diff --git a/app/api/v1/admin/auth.py b/app/api/v1/admin/auth.py
index 1a5d1695..3b6d67e0 100644
--- a/app/api/v1/admin/auth.py
+++ b/app/api/v1/admin/auth.py
@@ -14,12 +14,12 @@ from fastapi import APIRouter, Depends, Response
from sqlalchemy.orm import Session
from app.core.database import get_db
+from app.core.environment import should_use_secure_cookies
from app.services.auth_service import auth_service
from app.exceptions import InvalidCredentialsException
from models.schema.auth import LoginResponse, UserLogin, UserResponse
from models.database.user import User
from app.api.deps import get_current_admin_api
-from app.core.config import settings
router = APIRouter(prefix="/auth")
logger = logging.getLogger(__name__)
@@ -60,7 +60,7 @@ def admin_login(
key="admin_token",
value=login_result["token_data"]["access_token"],
httponly=True, # JavaScript cannot access (XSS protection)
- secure=settings.environment == "production", # HTTPS only in production
+ secure=should_use_secure_cookies(), # HTTPS only in production/staging
samesite="lax", # CSRF protection
max_age=login_result["token_data"]["expires_in"], # Match JWT expiry
path="/admin", # RESTRICTED TO ADMIN ROUTES ONLY
@@ -68,7 +68,7 @@ def admin_login(
logger.debug(
f"Set admin_token cookie with {login_result['token_data']['expires_in']}s expiry "
- f"(path=/admin, httponly=True, secure={settings.environment == 'production'})"
+ f"(path=/admin, httponly=True, secure={should_use_secure_cookies()})"
)
# Also return token in response for localStorage (API calls)
diff --git a/app/api/v1/public/vendors/auth.py b/app/api/v1/public/vendors/auth.py
index 611c2b5c..d8986164 100644
--- a/app/api/v1/public/vendors/auth.py
+++ b/app/api/v1/public/vendors/auth.py
@@ -12,7 +12,7 @@ This prevents:
"""
import logging
-from fastapi import APIRouter, Depends, Response
+from fastapi import APIRouter, Depends, Response, Request
from sqlalchemy.orm import Session
from app.core.database import get_db
@@ -21,7 +21,8 @@ from app.exceptions import VendorNotFoundException
from models.schema.auth import LoginResponse, UserLogin
from models.schema.customer import CustomerRegister, CustomerResponse
from models.database.vendor import Vendor
-from app.core.config import settings
+from app.api.deps import get_current_customer_api
+from app.core.environment import should_use_secure_cookies
router = APIRouter(prefix="/auth")
logger = logging.getLogger(__name__)
@@ -110,7 +111,7 @@ def customer_login(
key="customer_token",
value=login_result["token_data"]["access_token"],
httponly=True, # JavaScript cannot access (XSS protection)
- secure=settings.environment == "production", # HTTPS only in production
+ secure=should_use_secure_cookies(), # HTTPS only in production/staging
samesite="lax", # CSRF protection
max_age=login_result["token_data"]["expires_in"], # Match JWT expiry
path="/shop", # RESTRICTED TO SHOP ROUTES ONLY
@@ -118,7 +119,7 @@ def customer_login(
logger.debug(
f"Set customer_token cookie with {login_result['token_data']['expires_in']}s expiry "
- f"(path=/shop, httponly=True, secure={settings.environment == 'production'})"
+ f"(path=/shop, httponly=True, secure={should_use_secure_cookies()})"
)
# Return full login response
@@ -230,8 +231,6 @@ def get_current_customer(
This endpoint can be called to verify authentication and get customer info.
Requires customer authentication via cookie or header.
"""
- from app.api.deps import get_current_customer_api
- from fastapi import Request
# Note: This would need Request object to check cookies
# For now, just indicate the endpoint exists
diff --git a/app/api/v1/vendor/auth.py b/app/api/v1/vendor/auth.py
index 563b54ac..67832a18 100644
--- a/app/api/v1/vendor/auth.py
+++ b/app/api/v1/vendor/auth.py
@@ -24,7 +24,8 @@ from models.schema.auth import UserLogin
from models.database.vendor import Vendor, VendorUser, Role
from models.database.user import User
from pydantic import BaseModel
-from app.core.config import settings
+from app.api.deps import get_current_vendor_api
+from app.core.environment import should_use_secure_cookies
router = APIRouter(prefix="/auth")
logger = logging.getLogger(__name__)
@@ -139,7 +140,7 @@ def vendor_login(
key="vendor_token",
value=login_result["token_data"]["access_token"],
httponly=True, # JavaScript cannot access (XSS protection)
- secure=settings.environment == "production", # HTTPS only in production
+ secure=should_use_secure_cookies(), # HTTPS only in production/staging
samesite="lax", # CSRF protection
max_age=login_result["token_data"]["expires_in"], # Match JWT expiry
path="/vendor", # RESTRICTED TO VENDOR ROUTES ONLY
@@ -147,7 +148,7 @@ def vendor_login(
logger.debug(
f"Set vendor_token cookie with {login_result['token_data']['expires_in']}s expiry "
- f"(path=/vendor, httponly=True, secure={settings.environment == 'production'})"
+ f"(path=/vendor, httponly=True, secure={should_use_secure_cookies()})"
)
# Return full login response
@@ -205,7 +206,6 @@ def get_current_vendor_user(
This endpoint can be called to verify authentication and get user info.
