usersSource variable
- Complete migration of getEventTypesByViewer.ts to ErrorWithCode

Co-Authored-By: benny@cal.com <sldisek783@gmail.com>

* revert

* add eslint rule

* add comment

* fix: add isTrpcCall back to getEventTypeById interface

The user reverted the removal of isTrpcCall parameter from the handler,
so we need to add it back to the interface to fix the type error.

Co-Authored-By: benny@cal.com <sldisek783@gmail.com>

* test: update teamService tests to expect ErrorWithCode instead of TRPCError

Co-Authored-By: benny@cal.com <sldisek783@gmail.com>

* refactor

* wip

* feat: integrate errorMappingMiddleware into base TRPC procedure

Co-Authored-By: benny@cal.com <sldisek783@gmail.com>

* connect middlewares

* revert

* revert

* refactor

* rename

* fix: handle ErrorWithCode in teams server-page error handling

The error handling was checking for TRPCError, but teamService now throws
ErrorWithCode. This caused the 'This invitation is not for your account'
error message to not be displayed when a wrong user tries to use an
invitation link.

Co-Authored-By: benny@cal.com <sldisek783@gmail.com>

* fix

* fix

* fix

---------

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>

Author: hbjORbj

apps/web/app/(use-page-wrapper)/(main-nav)/teams/server-page.tsx

@@ -6,11 +6,10 @@ import { TeamsListing } from "@calcom/features/ee/teams/components/TeamsListing"
 import { TeamRepository } from "@calcom/features/ee/teams/repositories/TeamRepository";
 import { TeamService } from "@calcom/features/ee/teams/services/teamService";
 import { PermissionCheckService } from "@calcom/features/pbac/services/permission-check.service";
+import { ErrorWithCode } from "@calcom/lib/errors";
 import prisma from "@calcom/prisma";
 import { MembershipRole } from "@calcom/prisma/enums";
 
-import { TRPCError } from "@trpc/server";
-
 import { TeamsCTA } from "./CTA";
 
 const getCachedTeams = unstable_cache(
@@ -52,7 +51,7 @@ export const ServerTeamsListing = async ({
       }
     } catch (e) {
       errorMsgFromInvite = "Error while fetching teams";
-      if (e instanceof TRPCError) errorMsgFromInvite = e.message;
+      if (e instanceof ErrorWithCode) errorMsgFromInvite = e.message;
     }
   }
 

packages/features/ee/dsync/lib/server/userCanCreateTeamGroupMapping.ts

@@ -1,27 +1,21 @@
 import { canAccessOrganization } from "@calcom/features/ee/sso/lib/saml";
 import prisma from "@calcom/prisma";
 import type { TrpcSessionUser } from "@calcom/trpc/server/types";
-
-import { TRPCError } from "@trpc/server";
+import { ErrorCode } from "@calcom/lib/errorCodes";
+import { ErrorWithCode } from "@calcom/lib/errors";
 
 const userCanCreateTeamGroupMapping = async (
   user: NonNullable<TrpcSessionUser>,
   organizationId: number | null,
   teamId?: number
 ) => {
   if (!organizationId) {
-    throw new TRPCError({
-      code: "BAD_REQUEST",
-      message: "Could not find organization id",
-    });
+    throw new ErrorWithCode(ErrorCode.BadRequest, "Could not find organization id");
   }
 
   const { message, access } = await canAccessOrganization(user, organizationId);
   if (!access) {
-    throw new TRPCError({
-      code: "BAD_REQUEST",
-      message,
-    });
+    throw new ErrorWithCode(ErrorCode.BadRequest, message);
   }
 
   if (teamId) {
@@ -36,10 +30,7 @@ const userCanCreateTeamGroupMapping = async (
     });
 
     if (!orgTeam) {
-      throw new TRPCError({
-        code: "BAD_REQUEST",
-        message: "Could not find team",
-      });
+      throw new ErrorWithCode(ErrorCode.BadRequest, "Could not find team");
     }
   }
 

packages/features/ee/organizations/lib/OrganizationPaymentService.ts

@@ -13,8 +13,8 @@ import { prisma } from "@calcom/prisma";
 import type { OrganizationOnboarding } from "@calcom/prisma/client";
 import { UserPermissionRole, type BillingPeriod } from "@calcom/prisma/enums";
 import { userMetadata } from "@calcom/prisma/zod-utils";
-
-import { TRPCError } from "@trpc/server";
+import { ErrorCode } from "@calcom/lib/errorCodes";
+import { ErrorWithCode } from "@calcom/lib/errors";
 
