Jackie/rentall-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sanitized errors

Browse Source
This commit is contained in:
jackiettran
2025-11-26 15:49:42 -05:00
parent fab79e64ee
commit f2d3aac029
7 changed files with 113 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/routes/feedback.js
View File

@@ -7,7 +7,7 @@ const emailServices = require('../services/email');
const router = express.Router(); const router = express.Router();
// Submit new feedback // Submit new feedback
router.post('/', authenticateToken, sanitizeInput, validateFeedback, async (req, res) => { router.post('/', authenticateToken, sanitizeInput, validateFeedback, async (req, res, next) => {
try { try {
const { feedbackText, url } = req.body; const { feedbackText, url } = req.body;
@@ -59,7 +59,7 @@ router.post('/', authenticateToken, sanitizeInput, validateFeedback, async (req,
stack: error.stack, stack: error.stack,
userId: req.user.id userId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });

72
backend/routes/forum.js
View File

@@ -40,7 +40,7 @@ const buildCommentTree = (comments, isAdmin = false) => {
}; };
// GET /api/forum/posts - Browse all posts // GET /api/forum/posts - Browse all posts
router.get('/posts', optionalAuth, async (req, res) => { router.get('/posts', optionalAuth, async (req, res, next) => {
try { try {
const { const {
search, search,
@@ -158,12 +158,12 @@ router.get('/posts', optionalAuth, async (req, res) => {
stack: error.stack, stack: error.stack,
query: req.query query: req.query
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// GET /api/forum/posts/:id - Get single post with all comments // GET /api/forum/posts/:id - Get single post with all comments
router.get('/posts/:id', optionalAuth, async (req, res) => { router.get('/posts/:id', optionalAuth, async (req, res, next) => {
try { try {
const post = await ForumPost.findByPk(req.params.id, { const post = await ForumPost.findByPk(req.params.id, {
include: [ include: [
@@ -233,12 +233,12 @@ router.get('/posts/:id', optionalAuth, async (req, res) => {
stack: error.stack, stack: error.stack,
postId: req.params.id postId: req.params.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// POST /api/forum/posts - Create new post // POST /api/forum/posts - Create new post
router.post('/posts', authenticateToken, uploadForumPostImages, async (req, res) => { router.post('/posts', authenticateToken, uploadForumPostImages, async (req, res, next) => {
try { try {
let { title, content, category, tags, zipCode, latitude: providedLat, longitude: providedLng } = req.body; let { title, content, category, tags, zipCode, latitude: providedLat, longitude: providedLng } = req.body;
@@ -481,12 +481,12 @@ router.post('/posts', authenticateToken, uploadForumPostImages, async (req, res)
authorId: req.user.id, authorId: req.user.id,
postData: logger.sanitize(req.body) postData: logger.sanitize(req.body)
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// PUT /api/forum/posts/:id - Update post // PUT /api/forum/posts/:id - Update post
router.put('/posts/:id', authenticateToken, async (req, res) => { router.put('/posts/:id', authenticateToken, async (req, res, next) => {
try { try {
const post = await ForumPost.findByPk(req.params.id); const post = await ForumPost.findByPk(req.params.id);
@@ -549,12 +549,12 @@ router.put('/posts/:id', authenticateToken, async (req, res) => {
postId: req.params.id, postId: req.params.id,
authorId: req.user.id authorId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// DELETE /api/forum/posts/:id - Delete post // DELETE /api/forum/posts/:id - Delete post
router.delete('/posts/:id', authenticateToken, async (req, res) => { router.delete('/posts/:id', authenticateToken, async (req, res, next) => {
try { try {
const post = await ForumPost.findByPk(req.params.id); const post = await ForumPost.findByPk(req.params.id);
@@ -586,12 +586,12 @@ router.delete('/posts/:id', authenticateToken, async (req, res) => {
postId: req.params.id, postId: req.params.id,
authorId: req.user.id authorId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// PATCH /api/forum/posts/:id/status - Update post status // PATCH /api/forum/posts/:id/status - Update post status