"""
- from app.api.deps import get_current_vendor_api
# This will check both cookie and header
user = get_current_vendor_api(request, db=db)
diff --git a/app/core/environment.py b/app/core/environment.py
new file mode 100644
index 00000000..e34e6fc4
--- /dev/null
+++ b/app/core/environment.py
@@ -0,0 +1,107 @@
+# app/core/environment.py
+"""
+Environment detection utilities.
+
+Automatically detects environment based on runtime conditions
+rather than relying on configuration.
+"""
+
+import os
+from typing import Literal
+
+EnvironmentType = Literal["development", "staging", "production"]
+
+
+def get_environment() -> EnvironmentType:
+ """
+ Detect current environment automatically.
+
+ Detection logic:
+ 1. Check ENV environment variable if set
+ 2. Check ENVIRONMENT environment variable if set
+ 3. Auto-detect based on hostname/indicators:
+ - localhost, 127.0.0.1 → development
+ - Contains 'staging' → staging
+ - Otherwise → production (safe default)
+
+ Returns:
+ str: 'development', 'staging', or 'production'
+ """
+ # Priority 1: Explicit ENV variable
+ env = os.getenv("ENV", "").lower()
+ if env in ["development", "dev", "local"]:
+ return "development"
+ elif env in ["staging", "stage"]:
+ return "staging"
+ elif env in ["production", "prod"]:
+ return "production"
+
+ # Priority 2: ENVIRONMENT variable
+ env = os.getenv("ENVIRONMENT", "").lower()
+ if env in ["development", "dev", "local"]:
+ return "development"
+ elif env in ["staging", "stage"]:
+ return "staging"
+ elif env in ["production", "prod"]:
+ return "production"
+
+ # Priority 3: Auto-detect from common indicators
+
+ # Check if running in debug mode (common in development)
+ if os.getenv("DEBUG", "").lower() in ["true", "1", "yes"]:
+ return "development"
+
+ # Check common development indicators
+ hostname = os.getenv("HOSTNAME", "").lower()
+ if any(dev_indicator in hostname for dev_indicator in ["local", "dev", "laptop", "desktop"]):
+ return "development"
+
+ # Check for staging indicators
+ if "staging" in hostname or "stage" in hostname:
+ return "staging"
+
+ # Default to development for safety (HTTPS not required in dev)
+ # Change this to "production" if you prefer secure-by-default
+ return "development"
+
+
+def is_development() -> bool:
+ """Check if running in development environment."""
+ return get_environment() == "development"
+
+
+def is_staging() -> bool:
+ """Check if running in staging environment."""
+ return get_environment() == "staging"
+
+
+def is_production() -> bool:
+ """Check if running in production environment."""
+ return get_environment() == "production"
+
+
+def should_use_secure_cookies() -> bool:
+ """
+ Determine if cookies should have secure flag (HTTPS only).
+
+ Returns:
+ bool: True if production or staging, False if development
+ """
+ return not is_development()
+
+
+# Cache the environment detection result
+_cached_environment: EnvironmentType | None = None
+
+
+def get_cached_environment() -> EnvironmentType:
+ """
+ Get environment with caching.
+
+ Environment is detected once and cached for performance.
+ Useful if you call this frequently.
+ """
+ global _cached_environment
+ if _cached_environment is None:
+ _cached_environment = get_environment()
+ return _cached_environment
diff --git a/app/exceptions/error_renderer.py b/app/exceptions/error_renderer.py
new file mode 100644
index 00000000..74608742
--- /dev/null
+++ b/app/exceptions/error_renderer.py
@@ -0,0 +1,347 @@
+# app/exceptions/error_renderer.py
+"""
+Error Page Renderer
+
+Renders context-aware error pages using Jinja2 templates.
+Handles fallback logic and context-specific customization.
+"""
+import logging
+from pathlib import Path
+from typing import Optional, Dict, Any
+
+from fastapi import Request
+from fastapi.responses import HTMLResponse
+from fastapi.templating import Jinja2Templates
+
+from middleware.context_middleware import RequestContext, get_request_context
+
+logger = logging.getLogger(__name__)
+
+
+class ErrorPageRenderer:
+ """Renders context-aware error pages using Jinja2 templates."""
+
+ # Map status codes to friendly names
+ STATUS_CODE_NAMES = {
+ 400: "Bad Request",
+ 401: "Unauthorized",
+ 403: "Forbidden",
+ 404: "Not Found",
+ 422: "Validation Error",
+ 429: "Too Many Requests",
+ 500: "Internal Server Error",
+ 502: "Bad Gateway",
+ 503: "Service Unavailable",
+ }
+
+ # Map status codes to user-friendly messages
+ STATUS_CODE_MESSAGES = {
+ 400: "The request could not be processed due to invalid data.",
+ 401: "You need to be authenticated to access this resource.",
+ 403: "You don't have permission to access this resource.",
+ 404: "The page you're looking for doesn't exist or has been moved.",
+ 422: "The submitted data contains validation errors.",
+ 429: "Too many requests. Please slow down and try again later.",
+ 500: "Something went wrong on our end. We're working to fix it.",
+ 502: "Unable to reach the service. Please try again later.",
+ 503: "The service is temporarily unavailable. Please try again later.",
+ }
+
+ @staticmethod
+ def get_templates_dir() -> Path:
+ """Get the templates directory path."""
