🔧 Fix CodeRabbit suggestions and build issues

Deepak Pandey · Deepak Pandey · commit ef38cce8e935 · 2025-09-07T20:40:15.000+05:30
- ✅ Fix syntax error in withSecurity function (missing try block) - ✅ Improve TypeScript types in CSP config (remove @ts-expect-error) - ✅ Enhance Web Crypto API type safety - ✅ Maintain build compatibility across Node.js and Edge runtimes Build Status: ✅ SUCCESS ESLint Warnings: 1 (acceptable - DOMPurify integration) TypeScript: ✅ All type errors resolved Production Ready: ✅ YES
diff --git a/lib/security/api-wrapper.ts b/lib/security/api-wrapper.ts
@@ -16,6 +16,23 @@ export interface APIHandler {
  */
 export function withSecurity(handler: APIHandler) {
   return async (request: NextRequest): Promise<Response> => {
+    const requestId = crypto.randomUUID();
+    
+    try {
+      // Add request ID to headers for tracking
+      const response = await handler(request);
+      
+      // Add security headers
+      response.headers.set('X-Request-ID', requestId);
+      response.headers.set('X-Content-Type-Options', 'nosniff');
+      response.headers.set('X-Frame-Options', 'DENY');
+      response.headers.set('X-XSS-Protection', '1; mode=block');
+      
+      // Add CSP header
+      const cspConfig = getCSPConfig(request);
+      response.headers.set('Content-Security-Policy', cspConfig.policy);
+      
+      return response;
     } catch (error) {
       const res = ErrorSanitizer.createErrorResponse(
         error,
@@ -32,14 +49,6 @@ export function withSecurity(handler: APIHandler) {
       res.headers.set('Content-Security-Policy', cspConfig.policy);
       return res;
     }
-    } catch (error) {
-      return ErrorSanitizer.createErrorResponse(
-        error,
-        500,
-        'api-wrapper-catch',
-        requestId
-      );
-    }
   };
 }
 
diff --git a/lib/security/csp-config.ts b/lib/security/csp-config.ts
@@ -16,16 +16,17 @@ export interface CSPConfig {
  */
 export function generateNonce(): string {
   // Prefer Web Crypto (Edge/Browser)
-  const webCrypto = (globalThis as any).crypto;
+  const webCrypto = (globalThis as { crypto?: { getRandomValues?: (arr: Uint8Array) => void } }).crypto;
   if (webCrypto?.getRandomValues) {
     const arr = new Uint8Array(16);
     webCrypto.getRandomValues(arr);
     // Base64 encode without Buffer dependency
     let binary = '';
     for (let i = 0; i < arr.length; i++) binary += String.fromCharCode(arr[i]);
     // btoa is available in Edge/Browser
-    // @ts-ignore
-    return typeof btoa === 'function' ? btoa(binary) : Buffer.from(arr).toString('base64');
+    return typeof (globalThis as { btoa?: (str: string) => string }).btoa === 'function' 
+      ? (globalThis as { btoa: (str: string) => string }).btoa(binary) 
+      : Buffer.from(arr).toString('base64');
   }
   // Node.js fallback
   return crypto.randomBytes(16).toString('base64');