router.patch('/posts/:id/status', authenticateToken, async (req, res) => { router.patch('/posts/:id/status', authenticateToken, async (req, res, next) => {
try { try {
const { status } = req.body; const { status } = req.body;
const post = await ForumPost.findByPk(req.params.id); const post = await ForumPost.findByPk(req.params.id);
@@ -734,12 +734,12 @@ router.patch('/posts/:id/status', authenticateToken, async (req, res) => {
postId: req.params.id, postId: req.params.id,
authorId: req.user.id authorId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// PATCH /api/forum/posts/:id/accept-answer - Mark/unmark comment as accepted answer // PATCH /api/forum/posts/:id/accept-answer - Mark/unmark comment as accepted answer
router.patch('/posts/:id/accept-answer', authenticateToken, async (req, res) => { router.patch('/posts/:id/accept-answer', authenticateToken, async (req, res, next) => {
try { try {
const { commentId } = req.body; const { commentId } = req.body;
const post = await ForumPost.findByPk(req.params.id); const post = await ForumPost.findByPk(req.params.id);
@@ -908,12 +908,12 @@ router.patch('/posts/:id/accept-answer', authenticateToken, async (req, res) =>
postId: req.params.id, postId: req.params.id,
authorId: req.user.id authorId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// POST /api/forum/posts/:id/comments - Add comment/reply // POST /api/forum/posts/:id/comments - Add comment/reply
router.post('/posts/:id/comments', authenticateToken, uploadForumCommentImages, async (req, res) => { router.post('/posts/:id/comments', authenticateToken, uploadForumCommentImages, async (req, res, next) => {
try { try {
const { content, parentCommentId } = req.body; const { content, parentCommentId } = req.body;
const post = await ForumPost.findByPk(req.params.id); const post = await ForumPost.findByPk(req.params.id);
@@ -1073,12 +1073,12 @@ router.post('/posts/:id/comments', authenticateToken, uploadForumCommentImages,
postId: req.params.id, postId: req.params.id,
authorId: req.user.id authorId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// PUT /api/forum/comments/:id - Edit comment // PUT /api/forum/comments/:id - Edit comment
router.put('/comments/:id', authenticateToken, async (req, res) => { router.put('/comments/:id', authenticateToken, async (req, res, next) => {
try { try {
const { content } = req.body; const { content } = req.body;
const comment = await ForumComment.findByPk(req.params.id); const comment = await ForumComment.findByPk(req.params.id);
@@ -1122,12 +1122,12 @@ router.put('/comments/:id', authenticateToken, async (req, res) => {
commentId: req.params.id, commentId: req.params.id,
authorId: req.user.id authorId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// DELETE /api/forum/comments/:id - Soft delete comment // DELETE /api/forum/comments/:id - Soft delete comment
router.delete('/comments/:id', authenticateToken, async (req, res) => { router.delete('/comments/:id', authenticateToken, async (req, res, next) => {
try { try {
const comment = await ForumComment.findByPk(req.params.id); const comment = await ForumComment.findByPk(req.params.id);
@@ -1164,12 +1164,12 @@ router.delete('/comments/:id', authenticateToken, async (req, res) => {
commentId: req.params.id, commentId: req.params.id,
authorId: req.user.id authorId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// GET /api/forum/my-posts - Get user's posts // GET /api/forum/my-posts - Get user's posts
router.get('/my-posts', authenticateToken, async (req, res) => { router.get('/my-posts', authenticateToken, async (req, res, next) => {
try { try {
const posts = await ForumPost.findAll({ const posts = await ForumPost.findAll({
where: { authorId: req.user.id }, where: { authorId: req.user.id },
@@ -1202,12 +1202,12 @@ router.get('/my-posts', authenticateToken, async (req, res) => {
stack: error.stack, stack: error.stack,
userId: req.user.id userId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// GET /api/forum/tags - Get all unique tags for autocomplete // GET /api/forum/tags - Get all unique tags for autocomplete
router.get('/tags', async (req, res) => { router.get('/tags', async (req, res, next) => {
try { try {
const { search } = req.query; const { search } = req.query;
@@ -1241,14 +1241,14 @@ router.get('/tags', async (req, res) => {