+ # Assuming templates are in app/templates/
+ base_dir = Path(__file__).resolve().parent.parent
+ return base_dir / "templates"
+
+ @staticmethod
+ def render_error_page(
+ request: Request,
+ status_code: int,
+ error_code: str,
+ message: str,
+ details: Optional[Dict[str, Any]] = None,
+ show_debug: bool = False,
+ ) -> HTMLResponse:
+ """
+ Render appropriate error page based on request context.
+
+ Template Selection Priority:
+ 1. Context-specific error page: {context}/errors/{status_code}.html
+ 2. Context-specific generic: {context}/errors/generic.html
+ 3. Fallback error page: fallback/{status_code}.html
+ 4. Fallback generic: fallback/generic.html
+
+ Args:
+ request: FastAPI request object
+ status_code: HTTP status code
+ error_code: Application error code
+ message: Error message
+ details: Additional error details
+ show_debug: Whether to show debug information
+
+ Returns:
+ HTMLResponse with rendered error page
+ """
+ # Get request context
+ context_type = get_request_context(request)
+
+ # Prepare template data
+ template_data = ErrorPageRenderer._prepare_template_data(
+ request=request,
+ context_type=context_type,
+ status_code=status_code,
+ error_code=error_code,
+ message=message,
+ details=details,
+ show_debug=show_debug,
+ )
+
+ # Find and render template
+ templates_dir = ErrorPageRenderer.get_templates_dir()
+ templates = Jinja2Templates(directory=str(templates_dir))
+
+ # Try to find appropriate template
+ template_path = ErrorPageRenderer._find_template(
+ context_type=context_type,
+ status_code=status_code,
+ )
+
+ logger.info(
+ f"Rendering error page: {template_path} for {status_code} in {context_type.value} context",
+ extra={
+ "status_code": status_code,
+ "error_code": error_code,
+ "context": context_type.value,
+ "template": template_path,
+ }
+ )
+
+ try:
+ # Render template
+ return templates.TemplateResponse(
+ template_path,
+ {
+ "request": request,
+ **template_data,
+ },
+ status_code=status_code,
+ )
+ except Exception as e:
+ logger.error(
+ f"Failed to render error template {template_path}: {e}",
+ exc_info=True
+ )
+ # Return basic HTML as absolute fallback
+ return ErrorPageRenderer._render_basic_html_fallback(
+ status_code=status_code,
+ error_code=error_code,
+ message=message,
+ )
+
+ @staticmethod
+ def _find_template(
+ context_type: RequestContext,
+ status_code: int,
+ ) -> str:
+ """
+ Find appropriate error template based on context and status code.
+
+ Priority:
+ 1. {context}/errors/{status_code}.html
+ 2. {context}/errors/generic.html
+ 3. fallback/{status_code}.html
+ 4. fallback/generic.html
+ """
+ templates_dir = ErrorPageRenderer.get_templates_dir()
+
+ # Map context type to folder name
+ context_folders = {
+ RequestContext.ADMIN: "admin",
+ RequestContext.VENDOR_DASHBOARD: "vendor",
+ RequestContext.SHOP: "shop",
+ RequestContext.API: "fallback", # API shouldn't get here, but just in case
+ RequestContext.FALLBACK: "fallback",
+ }
+
+ context_folder = context_folders.get(context_type, "fallback")
+
+ # Try context-specific status code template
+ specific_template = f"{context_folder}/errors/{status_code}.html"
+ if (templates_dir / specific_template).exists():
+ return specific_template
+
+ # Try context-specific generic template
+ generic_template = f"{context_folder}/errors/generic.html"
+ if (templates_dir / generic_template).exists():
+ return generic_template
+
+ # Try fallback status code template
+ fallback_specific = f"fallback/{status_code}.html"
+ if (templates_dir / fallback_specific).exists():
+ return fallback_specific
+
+ # Use fallback generic template (must exist)
+ return "fallback/generic.html"
+
+ @staticmethod
+ def _prepare_template_data(
+ request: Request,
+ context_type: RequestContext,
+ status_code: int,
+ error_code: str,
+ message: str,
+ details: Optional[Dict[str, Any]],
+ show_debug: bool,
+ ) -> Dict[str, Any]:
+ """Prepare data dictionary for error template."""
+ # Get friendly status name
+ status_name = ErrorPageRenderer.STATUS_CODE_NAMES.get(
+ status_code, f"Error {status_code}"
+ )
+
+ # Get default user-friendly message
+ default_message = ErrorPageRenderer.STATUS_CODE_MESSAGES.get(
+ status_code, "An error occurred while processing your request."
+ )
+
+ # Use provided message or default
+ user_message = message if message else default_message
+
+ # Determine if we should show debug info
+ # Only show to admins (we can check user role if available)
+ display_debug = show_debug and ErrorPageRenderer._is_admin_user(request)
+
+ # Get context-specific data
+ context_data = ErrorPageRenderer._get_context_data(request, context_type)
+
+ return {
+ "status_code": status_code,
+ "status_name": status_name,
+ "error_code": error_code,
+ "message": user_message,
+ "details": details or {},
+ "show_debug": display_debug,
+ "context_type": context_type.value,
+ "path": request.url.path,
+ **context_data,
+ }
+
+ @staticmethod
+ def _get_context_data(request: Request, context_type: RequestContext) -> Dict[str, Any]:
+ """Get context-specific data for error templates."""
+ data = {}
+
+ # Add vendor information if available (for shop context)
+ if context_type == RequestContext.SHOP:
+ vendor = getattr(request.state, "vendor", None)
+ if vendor:
+ # Pass minimal vendor info for templates
+ data["vendor"] = {
+ "id": vendor.id,
+ "name": vendor.name,
+ "subdomain": vendor.subdomain,
+ "logo": getattr(vendor, "logo", None),
+ }
+
+ # Add theme information if available
+ theme = getattr(request.state, "theme", None)
+ if theme:
+ # Theme can be a dict or object, handle both
+ if isinstance(theme, dict):
+ data["theme"] = theme
+ else:
+ # If it's an object, convert to dict
+ data["theme"] = {
+ "colors": getattr(theme, "colors", {}),
+ "fonts": getattr(theme, "fonts", {}),
+ "branding": getattr(theme, "branding", {}),
+ "custom_css": getattr(theme, "custom_css", None),
+ }
+
+ return data
+
+ @staticmethod
+ def _is_admin_user(request: Request) -> bool:
+ """
+ Check if current user is an admin (for debug info display).
+
+ This is a placeholder - implement based on your auth system.
+ """
+ # TODO: Implement actual admin check based on JWT/session
+ # For now, check if we're in admin context
+ context_type = get_request_context(request)
+ return context_type == RequestContext.ADMIN
+
+ @staticmethod
+ def _render_basic_html_fallback(
+ status_code: int,
+ error_code: str,
+ message: str,
+ ) -> HTMLResponse:
+ """
+ Render a basic HTML error page as absolute fallback.
+
+ Used when template rendering fails.
+ """
+ html_content = f"""
+
+
+
+
+
+ {status_code} - Error
+
+
+
+
+
{status_code}
+
Error
+
{message}
+
Error Code: {error_code}
+
-
404
-
Page Not Found
-
Sorry, the page you're looking for doesn't exist or has been moved.
-
Go Home
-
Path: {request.url.path}
-
❌
+400
+Bad Request
+
+ The request could not be processed due to invalid data or malformed syntax.
+
+Error Code: {{ error_code }}
+
+
+
+{% if show_debug %}
+
+
🔧 Debug Information (Admin Only)
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
🔐
+401
+Authentication Required
+
+ You need to be authenticated to access this admin resource.
+
+Error Code: {{ error_code }}
+
+
+
+{% if show_debug %}
+
+
🔧 Debug Information (Admin Only)
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
🚫
+403
+Access Denied
+
+ You don't have permission to access this admin resource. If you believe this is an error, please contact your administrator.
+
+Error Code: {{ error_code }}
+
+
+
+{% if show_debug %}
+
+
🔧 Debug Information (Admin Only)
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
🔍
+404
+Page Not Found
+
+ The admin page you're looking for doesn't exist or has been moved.
+
+Error Code: {{ error_code }}
+
+
+
+{% if show_debug %}
+
+
🔧 Debug Information (Admin Only)
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
📋
+422
+Validation Error
+
+ The data you submitted contains errors. Please review and correct the highlighted fields.
+
+Error Code: {{ error_code }}
+
+{% if details and details.validation_errors %}
+
+
Validation Errors:
+
+ {% for error in details.validation_errors %}
+ -
+ {{ error.loc | join(' → ') }}:
+ {{ error.msg }}
+
+ {% endfor %}
+
+
+
🔧 Debug Information (Admin Only)
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
⏱️
+429
+Too Many Requests
+
+ You've made too many requests in a short period. Please slow down and try again in a moment.
+
+Error Code: {{ error_code }}
+
+{% if details and details.retry_after %}
+
+
+ Please wait {{ details.retry_after }} seconds before trying again.
+
+
+
🔧 Debug Information (Admin Only)
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
⚙️
+500
+Internal Server Error
+
+ Something went wrong on our end. Our team has been notified and is working to fix the issue.
+
+Error Code: {{ error_code }}
+
+
+
+{% if show_debug %}
+
+
🔧 Debug Information (Admin Only)
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
🔌
+502
+Bad Gateway
+
+ We're unable to reach the service right now. This is usually temporary. Please try again in a moment.
+
+Error Code: {{ error_code }}
+
+
+
+{% if show_debug %}
+
+
🔧 Debug Information (Admin Only)
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
+ {% block content %}
+
{% block icon %}⚠️{% endblock %}
+
{{ status_code }}
+
{{ status_name }}
+
{{ message }}
+
Error Code: {{ error_code }}
+
+
+
+ {% if show_debug %}
+
+
🔧 Debug Information (Admin Only)
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
+ {% endif %}
+
+ {% block extra_content %}{% endblock %}
+
+
+ {% endblock %}
+
⚠️
+{{ status_code }}
+{{ status_name }}
+{{ message }}
+Error Code: {{ error_code }}
+
+
+
+{% if show_debug %}
+
+
🔧 Debug Information (Admin Only)
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
+
404
+
Page Not Found
+
Sorry, the page you're looking for doesn't exist or has been moved.
