fix: standardize API error handling across services and composables

.github/workflows/audit.yml

@@ -10,7 +10,9 @@ jobs:
         with:
           node-version: 24.x
       - name: Audit Root Level
-        run: npm audit --audit-level=high
+        run: |
+          npm ci 
+          npm audit --audit-level=high --omit=dev
       - name: Audit Client
         run: cd client && npm audit --audit-level=high
       - name: Audit Auth Service

client/src/components/PushNotificationToast.vue

@@ -1,10 +1,10 @@
 <script setup lang="ts">
-import { usePush } from '@/composables/usePush.ts'
+import { useWebPushNotifications } from '@/composables/useWebPushNotifications.ts'
 
 import { useI18n } from 'vue-i18n'
 
 const { t } = useI18n()
-const { permission, subscribe, isSupported } = usePush()
+const { permission, subscribe, isSupported } = useWebPushNotifications()
 
 const enableAlerts = async () => {
   await subscribe()

client/src/components/__tests__/PushNotificationToast.spec.ts

@@ -8,8 +8,8 @@ const { subscribeMock } = vi.hoisted(() => ({ subscribeMock: vi.fn() }))
 const permission = ref('default')
 const isSupported = ref(true)
 
-vi.mock('@/composables/usePush', () => ({
-  usePush: () => ({ permission, isSupported, subscribe: subscribeMock }),
+vi.mock('@/composables/useWebPushNotifications', () => ({
+  useWebPushNotifications: () => ({ permission, isSupported, subscribe: subscribeMock }),
 }))
 
 beforeEach(() => {

client/src/components/cards/__tests__/DomainCard.spec.ts

@@ -7,7 +7,7 @@ vi.mock('vue-i18n', () => ({
   useI18n: () => ({ t: (key: string) => key }),
 }))
 
-vi.mock('@/helpers/roles.ts', () => ({
+vi.mock('@/helpers/role.ts', () => ({
   getRoleMeta: vi.fn((role: string) => ({ i18nKey: `domains.roles.${role}` })),
 }))
 
@@ -51,7 +51,7 @@ describe('DomainCard.vue', () => {
       })
 
       expect(wrapper.text()).toContain('globex')
-      expect(wrapper.text()).toContain('domains.roles.business_staff')
+      expect(wrapper.text()).toContain('domains.roles.businessStaff')
     })
 
     it('renders the upload button only when canUpload is true', () => {

client/src/composables/__tests__/usePush.spec.ts → client/src/composables/__tests__/useWebPushNotifications.spec.ts

@@ -1,7 +1,7 @@
 import { describe, it, expect, vi, beforeEach, afterEach, type Mock } from 'vitest'
-import { usePush } from '../usePush'
+import { useWebPushNotifications } from '../useWebPushNotifications.ts'
 
-describe('usePush', () => {
+describe('useWebPushNotifications', () => {
   const MOCK_VAPID_KEY = 'AQID'
 
   type MockRegistration = {
@@ -65,7 +65,7 @@ describe('usePush', () => {
   })
 
   it('correctly detects support', () => {
-    const { isSupported } = usePush()
+    const { isSupported } = useWebPushNotifications()
     expect(isSupported.value).toBe(true)
   })
 
@@ -74,15 +74,15 @@ describe('usePush', () => {
     // @ts-expect-error
     delete global.window.PushManager
 
-    const { isSupported, subscribe } = usePush()
+    const { isSupported, subscribe } = useWebPushNotifications()
     expect(isSupported.value).toBe(false)
 
     await subscribe()
     expect(global.navigator.serviceWorker.register).not.toHaveBeenCalled()
   })
 
   it('subscribes successfully (New Subscription)', async () => {
-    const { subscribe, isSubscribed, permission } = usePush()
+    const { subscribe, isSubscribed, permission } = useWebPushNotifications()
 
     // The composable fetches VAPID key first, then posts the subscription.
     const fetchMock = vi
@@ -108,6 +108,7 @@ describe('usePush', () => {
     expect(fetchMock).toHaveBeenNthCalledWith(
       1,
       expect.stringContaining('/notification/public-key'),
+      expect.objectContaining({ method: 'GET' }),
     )
 