 import { OrganizationPermissionService } from "./OrganizationPermissionService";
 import type { OnboardingUser } from "./service/onboarding/types";
@@ -180,10 +180,10 @@ export class OrganizationPaymentService {
       this.permissionService.hasModifiedDefaultPayment(input) &&
       !this.permissionService.hasPermissionToModifyDefaultPayment()
     ) {
-      throw new TRPCError({
-        code: "UNAUTHORIZED",
-        message: "You do not have permission to modify the default payment settings",
-      });
+      throw new ErrorWithCode(
+        ErrorCode.Unauthorized,
+        "You do not have permission to modify the default payment settings"
+      );
     }
 
     await this.permissionService.validatePermissions(input);

packages/features/ee/organizations/lib/OrganizationPermissionService.ts

@@ -5,8 +5,8 @@ import logger from "@calcom/lib/logger";
 import { safeStringify } from "@calcom/lib/safeStringify";
 import { prisma } from "@calcom/prisma";
 import { MembershipRole } from "@calcom/prisma/enums";
-
-import { TRPCError } from "@trpc/server";
+import { ErrorCode } from "@calcom/lib/errorCodes";
+import { ErrorWithCode } from "@calcom/lib/errors";
 
 import type { OnboardingUser } from "./service/onboarding/types";
 
@@ -102,36 +102,30 @@ export class OrganizationPermissionService {
     } & SeatsPrice
   ): Promise<boolean> {
     if (!(await this.hasPermissionToCreateForEmail(input.orgOwnerEmail))) {
-      throw new TRPCError({
-        code: "UNAUTHORIZED",
-        message: "you_do_not_have_permission_to_create_an_organization_for_this_email",
-      });
+      throw new ErrorWithCode(
+        ErrorCode.Unauthorized,
+        "you_do_not_have_permission_to_create_an_organization_for_this_email"
+      );
     }
 
     if (await this.hasConflictingOrganization({ slug: input.slug })) {
-      throw new TRPCError({
-        code: "BAD_REQUEST",
-        message: "organization_already_exists_with_this_slug",
-      });
+      throw new ErrorWithCode(ErrorCode.BadRequest, "organization_already_exists_with_this_slug");
     }
 
     if (await this.hasCompletedOnboarding(input.orgOwnerEmail)) {
       // TODO: Consider redirecting to success page
-      throw new TRPCError({
-        code: "BAD_REQUEST",
-        message: "organization_onboarding_already_completed",
-      });
+      throw new ErrorWithCode(ErrorCode.BadRequest, "organization_onboarding_already_completed");
     }
 
     const teamsToMigrate = input.teams
       ?.filter((team) => team.id > 0 && team.isBeingMigrated)
       .map((team) => team.id);
 
     if (teamsToMigrate && !(await this.hasPermissionToMigrateTeams(teamsToMigrate))) {
-      throw new TRPCError({
-        code: "UNAUTHORIZED",
-        message: "you_do_not_have_permission_to_migrate_one_or_more_of_the_teams",
-      });
+      throw new ErrorWithCode(
+        ErrorCode.Unauthorized,
+        "you_do_not_have_permission_to_migrate_one_or_more_of_the_teams"
+      );
     }
 
     return true;

packages/features/ee/sso/lib/sso.ts

@@ -3,8 +3,8 @@ import { getOrganizationRepository } from "@calcom/features/ee/organizations/di/
 import { HOSTED_CAL_FEATURES } from "@calcom/lib/constants";
 import type { PrismaClient } from "@calcom/prisma";
 import { IdentityProvider } from "@calcom/prisma/enums";
-
-import { TRPCError } from "@trpc/server";
+import { ErrorCode } from "@calcom/lib/errorCodes";
+import { ErrorWithCode } from "@calcom/lib/errors";
 
 import jackson from "./jackson";
 import { tenantPrefix, samlProductID } from "./saml";
@@ -29,21 +29,13 @@ export const ssoTenantProduct = async (prisma: PrismaClient, email: string) => {
   let memberships = await getAllAcceptedMemberships({ prisma, email });
 
   if (!memberships || memberships.length === 0) {
-    if (!HOSTED_CAL_FEATURES)
-      throw new TRPCError({
-        code: "UNAUTHORIZED",
-        message: "no_account_exists",
-      });
+    if (!HOSTED_CAL_FEATURES) throw new ErrorWithCode(ErrorCode.Unauthorized, "no_account_exists");
 
     const domain = email.split("@")[1];
     const organizationRepository = getOrganizationRepository();
     const organization = await organizationRepository.getVerifiedOrganizationByAutoAcceptEmailDomain(domain);
 
-    if (!organization)
-      throw new TRPCError({
-        code: "UNAUTHORIZED",
-        message: "no_account_exists",
-      });
+    if (!organization) throw new ErrorWithCode(ErrorCode.Unauthorized, "no_account_exists");
 
     const createUsersAndConnectToOrgProps = {
       emailsToCreate: [email],
@@ -58,10 +50,7 @@ export const ssoTenantProduct = async (prisma: PrismaClient, email: string) => {
     memberships = await getAllAcceptedMemberships({ prisma, email });
 
     if (!memberships || memberships.length === 0)
-      throw new TRPCError({
-        code: "UNAUTHORIZED",
-        message: "no_account_exists",
-      });
+      throw new ErrorWithCode(ErrorCode.Unauthorized, "no_account_exists");
   }
 