+
Go Home
+
Path: {{ path }}
+
+
500
+
Internal Server Error
+
Something went wrong on our end. We're working to fix it.
+
+
Error Code: {{ error_code }}
+
+
{{ status_code }}
+
{{ status_name }}
+
{{ message }}
+
+
Error Code: {{ error_code }}
+
+{% endif %}
+
+❌
+400
+Invalid Request
+
+ The request couldn't be processed. This might be due to invalid information or a technical issue.
+
+
+
+
+
+
+{% if vendor %}
+
+ {{ vendor.name }}
+
+{% endif %}
+{% endblock %}
\ No newline at end of file
diff --git a/app/templates/shop/errors/401.html b/app/templates/shop/errors/401.html
new file mode 100644
index 00000000..c41fd63e
--- /dev/null
+++ b/app/templates/shop/errors/401.html
@@ -0,0 +1,33 @@
+{% extends "shop/errors/base.html" %}
+
+{% block icon %}🔐{% endblock %}
+
+{% block title %}401 - Authentication Required{% endblock %}
+
+{% block content %}
+{% if vendor and theme and theme.branding and theme.branding.logo %}
+
+{% endif %}
+
+🔐
+401
+Please Log In
+
+ You need to be logged in to access this page. Please sign in to continue shopping.
+
+
+
+
+
+
+{% if vendor %}
+
+ {{ vendor.name }}
+
+{% endif %}
+{% endblock %}
\ No newline at end of file
diff --git a/app/templates/shop/errors/403.html b/app/templates/shop/errors/403.html
new file mode 100644
index 00000000..362cdb8b
--- /dev/null
+++ b/app/templates/shop/errors/403.html
@@ -0,0 +1,33 @@
+{% extends "shop/errors/base.html" %}
+
+{% block icon %}🔒{% endblock %}
+
+{% block title %}403 - Access Restricted{% endblock %}
+
+{% block content %}
+{% if vendor and theme and theme.branding and theme.branding.logo %}
+
+{% endif %}
+
+🔒
+403
+Access Restricted
+
+ This page requires authentication or special permissions to access. Please log in to continue.
+
+
+
+
+
+
+{% if vendor %}
+
+ {{ vendor.name }}
+
+{% endif %}
+{% endblock %}
\ No newline at end of file
diff --git a/app/templates/shop/errors/404.html b/app/templates/shop/errors/404.html
new file mode 100644
index 00000000..c348c714
--- /dev/null
+++ b/app/templates/shop/errors/404.html
@@ -0,0 +1,33 @@
+{% extends "shop/errors/base.html" %}
+
+{% block icon %}🔍{% endblock %}
+
+{% block title %}404 - Page Not Found{% endblock %}
+
+{% block content %}
+{% if vendor and theme and theme.branding and theme.branding.logo %}
+
+{% endif %}
+
+🔍
+404
+Page Not Found
+
+ Sorry, we couldn't find the page you're looking for. The product or page may have been moved or is no longer available.
+
+
+
+
+
+ Can't find what you're looking for?
Contact us and we'll help you find it.
+
+ {{ vendor.name }}
+
+{% endif %}
+{% endblock %}
\ No newline at end of file
diff --git a/app/templates/shop/errors/422.html b/app/templates/shop/errors/422.html
new file mode 100644
index 00000000..ed6ca1a9
--- /dev/null
+++ b/app/templates/shop/errors/422.html
@@ -0,0 +1,46 @@
+{% extends "shop/errors/base.html" %}
+
+{% block icon %}📝{% endblock %}
+
+{% block title %}422 - Invalid Information{% endblock %}
+
+{% block content %}
+{% if vendor and theme and theme.branding and theme.branding.logo %}
+
+{% endif %}
+
+📝
+422
+Please Check Your Information
+
+ Some of the information you provided isn't valid. Please review the form and try again.
+
+
+{% if details and details.validation_errors %}
+
+
Please correct:
+
+ {% for error in details.validation_errors %}
+ -
+ • {{ error.msg }}
+
+ {% endfor %}
+
+
+ {{ vendor.name }}
+
+{% endif %}
+{% endblock %}
\ No newline at end of file
diff --git a/app/templates/shop/errors/429.html b/app/templates/shop/errors/429.html
new file mode 100644
index 00000000..29bf3476
--- /dev/null
+++ b/app/templates/shop/errors/429.html
@@ -0,0 +1,41 @@
+{% extends "shop/errors/base.html" %}
+
+{% block icon %}⏱️{% endblock %}
+
+{% block title %}429 - Please Slow Down{% endblock %}
+
+{% block content %}
+{% if vendor and theme and theme.branding and theme.branding.logo %}
+
+{% endif %}
+
+⏱️
+429
+Please Slow Down
+
+ You're browsing a bit too fast! Please wait a moment before continuing.
+
+
+{% if details and details.retry_after %}
+
+
+ Please wait {{ details.retry_after }} seconds
+
+
+ {{ vendor.name }}
+
+{% endif %}
+{% endblock %}
\ No newline at end of file
diff --git a/app/templates/shop/errors/500.html b/app/templates/shop/errors/500.html
new file mode 100644
index 00000000..103d564c
--- /dev/null
+++ b/app/templates/shop/errors/500.html
@@ -0,0 +1,33 @@
+{% extends "shop/errors/base.html" %}
+
+{% block icon %}😔{% endblock %}
+
+{% block title %}500 - Something Went Wrong{% endblock %}
+
+{% block content %}
+{% if vendor and theme and theme.branding and theme.branding.logo %}
+
+{% endif %}
+
+😔
+500
+Oops! Something Went Wrong
+
+ We're experiencing technical difficulties. Our team has been notified and is working to fix the issue. Please try again in a few moments.
+
+
+
+
+
+ Issue persisting?
Let us know and we'll help you out.
+
+ {{ vendor.name }}
+
+{% endif %}
+{% endblock %}
\ No newline at end of file
diff --git a/app/templates/shop/errors/502.html b/app/templates/shop/errors/502.html
new file mode 100644
index 00000000..32ec3401
--- /dev/null
+++ b/app/templates/shop/errors/502.html
@@ -0,0 +1,33 @@
+{% extends "shop/errors/base.html" %}
+
+{% block icon %}🔧{% endblock %}
+
+{% block title %}502 - Service Temporarily Unavailable{% endblock %}
+
+{% block content %}
+{% if vendor and theme and theme.branding and theme.branding.logo %}
+
+{% endif %}
+
+🔧
+502
+Temporarily Unavailable
+
+ We're having trouble connecting to our systems. This is usually temporary. Please try again in a few moments.
+
+
+
+
+
+
+{% if vendor %}
+
+ {{ vendor.name }}
+
+{% endif %}
+{% endblock %}
\ No newline at end of file
diff --git a/app/templates/shop/errors/base.html b/app/templates/shop/errors/base.html
new file mode 100644
index 00000000..a7ed76c8
--- /dev/null
+++ b/app/templates/shop/errors/base.html
@@ -0,0 +1,195 @@
+
+
+
+
+
+ {% block title %}{{ status_code }} - {{ status_name }}{% endblock %}{% if vendor %} | {{ vendor.name }}{% endif %}
+
+ {% if theme and theme.custom_css %}
+
+ {% endif %}
+
+
+
+ {% if vendor and theme and theme.branding and theme.branding.logo %}
+
+ {% endif %}
+
+ {% block content %}
+
{% block icon %}⚠️{% endblock %}
+
{{ status_code }}
+
{{ status_name }}
+
{{ message }}
+
+
+
+ {% block extra_content %}{% endblock %}
+
+
+
+ {% if vendor %}
+
+ {{ vendor.name }}
+
+ {% endif %}
+ {% endblock %}
+
⚠️
+{{ status_code }}
+{{ status_name }}
+{{ message }}
+
+
+
+
+
+{% if vendor %}
+
+ {{ vendor.name }}
+
+{% endif %}
+{% endblock %}
\ No newline at end of file
diff --git a/app/templates/vendor/errors/400.html b/app/templates/vendor/errors/400.html
new file mode 100644
index 00000000..63ed1e84
--- /dev/null
+++ b/app/templates/vendor/errors/400.html
@@ -0,0 +1,44 @@
+{% extends "vendor/errors/base.html" %}
+
+{% block icon %}❌{% endblock %}
+
+{% block title %}400 - Bad Request{% endblock %}
+
+{% block content %}
+❌
+400
+Bad Request
+
+ The request could not be processed due to invalid data or malformed syntax.
+
+Error Code: {{ error_code }}
+
+
+
+{% if show_debug %}
+
+
🔧 Debug Information
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
🔐
+401
+Authentication Required
+
+ You need to be authenticated to access this vendor resource.
+
+Error Code: {{ error_code }}
+
+
+
+{% if show_debug %}
+
+
🔧 Debug Information
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
🚫
+403
+Access Denied
+
+ You don't have permission to access this vendor resource. Please check with your shop owner or manager.
+
+Error Code: {{ error_code }}
+
+
+
+{% if show_debug %}
+
+
🔧 Debug Information
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
🔍
+404
+Page Not Found
+
+ The vendor dashboard page you're looking for doesn't exist or has been moved.
+
+Error Code: {{ error_code }}
+
+
+
+{% if show_debug %}
+
+
🔧 Debug Information
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
📋
+422
+Validation Error
+
+ The data you submitted contains errors. Please review and correct the highlighted fields.
+
+Error Code: {{ error_code }}
+
+{% if details and details.validation_errors %}
+
+
Validation Errors:
+
+ {% for error in details.validation_errors %}
+ -
+ {{ error.loc | join(' → ') }}:
+ {{ error.msg }}
+
+ {% endfor %}
+
+
+
🔧 Debug Information
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
⏱️
+429
+Too Many Requests
+
+ You've made too many requests in a short period. Please slow down and try again in a moment.