     // Check second call (Subscribe POST)
@@ -129,7 +130,7 @@ describe('usePush', () => {
   })
 
   it('handles Key Mismatch (Resubscribes)', async () => {
-    const { subscribe } = usePush()
+    const { subscribe } = useWebPushNotifications()
 
     global.fetch = vi
       .fn()
@@ -149,7 +150,7 @@ describe('usePush', () => {
   })
 
   it('handles API errors gracefully', async () => {
-    const { subscribe, permission } = usePush()
+    const { subscribe, permission } = useWebPushNotifications()
 
     global.fetch = vi.fn().mockRejectedValue(new Error('Network Error'))
 
@@ -159,7 +160,7 @@ describe('usePush', () => {
   })
 
   it('handles Server Subscription failure', async () => {
-    const { subscribe, permission } = usePush()
+    const { subscribe, permission } = useWebPushNotifications()
 
     global.fetch = vi
       .fn()

client/src/composables/useBuildingModel.ts

@@ -60,7 +60,6 @@ export function useBuildingModel() {
       await domainsStore.fetchMemberships()
       if (!domainsStore.memberships) return
 
-      // Parallel fetch — no more sequential for loop
       await buildingsStore.fetch(domainsStore.memberships)
 
       allBuildings.value = buildingsStore.all

client/src/composables/usePush.ts → client/src/composables/useWebPushNotifications.ts

@@ -1,8 +1,8 @@
 import { ref } from 'vue'
+import { makeRequest } from '@/composables/useApi.ts'
 
-const SERVER_URL = import.meta.env.VITE_SERVER_URL || ''
-
-export function usePush() {
+export function useWebPushNotifications() {
+  // Detects if the browser supports both Service Workers and the Push API
   const isSupported = ref('serviceWorker' in navigator && 'PushManager' in window)
   const permission = ref(Notification.permission)
   const isSubscribed = ref(false)
@@ -31,16 +31,21 @@ export function usePush() {
     if (!isSupported.value) return
 
     try {
-      const keyResponse = await fetch(`${SERVER_URL}/notification/public-key`)
-      if (!keyResponse.ok) throw new Error('Could not fetch VAPID key')
-      const { publicVapidKey } = await keyResponse.json()
+      const keyResponse = await makeRequest(`/notification/public-key`)
+      const data = await keyResponse.json()
+
+      if (!keyResponse.ok){
+        console.log(`Failed to fetch VAPID key: ${data.type} - ${data.message}`)
+        return
+      }
 
       const register = await navigator.serviceWorker.register('/service-worker.js')
       let subscription = await register.pushManager.getSubscription()
 
+      // If is present an old subscription with different keys I have to update the server key
       if (subscription) {
         const currentKey = subscription.options.applicationServerKey
-        if (!areKeysEqual(publicVapidKey, currentKey)) {
+        if (!areKeysEqual(data.publicVapidKey, currentKey)) {
           await subscription.unsubscribe()
           subscription = null
         }
@@ -49,18 +54,18 @@ export function usePush() {
       if (!subscription) {
         subscription = await register.pushManager.subscribe({
           userVisibleOnly: true,
-          applicationServerKey: urlBase64ToUint8Array(publicVapidKey),
+          applicationServerKey: urlBase64ToUint8Array(data.publicVapidKey),
         })
       }
 
-      const response = await fetch(`${SERVER_URL}/notification/subscribe`, {
-        method: 'POST',
+      const response = await makeRequest(`/notification/subscribe`, 'POST', {
         body: JSON.stringify(subscription),
-        headers: { 'Content-Type': 'application/json' },
       })
 
       if (!response.ok) {
-        throw new Error(`Server error: ${response.status}`)
+        const errorData = await response.json()
+        console.log(`Failed to subscribe: ${errorData.type} - ${errorData.message}`)
+        return
       }
 
       isSubscribed.value = true

client/src/stores/__tests__/authentication.spec.ts

@@ -85,9 +85,16 @@ describe('useAuthStore', () => {
     })
 
     it('throws when the response is not ok', async () => {
-      vi.mocked(makeRequest).mockResolvedValue(makeResponse(false) as unknown as Response)
+      vi.mocked(makeRequest).mockResolvedValue(
+        makeResponse(false, {
+          type: 'AuthError',
+          message: 'User already exists',
+        }) as unknown as Response,
+      )
+      await expect(
+        useAuthStore().login('bob', 'pass'),
+      ).resolves.toBeUndefined()
 