   // Check SSO connections for each team user is a member of
@@ -81,11 +70,10 @@ export const ssoTenantProduct = async (prisma: PrismaClient, email: string) => {
     .filter((connections) => connections.length > 0);
 
   if (connectionsFound.length === 0) {
-    throw new TRPCError({
-      code: "BAD_REQUEST",
-      message:
-        "Could not find a SSO Identity Provider for your email. Please contact your admin to ensure you have been given access to Cal",
-    });
+    throw new ErrorWithCode(
+      ErrorCode.BadRequest,
+      "Could not find a SSO Identity Provider for your email. Please contact your admin to ensure you have been given access to Cal"
+    );
   }
 
   return {

packages/features/ee/teams/services/teamService.test.ts

@@ -7,11 +7,11 @@ import { TeamRepository } from "@calcom/features/ee/teams/repositories/TeamRepos
 import { WorkflowService } from "@calcom/features/ee/workflows/lib/service/WorkflowService";
 import { createAProfileForAnExistingUser } from "@calcom/features/profile/lib/createAProfileForAnExistingUser";
 import { deleteDomain } from "@calcom/lib/domainManager/organization";
+import { ErrorCode } from "@calcom/lib/errorCodes";
+import { ErrorWithCode } from "@calcom/lib/errors";
 import type { Membership, Team, User, VerificationToken, Profile } from "@calcom/prisma/client";
 import { MembershipRole } from "@calcom/prisma/enums";
 
-import { TRPCError } from "@trpc/server";
-
 import { TeamService } from "./teamService";
 
 vi.mock("@calcom/ee/billing/di/containers/Billing");
@@ -77,7 +77,7 @@ describe("TeamService", () => {
   describe("inviteMemberByToken", () => {
     it("should throw error if verification token is not found", async () => {
       prismaMock.verificationToken.findFirst.mockResolvedValue(null);
-      await expect(TeamService.inviteMemberByToken("invalid-token", 1)).rejects.toThrow(TRPCError);
+      await expect(TeamService.inviteMemberByToken("invalid-token", 1)).rejects.toThrow(ErrorWithCode);
     });
 
     it("should create provisional membership and update billing", async () => {
@@ -235,7 +235,7 @@ describe("TeamService", () => {
   describe("acceptInvitationByToken", () => {
     it("should throw error if verification token is not found", async () => {
       prismaMock.verificationToken.findFirst.mockResolvedValue(null);
-      await expect(TeamService.acceptInvitationByToken("invalid-token", 1)).rejects.toThrow(TRPCError);
+      await expect(TeamService.acceptInvitationByToken("invalid-token", 1)).rejects.toThrow(ErrorWithCode);
     });
 
     it("should throw error if token is not associated with team", async () => {
@@ -251,10 +251,7 @@ describe("TeamService", () => {
       );
 
       await expect(TeamService.acceptInvitationByToken("valid-token", 1)).rejects.toThrow(
-        new TRPCError({
-          code: "NOT_FOUND",
-          message: "Invite token is not associated with any team",
-        })
+        new ErrorWithCode(ErrorCode.NotFound, "Invite token is not associated with any team")
       );
     });
 
@@ -272,7 +269,7 @@ describe("TeamService", () => {
       prismaMock.user.findUnique.mockResolvedValue(null);
 
       await expect(TeamService.acceptInvitationByToken("valid-token", 1)).rejects.toThrow(
-        new TRPCError({ code: "NOT_FOUND", message: "User not found" })
+        new ErrorWithCode(ErrorCode.NotFound, "User not found")
       );
     });
 
@@ -295,10 +292,7 @@ describe("TeamService", () => {
       prismaMock.user.findUnique.mockResolvedValue(mockUser as User);
 
       await expect(TeamService.acceptInvitationByToken("valid-token", 1)).rejects.toThrow(
-        new TRPCError({
-          code: "FORBIDDEN",
-          message: "This invitation is not for your account",
-        })
+        new ErrorWithCode(ErrorCode.Forbidden, "This invitation is not for your account")
       );
     });
 
@@ -321,10 +315,7 @@ describe("TeamService", () => {
       prismaMock.user.findUnique.mockResolvedValue(mockUser as User);
 
       await expect(TeamService.acceptInvitationByToken("valid-token", 1)).rejects.toThrow(
-        new TRPCError({
-          code: "FORBIDDEN",
-          message: "This invitation is not for your account",
-        })
+        new ErrorWithCode(ErrorCode.Forbidden, "This invitation is not for your account")
       );
     });