+
+Error Code: {{ error_code }}
+
+{% if details and details.retry_after %}
+
+
+ Please wait {{ details.retry_after }} seconds before trying again.
+
+
+
🔧 Debug Information
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
⚙️
+500
+Internal Server Error
+
+ Something went wrong on our end. Our team has been notified and is working to fix the issue.
+
+Error Code: {{ error_code }}
+
+
+
+{% if show_debug %}
+
+
🔧 Debug Information
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
🔌
+502
+Bad Gateway
+
+ We're unable to reach the service right now. This is usually temporary. Please try again in a moment.
+
+Error Code: {{ error_code }}
+
+
+
+{% if show_debug %}
+
+
🔧 Debug Information
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
+ {% block content %}
+
{% block icon %}⚠️{% endblock %}
+
{{ status_code }}
+
{{ status_name }}
+
{{ message }}
+
Error Code: {{ error_code }}
+
+
+
+ {% if show_debug %}
+
+
🔧 Debug Information
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
+ {% endif %}
+
+ {% block extra_content %}{% endblock %}
+
+
+ {% endblock %}
+
⚠️
+{{ status_code }}
+{{ status_name }}
+{{ message }}
+Error Code: {{ error_code }}
+
+
+
+{% if show_debug %}
+
+
🔧 Debug Information
+
+ Path:
+ {{ path }}
+
+
+ Error Code:
+ {{ error_code }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+
Loading...
│ │
-│ │ │
-│
← Reactive binding │ │
-│
+
404
+
The admin page you're looking for doesn't exist.
+
Go to Dashboard
+
+ {% block content %}
+
+ {% endblock %}
+
+
+
+```
+
+### Specific Error Template Pattern
+
+```html
+
+{% extends "admin/errors/base.html" %}
+
+{% block icon %}🔍{% endblock %}
+{% block title %}404 - Page Not Found{% endblock %}
+
+{% block content %}
+🔍
+404
+Page Not Found
+
+ The admin page you're looking for doesn't exist or has been moved.
+
+Error Code: {{ error_code }}
+
+
+
+{% if show_debug %}
+
+
+
+{% endif %}
+{% endblock %}
+```
+
+### Context-Specific Considerations
+
+#### Admin Error Pages
+
+**Purpose:** Error pages for platform administrators
+
+**Characteristics:**
+- Professional platform branding
+- Links to admin dashboard
+- Full debug information when appropriate
+- Support contact link
+
+**Action Buttons:**
+- Primary: "Go to Dashboard" → `/admin/dashboard`
+- Secondary: "Go Back" → `javascript:history.back()`
+
+#### Vendor Error Pages
+
+**Purpose:** Error pages for vendor dashboard users
+
+**Characteristics:**
+- Professional vendor management branding
+- Links to vendor dashboard
+- Debug information for vendor admins
+- Vendor support contact link
+
+**Action Buttons:**
+- Primary: "Go to Dashboard" → `/vendor/dashboard`
+- Secondary: "Go Back" → `javascript:history.back()`
+
+#### Shop Error Pages
+
+**Purpose:** Error pages for customers on vendor storefronts
+
+**Characteristics:**
+- **Uses vendor theme** (colors, logo, fonts)
+- Customer-friendly language
+- No technical jargon
+- Links to shop homepage
+- Customer support contact
+
+**Action Buttons:**
+- Primary: "Continue Shopping" → Shop homepage
+- Secondary: "Contact Support" → Vendor support page
+
+**Theme Integration:**
+```html
+
+
+```
+
+---
+
+## Implementation Status
+
+### Phase 1: Admin Error Handling ✅ COMPLETE
+
+**Status:** Fully implemented and ready for use
+
+**Components:**
+- ✅ Context detection middleware
+- ✅ Error page renderer
+- ✅ Refactored exception handler
+- ✅ Admin error templates (11 files)
+- ✅ Fallback templates (3 files)
+
+**Error Codes Implemented:**
+- ✅ 400 (Bad Request)
+- ✅ 401 (Unauthorized)
+- ✅ 403 (Forbidden)
+- ✅ 404 (Not Found)
+- ✅ 422 (Validation Error)
+- ✅ 429 (Rate Limit)
+- ✅ 500 (Internal Server Error)
+- ✅ 502 (Bad Gateway)
+- ✅ Generic (Catch-all)
+
+### Phase 2: Vendor Error Handling ⏳ PENDING
+
+**Status:** Not yet implemented
+
+**Required Tasks:**
+1. Create `/app/templates/vendor/errors/` directory
+2. Copy admin templates as starting point
+3. Customize messaging for vendor context:
+ - Change "Admin Portal" to "Vendor Portal"
+ - Update dashboard links to `/vendor/dashboard`
+ - Adjust support links to vendor support
+4. Update action button destinations
+5. Test all error codes in vendor context
+
+**Estimated Effort:** 1-2 hours
+
+**Priority:** Medium (vendors currently see fallback pages)
+
+### Phase 3: Shop Error Handling ⏳ PENDING
+
+**Status:** Not yet implemented
+
+**Required Tasks:**
+1. Create `/app/templates/shop/errors/` directory
+2. Create customer-facing error templates:
+ - Use customer-friendly language