-      await expect(useAuthStore().login('alice', 'wrong')).rejects.toThrow('Login failed')
     })
 
     it('does not mutate state when the response is not ok', async () => {
@@ -178,11 +185,15 @@ describe('useAuthStore', () => {
     })
 
     it('throws when the response is not ok', async () => {
-      vi.mocked(makeRequest).mockResolvedValue(makeResponse(false) as unknown as Response)
-
-      await expect(useAuthStore().register('bob', 'bob@example.com', 'pass')).rejects.toThrow(
-        'Registration failed',
+      vi.mocked(makeRequest).mockResolvedValue(
+        makeResponse(false, {
+          type: 'AuthError',
+          message: 'User already exists',
+        }) as unknown as Response,
       )
+      await expect(
+        useAuthStore().register('bob', 'bob@example.com', 'pass'),
+      ).resolves.toBeUndefined()
     })
 
     it('does not mutate state when the response is not ok', async () => {

client/src/stores/authentication.ts

@@ -15,8 +15,11 @@ export const useAuthStore = defineStore('authentication', {
       const res = await makeRequest('/auth/login', 'POST', {
         body: JSON.stringify({ accountName, password }),
       })
-      if (!res.ok) throw new Error('Login failed')
       const data = await res.json()
+      if (!res.ok) {
+        console.log(`Failed to login: ${data.type} - ${data.message}`)
+        return;
+      }
       this.accountName = data.account.accountName
       this.isAuthenticated = true
     },
@@ -28,8 +31,12 @@ export const useAuthStore = defineStore('authentication', {
       const res = await makeRequest('/auth/register', 'POST', {
         body: JSON.stringify(payload),
       })
-      if (!res.ok) throw new Error('Registration failed')
       const data = await res.json()
+
+      if (!res.ok) {
+        console.log(`Failed to register: ${data.type} - ${data.message}`)
+        return
+      }
       this.accountName = data.account.accountName
       this.isAuthenticated = true
     },

client/src/stores/domain.ts

@@ -19,7 +19,7 @@ export const useDomainsStore = defineStore('domains', {
         const { accountName } = useAuthStore()
         const res = await makeRequest(`/auth/domains/${accountName}`)
         const data = await res.json()
-        this.memberships = data.domains ?? []
+        this.memberships = res.ok ? (data.domains ?? []) : []
       } finally {
         this.loading = false
       }
@@ -31,7 +31,7 @@ export const useDomainsStore = defineStore('domains', {
       try {
         const res = await makeRequest('/auth/domains')
         const data = await res.json()
-        this.allDomains = data.domains ?? []
+        this.allDomains = res.ok ? (data.domains ?? []) : []
       } finally {
         this.loadingAll = false
       }

landing-page/api/auth.yaml

@@ -118,7 +118,7 @@ paths:
         "201":
           description: Account created successfully
         "400":
-          description: Bad request (e.g., account already exists)
+          $ref: "error.yaml#/components/responses/BadRequest"
 
   /login:
     post:
@@ -158,7 +158,7 @@ paths:
                   account:
                     $ref: "#/components/schemas/Account"
         "401":
-          description: Invalid credentials
+            $ref: "error.yaml#/components/responses/Unauthorized"
 
   /business/register:
     post:
@@ -196,7 +196,9 @@ paths:
         "201":
           description: Enterprise account created
         "401":
-          description: Unauthorized / Invalid HMAC signature
+          $ref: "error.yaml#/components/responses/Unauthorized"
+        "403":
+          $ref: "error.yaml#/components/responses/Forbidden"
 
   /me:
     get:
@@ -211,7 +213,7 @@ paths:
               schema:
                 $ref: "#/components/schemas/Account"
         "401":
-          description: Unauthorized
+            $ref: "error.yaml#/components/responses/Unauthorized"
 
   /logout:
     post:
@@ -252,7 +254,7 @@ paths:
         "201":
           description: Domain created successfully
         "403":
-          description: Forbidden (insufficient role)
+          $ref: "error.yaml#/components/responses/Forbidden"
 
   /domains/{accountName}:
     get:
@@ -317,7 +319,7 @@ paths:
         "201":
           description: Subdomain created successfully
         "403":
-          description: Forbidden
+            $ref: "error.yaml#/components/responses/Forbidden"
 
   /domains/{accountName}/subscribe:
     post: