From f2d3aac0294094ce4483f0490cf9c2a93482cdc9 Mon Sep 17 00:00:00 2001 From: jackiettran <41605212+jackiettran@users.noreply.github.com> Date: Wed, 26 Nov 2025 15:49:42 -0500 Subject: [PATCH] sanitized errors --- backend/routes/feedback.js | 4 +-- backend/routes/forum.js | 72 +++++++++++++++++++------------------- backend/routes/items.js | 36 +++++++++---------- backend/routes/messages.js | 28 +++++++-------- backend/routes/rentals.js | 24 ++++++------- backend/routes/stripe.js | 22 ++++++------ backend/routes/users.js | 43 +++++++++++------------ 7 files changed, 113 insertions(+), 116 deletions(-) diff --git a/backend/routes/feedback.js b/backend/routes/feedback.js index 5e35243..40086ae 100644 --- a/backend/routes/feedback.js +++ b/backend/routes/feedback.js @@ -7,7 +7,7 @@ const emailServices = require('../services/email'); const router = express.Router(); // Submit new feedback -router.post('/', authenticateToken, sanitizeInput, validateFeedback, async (req, res) => { +router.post('/', authenticateToken, sanitizeInput, validateFeedback, async (req, res, next) => { try { const { feedbackText, url } = req.body; @@ -59,7 +59,7 @@ router.post('/', authenticateToken, sanitizeInput, validateFeedback, async (req, stack: error.stack, userId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); diff --git a/backend/routes/forum.js b/backend/routes/forum.js index bae134d..bda1ebb 100644 --- a/backend/routes/forum.js +++ b/backend/routes/forum.js @@ -40,7 +40,7 @@ const buildCommentTree = (comments, isAdmin = false) => { }; // GET /api/forum/posts - Browse all posts -router.get('/posts', optionalAuth, async (req, res) => { +router.get('/posts', optionalAuth, async (req, res, next) => { try { const { search, @@ -158,12 +158,12 @@ router.get('/posts', optionalAuth, async (req, res) => { stack: error.stack, query: req.query }); - res.status(500).json({ error: error.message }); + next(error); } }); // GET /api/forum/posts/:id - Get single post with all comments -router.get('/posts/:id', optionalAuth, async (req, res) => { +router.get('/posts/:id', optionalAuth, async (req, res, next) => { try { const post = await ForumPost.findByPk(req.params.id, { include: [ @@ -233,12 +233,12 @@ router.get('/posts/:id', optionalAuth, async (req, res) => { stack: error.stack, postId: req.params.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // POST /api/forum/posts - Create new post -router.post('/posts', authenticateToken, uploadForumPostImages, async (req, res) => { +router.post('/posts', authenticateToken, uploadForumPostImages, async (req, res, next) => { try { let { title, content, category, tags, zipCode, latitude: providedLat, longitude: providedLng } = req.body; @@ -481,12 +481,12 @@ router.post('/posts', authenticateToken, uploadForumPostImages, async (req, res) authorId: req.user.id, postData: logger.sanitize(req.body) }); - res.status(500).json({ error: error.message }); + next(error); } }); // PUT /api/forum/posts/:id - Update post -router.put('/posts/:id', authenticateToken, async (req, res) => { +router.put('/posts/:id', authenticateToken, async (req, res, next) => { try { const post = await ForumPost.findByPk(req.params.id); @@ -549,12 +549,12 @@ router.put('/posts/:id', authenticateToken, async (req, res) => { postId: req.params.id, authorId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // DELETE /api/forum/posts/:id - Delete post -router.delete('/posts/:id', authenticateToken, async (req, res) => { +router.delete('/posts/:id', authenticateToken, async (req, res, next) => { try { const post = await ForumPost.findByPk(req.params.id); @@ -586,12 +586,12 @@ router.delete('/posts/:id', authenticateToken, async (req, res) => { postId: req.params.id, authorId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // PATCH /api/forum/posts/:id/status - Update post status -router.patch('/posts/:id/status', authenticateToken, async (req, res) => { +router.patch('/posts/:id/status', authenticateToken, async (req, res, next) => { try { const { status } = req.body; const post = await ForumPost.findByPk(req.params.id); @@ -734,12 +734,12 @@ router.patch('/posts/:id/status', authenticateToken, async (req, res) => { postId: req.params.id, authorId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // PATCH /api/forum/posts/:id/accept-answer - Mark/unmark comment as accepted answer -router.patch('/posts/:id/accept-answer', authenticateToken, async (req, res) => { +router.patch('/posts/:id/accept-answer', authenticateToken, async (req, res, next) => { try { const { commentId } = req.body; const post = await ForumPost.findByPk(req.params.id); @@ -908,12 +908,12 @@ router.patch('/posts/:id/accept-answer', authenticateToken, async (req, res) => postId: req.params.id, authorId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // POST /api/forum/posts/:id/comments - Add comment/reply -router.post('/posts/:id/comments', authenticateToken, uploadForumCommentImages, async (req, res) => { +router.post('/posts/:id/comments', authenticateToken, uploadForumCommentImages, async (req, res, next) => { try { const { content, parentCommentId } = req.body; const post = await ForumPost.findByPk(req.params.id); @@ -1073,12 +1073,12 @@ router.post('/posts/:id/comments', authenticateToken, uploadForumCommentImages, postId: req.params.id, authorId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // PUT /api/forum/comments/:id - Edit comment -router.put('/comments/:id', authenticateToken, async (req, res) => { +router.put('/comments/:id', authenticateToken, async (req, res, next) => { try { const { content } = req.body; const comment = await ForumComment.findByPk(req.params.id); @@ -1122,12 +1122,12 @@ router.put('/comments/:id', authenticateToken, async (req, res) => { commentId: req.params.id, authorId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // DELETE /api/forum/comments/:id - Soft delete comment -router.delete('/comments/:id', authenticateToken, async (req, res) => { +router.delete('/comments/:id', authenticateToken, async (req, res, next) => { try { const comment = await ForumComment.findByPk(req.params.id); @@ -1164,12 +1164,12 @@ router.delete('/comments/:id', authenticateToken, async (req, res) => { commentId: req.params.id, authorId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // GET /api/forum/my-posts - Get user's posts -router.get('/my-posts', authenticateToken, async (req, res) => { +router.get('/my-posts', authenticateToken, async (req, res, next) => { try { const posts = await ForumPost.findAll({ where: { authorId: req.user.id }, @@ -1202,12 +1202,12 @@ router.get('/my-posts', authenticateToken, async (req, res) => { stack: error.stack, userId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // GET /api/forum/tags - Get all unique tags for autocomplete -router.get('/tags', async (req, res) => { +router.get('/tags', async (req, res, next) => { try { const { search } = req.query; @@ -1241,14 +1241,14 @@ router.get('/tags', async (req, res) => { stack: error.stack, query: req.query }); - res.status(500).json({ error: error.message }); + next(error); } }); // ============ ADMIN ROUTES ============ // DELETE /api/forum/admin/posts/:id - Admin soft-delete post -router.delete('/admin/posts/:id', authenticateToken, requireAdmin, async (req, res) => { +router.delete('/admin/posts/:id', authenticateToken, requireAdmin, async (req, res, next) => { try { const { reason } = req.body; @@ -1321,12 +1321,12 @@ router.delete('/admin/posts/:id', authenticateToken, requireAdmin, async (req, r postId: req.params.id, adminId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // PATCH /api/forum/admin/posts/:id/restore - Admin restore deleted post -router.patch('/admin/posts/:id/restore', authenticateToken, requireAdmin, async (req, res) => { +router.patch('/admin/posts/:id/restore', authenticateToken, requireAdmin, async (req, res, next) => { try { const post = await ForumPost.findByPk(req.params.id); @@ -1362,12 +1362,12 @@ router.patch('/admin/posts/:id/restore', authenticateToken, requireAdmin, async postId: req.params.id, adminId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // DELETE /api/forum/admin/comments/:id - Admin soft-delete comment -router.delete('/admin/comments/:id', authenticateToken, requireAdmin, async (req, res) => { +router.delete('/admin/comments/:id', authenticateToken, requireAdmin, async (req, res, next) => { try { const { reason } = req.body; @@ -1449,12 +1449,12 @@ router.delete('/admin/comments/:id', authenticateToken, requireAdmin, async (req commentId: req.params.id, adminId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // PATCH /api/forum/admin/comments/:id/restore - Admin restore deleted comment -router.patch('/admin/comments/:id/restore', authenticateToken, requireAdmin, async (req, res) => { +router.patch('/admin/comments/:id/restore', authenticateToken, requireAdmin, async (req, res, next) => { try { const comment = await ForumComment.findByPk(req.params.id); @@ -1500,12 +1500,12 @@ router.patch('/admin/comments/:id/restore', authenticateToken, requireAdmin, asy commentId: req.params.id, adminId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // PATCH /api/forum/admin/posts/:id/close - Admin close discussion -router.patch('/admin/posts/:id/close', authenticateToken, requireAdmin, async (req, res) => { +router.patch('/admin/posts/:id/close', authenticateToken, requireAdmin, async (req, res, next) => { try { const post = await ForumPost.findByPk(req.params.id, { include: [ @@ -1615,12 +1615,12 @@ router.patch('/admin/posts/:id/close', authenticateToken, requireAdmin, async (r postId: req.params.id, adminId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // PATCH /api/forum/admin/posts/:id/reopen - Admin reopen discussion -router.patch('/admin/posts/:id/reopen', authenticateToken, requireAdmin, async (req, res) => { +router.patch('/admin/posts/:id/reopen', authenticateToken, requireAdmin, async (req, res, next) => { try { const post = await ForumPost.findByPk(req.params.id); @@ -1655,7 +1655,7 @@ router.patch('/admin/posts/:id/reopen', authenticateToken, requireAdmin, async ( postId: req.params.id, adminId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); diff --git a/backend/routes/items.js b/backend/routes/items.js index 8e49247..432dcc9 100644 --- a/backend/routes/items.js +++ b/backend/routes/items.js @@ -5,7 +5,7 @@ const { authenticateToken, requireVerifiedEmail, requireAdmin, optionalAuth } = const logger = require("../utils/logger"); const router = express.Router(); -router.get("/", async (req, res) => { +router.get("/", async (req, res, next) => { try { const { minPrice, @@ -84,11 +84,11 @@ router.get("/", async (req, res) => { stack: error.stack, query: req.query }); - res.status(500).json({ error: error.message }); + next(error); } }); -router.get("/recommendations", authenticateToken, async (req, res) => { +router.get("/recommendations", authenticateToken, async (req, res, next) => { try { const userRentals = await Rental.findAll({ where: { renterId: req.user.id }, @@ -119,12 +119,12 @@ router.get("/recommendations", authenticateToken, async (req, res) => { stack: error.stack, userId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // Public endpoint to get reviews for a specific item (must come before /:id route) -router.get('/:id/reviews', async (req, res) => { +router.get('/:id/reviews', async (req, res, next) => { try { const { Rental, User } = require('../models'); @@ -169,11 +169,11 @@ router.get('/:id/reviews', async (req, res) => { stack: error.stack, itemId: req.params.id }); - res.status(500).json({ error: error.message }); + next(error); } }); -router.get("/:id", optionalAuth, async (req, res) => { +router.get("/:id", optionalAuth, async (req, res, next) => { try { const item = await Item.findByPk(req.params.id, { include: [ @@ -226,11 +226,11 @@ router.get("/:id", optionalAuth, async (req, res) => { stack: error.stack, itemId: req.params.id }); - res.status(500).json({ error: error.message }); + next(error); } }); -router.post("/", authenticateToken, requireVerifiedEmail, async (req, res) => { +router.post("/", authenticateToken, requireVerifiedEmail, async (req, res, next) => { try { const item = await Item.create({ ...req.body, @@ -284,11 +284,11 @@ router.post("/", authenticateToken, requireVerifiedEmail, async (req, res) => { ownerId: req.user.id, itemData: logger.sanitize(req.body) }); - res.status(500).json({ error: error.message }); + next(error); } }); -router.put("/:id", authenticateToken, async (req, res) => { +router.put("/:id", authenticateToken, async (req, res, next) => { try { const item = await Item.findByPk(req.params.id); @@ -327,11 +327,11 @@ router.put("/:id", authenticateToken, async (req, res) => { itemId: req.params.id, ownerId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); -router.delete("/:id", authenticateToken, async (req, res) => { +router.delete("/:id", authenticateToken, async (req, res, next) => { try { const item = await Item.findByPk(req.params.id); @@ -360,12 +360,12 @@ router.delete("/:id", authenticateToken, async (req, res) => { itemId: req.params.id, ownerId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // Admin endpoints -router.delete("/admin/:id", authenticateToken, requireAdmin, async (req, res) => { +router.delete("/admin/:id", authenticateToken, requireAdmin, async (req, res, next) => { try { const { reason } = req.body; @@ -463,11 +463,11 @@ router.delete("/admin/:id", authenticateToken, requireAdmin, async (req, res) => itemId: req.params.id, adminId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); -router.patch("/admin/:id/restore", authenticateToken, requireAdmin, async (req, res) => { +router.patch("/admin/:id/restore", authenticateToken, requireAdmin, async (req, res, next) => { try { const item = await Item.findByPk(req.params.id); @@ -513,7 +513,7 @@ router.patch("/admin/:id/restore", authenticateToken, requireAdmin, async (req, itemId: req.params.id, adminId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); diff --git a/backend/routes/messages.js b/backend/routes/messages.js index 21fc7d4..5e2869e 100644 --- a/backend/routes/messages.js +++ b/backend/routes/messages.js @@ -12,7 +12,7 @@ const path = require('path'); const router = express.Router(); // Get all messages for the current user (inbox) -router.get('/', authenticateToken, async (req, res) => { +router.get('/', authenticateToken, async (req, res, next) => { try { const messages = await Message.findAll({ where: { receiverId: req.user.id }, @@ -40,12 +40,12 @@ router.get('/', authenticateToken, async (req, res) => { stack: error.stack, userId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // Get conversations grouped by user pairs -router.get('/conversations', authenticateToken, async (req, res) => { +router.get('/conversations', authenticateToken, async (req, res, next) => { try { const userId = req.user.id; @@ -134,12 +134,12 @@ router.get('/conversations', authenticateToken, async (req, res) => { stack: error.stack, userId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // Get sent messages -router.get('/sent', authenticateToken, async (req, res) => { +router.get('/sent', authenticateToken, async (req, res, next) => { try { const messages = await Message.findAll({ where: { senderId: req.user.id }, @@ -167,12 +167,12 @@ router.get('/sent', authenticateToken, async (req, res) => { stack: error.stack, userId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // Get a single message -router.get('/:id', authenticateToken, async (req, res) => { +router.get('/:id', authenticateToken, async (req, res, next) => { try { const message = await Message.findOne({ where: { @@ -232,12 +232,12 @@ router.get('/:id', authenticateToken, async (req, res) => { userId: req.user.id, messageId: req.params.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // Send a new message -router.post('/', authenticateToken, uploadMessageImage, async (req, res) => { +router.post('/', authenticateToken, uploadMessageImage, async (req, res, next) => { try { const { receiverId, content } = req.body; @@ -309,12 +309,12 @@ router.post('/', authenticateToken, uploadMessageImage, async (req, res) => { senderId: req.user.id, receiverId: req.body.receiverId }); - res.status(500).json({ error: error.message }); + next(error); } }); // Mark message as read -router.put('/:id/read', authenticateToken, async (req, res) => { +router.put('/:id/read', authenticateToken, async (req, res, next) => { try { const message = await Message.findOne({ where: { @@ -354,12 +354,12 @@ router.put('/:id/read', authenticateToken, async (req, res) => { userId: req.user.id, messageId: req.params.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // Get unread message count -router.get('/unread/count', authenticateToken, async (req, res) => { +router.get('/unread/count', authenticateToken, async (req, res, next) => { try { const count = await Message.count({ where: { @@ -381,7 +381,7 @@ router.get('/unread/count', authenticateToken, async (req, res) => { stack: error.stack, userId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); diff --git a/backend/routes/rentals.js b/backend/routes/rentals.js index ace90c6..523399a 100644 --- a/backend/routes/rentals.js +++ b/backend/routes/rentals.js @@ -932,7 +932,7 @@ router.post("/cost-preview", authenticateToken, async (req, res) => { }); // Get earnings status for owner's rentals -router.get("/earnings/status", authenticateToken, async (req, res) => { +router.get("/earnings/status", authenticateToken, async (req, res, next) => { try { const ownerRentals = await Rental.findAll({ where: { @@ -960,12 +960,12 @@ router.get("/earnings/status", authenticateToken, async (req, res) => { stack: error.stack, userId: req.user.id, }); - res.status(500).json({ error: error.message }); + next(error); } }); // Get refund preview (what would happen if cancelled now) -router.get("/:id/refund-preview", authenticateToken, async (req, res) => { +router.get("/:id/refund-preview", authenticateToken, async (req, res, next) => { try { const preview = await RefundService.getRefundPreview( req.params.id, @@ -980,12 +980,12 @@ router.get("/:id/refund-preview", authenticateToken, async (req, res) => { rentalId: req.params.id, userId: req.user.id, }); - res.status(400).json({ error: error.message }); + next(error); } }); // Get late fee preview -router.get("/:id/late-fee-preview", authenticateToken, async (req, res) => { +router.get("/:id/late-fee-preview", authenticateToken, async (req, res, next) => { try { const { actualReturnDateTime } = req.query; @@ -1020,12 +1020,12 @@ router.get("/:id/late-fee-preview", authenticateToken, async (req, res) => { rentalId: req.params.id, userId: req.user.id, }); - res.status(400).json({ error: error.message }); + next(error); } }); // Cancel rental with refund processing -router.post("/:id/cancel", authenticateToken, async (req, res) => { +router.post("/:id/cancel", authenticateToken, async (req, res, next) => { try { const { reason } = req.body; @@ -1092,12 +1092,12 @@ router.post("/:id/cancel", authenticateToken, async (req, res) => { rentalId: req.params.id, userId: req.user.id, }); - res.status(400).json({ error: error.message }); + next(error); } }); // Mark item return status (owner only) -router.post("/:id/mark-return", authenticateToken, async (req, res) => { +router.post("/:id/mark-return", authenticateToken, async (req, res, next) => { try { const { status, actualReturnDateTime, statusOptions } = req.body; const rentalId = req.params.id; @@ -1253,12 +1253,12 @@ router.post("/:id/mark-return", authenticateToken, async (req, res) => { userId: req.user.id, }); - res.status(400).json({ error: error.message }); + next(error); } }); // Report item as damaged (owner only) -router.post("/:id/report-damage", authenticateToken, async (req, res) => { +router.post("/:id/report-damage", authenticateToken, async (req, res, next) => { try { const rentalId = req.params.id; const userId = req.user.id; @@ -1290,7 +1290,7 @@ router.post("/:id/report-damage", authenticateToken, async (req, res) => { userId: req.user.id, }); - res.status(400).json({ error: error.message }); + next(error); } }); diff --git a/backend/routes/stripe.js b/backend/routes/stripe.js index 36b32ca..16723f4 100644 --- a/backend/routes/stripe.js +++ b/backend/routes/stripe.js @@ -6,7 +6,7 @@ const logger = require("../utils/logger"); const router = express.Router(); // Get checkout session status -router.get("/checkout-session/:sessionId", async (req, res) => { +router.get("/checkout-session/:sessionId", async (req, res, next) => { try { const { sessionId } = req.params; @@ -32,14 +32,14 @@ router.get("/checkout-session/:sessionId", async (req, res) => { reqLogger.error("Stripe checkout session retrieval failed", { error: error.message, stack: error.stack, - sessionId: sessionId, + sessionId: req.params.sessionId, }); - res.status(500).json({ error: error.message }); + next(error); } }); // Create connected account -router.post("/accounts", authenticateToken, requireVerifiedEmail, async (req, res) => { +router.post("/accounts", authenticateToken, requireVerifiedEmail, async (req, res, next) => { try { const user = await User.findByPk(req.user.id); @@ -82,12 +82,12 @@ router.post("/accounts", authenticateToken, requireVerifiedEmail, async (req, re stack: error.stack, userId: req.user.id, }); - res.status(500).json({ error: error.message }); + next(error); } }); // Generate onboarding link -router.post("/account-links", authenticateToken, requireVerifiedEmail, async (req, res) => { +router.post("/account-links", authenticateToken, requireVerifiedEmail, async (req, res, next) => { try { const user = await User.findByPk(req.user.id); @@ -128,12 +128,12 @@ router.post("/account-links", authenticateToken, requireVerifiedEmail, async (re userId: req.user.id, stripeConnectedAccountId: user?.stripeConnectedAccountId, }); - res.status(500).json({ error: error.message }); + next(error); } }); // Get account status -router.get("/account-status", authenticateToken, async (req, res) => { +router.get("/account-status", authenticateToken, async (req, res, next) => { try { const user = await User.findByPk(req.user.id); @@ -168,7 +168,7 @@ router.get("/account-status", authenticateToken, async (req, res) => { userId: req.user.id, stripeConnectedAccountId: user?.stripeConnectedAccountId, }); - res.status(500).json({ error: error.message }); + next(error); } }); @@ -177,7 +177,7 @@ router.post( "/create-setup-checkout-session", authenticateToken, requireVerifiedEmail, - async (req, res) => { + async (req, res, next) => { try { const { rentalData } = req.body; @@ -238,7 +238,7 @@ router.post( userId: req.user.id, stripeCustomerId: user?.stripeCustomerId, }); - res.status(500).json({ error: error.message }); + next(error); } } ); diff --git a/backend/routes/users.js b/backend/routes/users.js index 8d94da0..fb2fea4 100644 --- a/backend/routes/users.js +++ b/backend/routes/users.js @@ -8,7 +8,7 @@ const fs = require('fs').promises; const path = require('path'); const router = express.Router(); -router.get('/profile', authenticateToken, async (req, res) => { +router.get('/profile', authenticateToken, async (req, res, next) => { try { const user = await User.findByPk(req.user.id, { attributes: { exclude: ['password'] } @@ -27,12 +27,12 @@ router.get('/profile', authenticateToken, async (req, res) => { stack: error.stack, userId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); // Address routes (must come before /:id route) -router.get('/addresses', authenticateToken, async (req, res) => { +router.get('/addresses', authenticateToken, async (req, res, next) => { try { const addresses = await UserAddress.findAll({ where: { userId: req.user.id }, @@ -52,11 +52,11 @@ router.get('/addresses', authenticateToken, async (req, res) => { stack: error.stack, userId: req.user.id }); - res.status(500).json({ error: error.message }); + next(error); } }); -router.post('/addresses', authenticateToken, async (req, res) => { +router.post('/addresses', authenticateToken, async (req, res, next) => { try { const address = await userService.createUserAddress(req.user.id, req.body); @@ -69,11 +69,11 @@ router.post('/addresses', authenticateToken, async (req, res) => { userId: req.user.id, addressData: logger.sanitize(req.body) }); - res.status(500).json({ error: error.message }); + next(error); } }); -router.put('/addresses/:id', authenticateToken, async (req, res) => { +router.put('/addresses/:id', authenticateToken, async (req, res, next) => { try { const address = await userService.updateUserAddress(req.user.id, req.params.id, req.body); @@ -88,14 +88,14 @@ router.put('/addresses/:id', authenticateToken, async (req, res) => { }); if (error.message === 'Address not found') { - return res.status(404).json({ error: error.message }); + return res.status(404).json({ error: 'Address not found' }); } - res.status(500).json({ error: error.message }); + next(error); } }); -router.delete('/addresses/:id', authenticateToken, async (req, res) => { +router.delete('/addresses/:id', authenticateToken, async (req, res, next) => { try { await userService.deleteUserAddress(req.user.id, req.params.id); @@ -110,15 +110,15 @@ router.delete('/addresses/:id', authenticateToken, async (req, res) => { }); if (error.message === 'Address not found') { - return res.status(404).json({ error: error.message }); + return res.status(404).json({ error: 'Address not found' }); } - res.status(500).json({ error: error.message }); + next(error); } }); // User availability routes (must come before /:id route) -router.get('/availability', authenticateToken, async (req, res) => { +router.get('/availability', authenticateToken, async (req, res, next) => { try { const user = await User.findByPk(req.user.id, { attributes: ['defaultAvailableAfter', 'defaultAvailableBefore', 'defaultSpecifyTimesPerDay', 'defaultWeeklyTimes'] @@ -130,11 +130,11 @@ router.get('/availability', authenticateToken, async (req, res) => { weeklyTimes: user.defaultWeeklyTimes }); } catch (error) { - res.status(500).json({ error: error.message }); + next(error); } }); -router.put('/availability', authenticateToken, async (req, res) => { +router.put('/availability', authenticateToken, async (req, res, next) => { try { const { generalAvailableAfter, generalAvailableBefore, specifyTimesPerDay, weeklyTimes } = req.body; @@ -149,11 +149,11 @@ router.put('/availability', authenticateToken, async (req, res) => { res.json({ message: 'Availability updated successfully' }); } catch (error) { - res.status(500).json({ error: error.message }); + next(error); } }); -router.get('/:id', async (req, res) => { +router.get('/:id', async (req, res, next) => { try { const user = await User.findByPk(req.params.id, { attributes: { exclude: ['password', 'email', 'phone', 'address'] } @@ -176,11 +176,11 @@ router.get('/:id', async (req, res) => { stack: error.stack, requestedUserId: req.params.id }); - res.status(500).json({ error: error.message }); + next(error); } }); -router.put('/profile', authenticateToken, async (req, res) => { +router.put('/profile', authenticateToken, async (req, res, next) => { try { // Use UserService to handle update and email notification const updatedUser = await userService.updateProfile(req.user.id, req.body); @@ -188,10 +188,7 @@ router.put('/profile', authenticateToken, async (req, res) => { res.json(updatedUser); } catch (error) { console.error('Profile update error:', error); - res.status(500).json({ - error: error.message, - details: error.errors ? error.errors.map(e => ({ field: e.path, message: e.message })) : undefined - }); + next(error); } });