+ - Integrate vendor theme variables
+ - Add vendor logo/branding
+3. Update ErrorPageRenderer to pass theme data
+4. Implement theme integration:
+ ```python
+ if context_type == RequestContext.SHOP:
+ template_data["theme"] = request.state.theme
+ template_data["vendor"] = request.state.vendor
+ ```
+5. Test with multiple vendor themes
+6. Test on custom domains
+
+**Estimated Effort:** 2-3 hours
+
+**Priority:** High (customers currently see non-branded fallback pages)
+
+**Dependencies:** Requires vendor theme system (already exists)
+
+---
+
+## Developer Guidelines
+
+### When to Throw Exceptions
+
+**Use Custom Exceptions:**
+```python
+from app.exceptions import VendorNotFoundException
+
+# Good - Specific exception
+raise VendorNotFoundException(vendor_id="123")
+
+# Avoid - Generic exception with less context
+raise HTTPException(status_code=404, detail="Vendor not found")
+```
+
+**Exception Selection Guide:**
+
+| Scenario | Exception | Status Code |
+|----------|-----------|-------------|
+| Resource not found | `{Resource}NotFoundException` | 404 |
+| Validation failed | `ValidationException` | 422 |
+| Unauthorized | `AuthenticationException` | 401 |
+| Forbidden | `AuthorizationException` | 403 |
+| Business rule violated | `BusinessLogicException` | 400 |
+| External service failed | `ExternalServiceException` | 502 |
+| Rate limit exceeded | `RateLimitException` | 429 |
+
+### Creating Custom Exceptions
+
+Follow this pattern:
+
+```python
+# app/exceptions/my_domain.py
+from .base import ResourceNotFoundException
+
+class MyResourceNotFoundException(ResourceNotFoundException):
+ """Raised when MyResource is not found."""
+
+ def __init__(self, resource_id: str):
+ super().__init__(
+ resource_type="MyResource",
+ identifier=resource_id,
+ message=f"MyResource with ID '{resource_id}' not found",
+ error_code="MY_RESOURCE_NOT_FOUND",
+ )
+```
+
+Then register in `app/exceptions/__init__.py`:
+
+```python
+from .my_domain import MyResourceNotFoundException
+
+__all__ = [
+ # ... existing exports
+ "MyResourceNotFoundException",
+]
+```
+
+### Error Messages Best Practices
+
+**User-Facing Messages:**
+- Clear and concise
+- Avoid technical jargon
+- Suggest next actions
+- Never expose sensitive information
+
+```python
+# Good
+message="The product you're looking for is currently unavailable."
+
+# Bad
+message="SELECT * FROM products WHERE id=123 returned 0 rows"
+```
+
+**Error Codes:**
+- Use UPPER_SNAKE_CASE
+- Be descriptive but concise
+- Follow existing patterns
+
+```python
+# Good
+error_code="PRODUCT_OUT_OF_STOCK"
+error_code="PAYMENT_PROCESSING_FAILED"
+
+# Bad
+error_code="error1"
+error_code="ProductOutOfStockException"
+```
+
+### Details Dictionary
+
+Use the `details` dictionary for additional context:
+
+```python
+raise VendorNotFoundException(
+ vendor_id="123"
+)
+# Results in:
+# details = {"vendor_id": "123", "resource_type": "Vendor"}
+
+# For validation errors:
+raise ValidationException(
+ message="Invalid email format",
+ field="email",
+ details={
+ "provided_value": user_input,
+ "expected_format": "user@example.com"
+ }
+)
+```
+
+**What to Include in Details:**
+- ✅ Resource identifiers
+- ✅ Validation error specifics
+- ✅ Operation context
+- ✅ Non-sensitive debugging info
+- ❌ Passwords or secrets
+- ❌ Internal system paths
+- ❌ Database queries
+- ❌ Stack traces (use show_debug instead)
+
+---
+
+## Adding New Error Pages
+
+### Step 1: Identify Context
+
+Determine which context needs the new error page:
+- Admin Portal → `admin/errors/`
+- Vendor Dashboard → `vendor/errors/`
+- Customer Shop → `shop/errors/`
+
+### Step 2: Choose Template Type
+
+**Specific Error Code Template:**
+- For common HTTP status codes (400, 403, 404, 500, etc.)
+- File name: `{status_code}.html`
+
+**Generic Catch-All Template:**
+- For less common or custom error codes
+- File name: `generic.html`
+- Uses variables to display appropriate content
+
+### Step 3: Create Template
+
+**Option A: Extend Base Template** (Recommended)
+
+```html
+
+{% extends "admin/errors/base.html" %}
+
+{% block icon %}🔧{% endblock %}
+{% block title %}503 - Service Unavailable{% endblock %}
+
+{% block content %}
+🔧
+503
+Service Unavailable
+
+ The service is temporarily unavailable. We're working to restore it.
+
+Error Code: {{ error_code }}
+
+
+
+{% if show_debug %}
+
+
🔧 Debug Information (Admin Only)
+
+ Path:
+ {{ path }}
+
+ {% if details %}
+
+
Details:
+
{{ details | tojson(indent=2) }}
+
+ {% endif %}
+