stack: error.stack, stack: error.stack,
query: req.query query: req.query
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// ============ ADMIN ROUTES ============ // ============ ADMIN ROUTES ============
// DELETE /api/forum/admin/posts/:id - Admin soft-delete post // DELETE /api/forum/admin/posts/:id - Admin soft-delete post
router.delete('/admin/posts/:id', authenticateToken, requireAdmin, async (req, res) => { router.delete('/admin/posts/:id', authenticateToken, requireAdmin, async (req, res, next) => {
try { try {
const { reason } = req.body; const { reason } = req.body;
@@ -1321,12 +1321,12 @@ router.delete('/admin/posts/:id', authenticateToken, requireAdmin, async (req, r
postId: req.params.id, postId: req.params.id,
adminId: req.user.id adminId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// PATCH /api/forum/admin/posts/:id/restore - Admin restore deleted post // PATCH /api/forum/admin/posts/:id/restore - Admin restore deleted post
router.patch('/admin/posts/:id/restore', authenticateToken, requireAdmin, async (req, res) => { router.patch('/admin/posts/:id/restore', authenticateToken, requireAdmin, async (req, res, next) => {
try { try {
const post = await ForumPost.findByPk(req.params.id); const post = await ForumPost.findByPk(req.params.id);
@@ -1362,12 +1362,12 @@ router.patch('/admin/posts/:id/restore', authenticateToken, requireAdmin, async
postId: req.params.id, postId: req.params.id,
adminId: req.user.id adminId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// DELETE /api/forum/admin/comments/:id - Admin soft-delete comment // DELETE /api/forum/admin/comments/:id - Admin soft-delete comment
router.delete('/admin/comments/:id', authenticateToken, requireAdmin, async (req, res) => { router.delete('/admin/comments/:id', authenticateToken, requireAdmin, async (req, res, next) => {
try { try {
const { reason } = req.body; const { reason } = req.body;
@@ -1449,12 +1449,12 @@ router.delete('/admin/comments/:id', authenticateToken, requireAdmin, async (req
commentId: req.params.id, commentId: req.params.id,
adminId: req.user.id adminId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// PATCH /api/forum/admin/comments/:id/restore - Admin restore deleted comment // PATCH /api/forum/admin/comments/:id/restore - Admin restore deleted comment
router.patch('/admin/comments/:id/restore', authenticateToken, requireAdmin, async (req, res) => { router.patch('/admin/comments/:id/restore', authenticateToken, requireAdmin, async (req, res, next) => {
try { try {
const comment = await ForumComment.findByPk(req.params.id); const comment = await ForumComment.findByPk(req.params.id);
@@ -1500,12 +1500,12 @@ router.patch('/admin/comments/:id/restore', authenticateToken, requireAdmin, asy
commentId: req.params.id, commentId: req.params.id,
adminId: req.user.id adminId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// PATCH /api/forum/admin/posts/:id/close - Admin close discussion // PATCH /api/forum/admin/posts/:id/close - Admin close discussion
router.patch('/admin/posts/:id/close', authenticateToken, requireAdmin, async (req, res) => { router.patch('/admin/posts/:id/close', authenticateToken, requireAdmin, async (req, res, next) => {
try { try {
const post = await ForumPost.findByPk(req.params.id, { const post = await ForumPost.findByPk(req.params.id, {
include: [ include: [
@@ -1615,12 +1615,12 @@ router.patch('/admin/posts/:id/close', authenticateToken, requireAdmin, async (r
postId: req.params.id, postId: req.params.id,
adminId: req.user.id adminId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// PATCH /api/forum/admin/posts/:id/reopen - Admin reopen discussion // PATCH /api/forum/admin/posts/:id/reopen - Admin reopen discussion
router.patch('/admin/posts/:id/reopen', authenticateToken, requireAdmin, async (req, res) => { router.patch('/admin/posts/:id/reopen', authenticateToken, requireAdmin, async (req, res, next) => {
try { try {
const post = await ForumPost.findByPk(req.params.id); const post = await ForumPost.findByPk(req.params.id);
@@ -1655,7 +1655,7 @@ router.patch('/admin/posts/:id/reopen', authenticateToken, requireAdmin, async (
postId: req.params.id, postId: req.params.id,
adminId: req.user.id adminId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });

36
backend/routes/items.js
View File

@@ -5,7 +5,7 @@ const { authenticateToken, requireVerifiedEmail, requireAdmin, optionalAuth } =
const logger = require("../utils/logger"); const logger = require("../utils/logger");
const router = express.Router(); const router = express.Router();
router.get("/", async (req, res) => { router.get("/", async (req, res, next) => {
try { try {
const { const {
minPrice, minPrice,
@@ -84,11 +84,11 @@ router.get("/", async (req, res) => {
stack: error.stack, stack: error.stack,
query: req.query query: req.query
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
router.get("/recommendations", authenticateToken, async (req, res) => { router.get("/recommendations", authenticateToken, async (req, res, next) => {
try { try {
const userRentals = await Rental.findAll({ const userRentals = await Rental.findAll({
where: { renterId: req.user.id }, where: { renterId: req.user.id },
@@ -119,12 +119,12 @@ router.get("/recommendations", authenticateToken, async (req, res) => {
stack: error.stack, stack: error.stack,
userId: req.user.id userId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// Public endpoint to get reviews for a specific item (must come before /:id route) // Public endpoint to get reviews for a specific item (must come before /:id route)
router.get('/:id/reviews', async (req, res) => { router.get('/:id/reviews', async (req, res, next) => {
try { try {
const { Rental, User } = require('../models'); const { Rental, User } = require('../models');
@@ -169,11 +169,11 @@ router.get('/:id/reviews', async (req, res) => {
stack: error.stack, stack: error.stack,
itemId: req.params.id itemId: req.params.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
router.get("/:id", optionalAuth, async (req, res) => { router.get("/:id", optionalAuth, async (req, res, next) => {
try { try {
const item = await Item.findByPk(req.params.id, { const item = await Item.findByPk(req.params.id, {
include: [ include: [
@@ -226,11 +226,11 @@ router.get("/:id", optionalAuth, async (req, res) => {
stack: error.stack, stack: error.stack,
itemId: req.params.id itemId: req.params.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
router.post("/", authenticateToken, requireVerifiedEmail, async (req, res) => { router.post("/", authenticateToken, requireVerifiedEmail, async (req, res, next) => {
try { try {
const item = await Item.create({ const item = await Item.create({
...req.body, ...req.body,
@@ -284,11 +284,11 @@ router.post("/", authenticateToken, requireVerifiedEmail, async (req, res) => {
ownerId: req.user.id, ownerId: req.user.id,
itemData: logger.sanitize(req.body) itemData: logger.sanitize(req.body)
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
router.put("/:id", authenticateToken, async (req, res) => { router.put("/:id", authenticateToken, async (req, res, next) => {
try { try {
const item = await Item.findByPk(req.params.id); const item = await Item.findByPk(req.params.id);
@@ -327,11 +327,11 @@ router.put("/:id", authenticateToken, async (req, res) => {
itemId: req.params.id, itemId: req.params.id,
ownerId: req.user.id ownerId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
router.delete("/:id", authenticateToken, async (req, res) => { router.delete("/:id", authenticateToken, async (req, res, next) => {
try { try {
const item = await Item.findByPk(req.params.id); const item = await Item.findByPk(req.params.id);
@@ -360,12 +360,12 @@ router.delete("/:id", authenticateToken, async (req, res) => {
itemId: req.params.id, itemId: req.params.id,
ownerId: req.user.id ownerId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// Admin endpoints // Admin endpoints
router.delete("/admin/:id", authenticateToken, requireAdmin, async (req, res) => { router.delete("/admin/:id", authenticateToken, requireAdmin, async (req, res, next) => {
try { try {
const { reason } = req.body; const { reason } = req.body;
@@ -463,11 +463,11 @@ router.delete("/admin/:id", authenticateToken, requireAdmin, async (req, res) =>
itemId: req.params.id, itemId: req.params.id,
adminId: req.user.id adminId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
router.patch("/admin/:id/restore", authenticateToken, requireAdmin, async (req, res) => { router.patch("/admin/:id/restore", authenticateToken, requireAdmin, async (req, res, next) => {
try { try {
const item = await Item.findByPk(req.params.id); const item = await Item.findByPk(req.params.id);
@@ -513,7 +513,7 @@ router.patch("/admin/:id/restore", authenticateToken, requireAdmin, async (req,
itemId: req.params.id, itemId: req.params.id,
adminId: req.user.id adminId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });

28
backend/routes/messages.js
View File

@@ -12,7 +12,7 @@ const path = require('path');
const router = express.Router(); const router = express.Router();
// Get all messages for the current user (inbox) // Get all messages for the current user (inbox)
router.get('/', authenticateToken, async (req, res) => { router.get('/', authenticateToken, async (req, res, next) => {
try { try {
const messages = await Message.findAll({ const messages = await Message.findAll({
where: { receiverId: req.user.id }, where: { receiverId: req.user.id },
@@ -40,12 +40,12 @@ router.get('/', authenticateToken, async (req, res) => {
stack: error.stack, stack: error.stack,
userId: req.user.id userId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// Get conversations grouped by user pairs // Get conversations grouped by user pairs
router.get('/conversations', authenticateToken, async (req, res) => { router.get('/conversations', authenticateToken, async (req, res, next) => {
try { try {
const userId = req.user.id; const userId = req.user.id;
@@ -134,12 +134,12 @@ router.get('/conversations', authenticateToken, async (req, res) => {
stack: error.stack, stack: error.stack,
userId: req.user.id userId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// Get sent messages // Get sent messages
router.get('/sent', authenticateToken, async (req, res) => { router.get('/sent', authenticateToken, async (req, res, next) => {
try { try {
const messages = await Message.findAll({ const messages = await Message.findAll({
where: { senderId: req.user.id }, where: { senderId: req.user.id },
@@ -167,12 +167,12 @@ router.get('/sent', authenticateToken, async (req, res) => {
stack: error.stack, stack: error.stack,
userId: req.user.id userId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// Get a single message // Get a single message
router.get('/:id', authenticateToken, async (req, res) => { router.get('/:id', authenticateToken, async (req, res, next) => {
try { try {
const message = await Message.findOne({ const message = await Message.findOne({
where: { where: {
@@ -232,12 +232,12 @@ router.get('/:id', authenticateToken, async (req, res) => {
userId: req.user.id, userId: req.user.id,
messageId: req.params.id messageId: req.params.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// Send a new message // Send a new message
router.post('/', authenticateToken, uploadMessageImage, async (req, res) => { router.post('/', authenticateToken, uploadMessageImage, async (req, res, next) => {
try { try {
const { receiverId, content } = req.body; const { receiverId, content } = req.body;
@@ -309,12 +309,12 @@ router.post('/', authenticateToken, uploadMessageImage, async (req, res) => {
senderId: req.user.id, senderId: req.user.id,
receiverId: req.body.receiverId receiverId: req.body.receiverId
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// Mark message as read // Mark message as read
router.put('/:id/read', authenticateToken, async (req, res) => { router.put('/:id/read', authenticateToken, async (req, res, next) => {
try { try {
const message = await Message.findOne({ const message = await Message.findOne({
where: { where: {
@@ -354,12 +354,12 @@ router.put('/:id/read', authenticateToken, async (req, res) => {
userId: req.user.id, userId: req.user.id,
messageId: req.params.id messageId: req.params.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// Get unread message count // Get unread message count
router.get('/unread/count', authenticateToken, async (req, res) => { router.get('/unread/count', authenticateToken, async (req, res, next) => {
try { try {
const count = await Message.count({ const count = await Message.count({
where: { where: {
@@ -381,7 +381,7 @@ router.get('/unread/count', authenticateToken, async (req, res) => {
stack: error.stack, stack: error.stack,
userId: req.user.id userId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });

24
backend/routes/rentals.js
View File

@@ -932,7 +932,7 @@ router.post("/cost-preview", authenticateToken, async (req, res) => {
}); });
// Get earnings status for owner's rentals // Get earnings status for owner's rentals
router.get("/earnings/status", authenticateToken, async (req, res) => { router.get("/earnings/status", authenticateToken, async (req, res, next) => {
try { try {
const ownerRentals = await Rental.findAll({ const ownerRentals = await Rental.findAll({
where: { where: {
@@ -960,12 +960,12 @@ router.get("/earnings/status", authenticateToken, async (req, res) => {
stack: error.stack, stack: error.stack,
userId: req.user.id, userId: req.user.id,
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// Get refund preview (what would happen if cancelled now) // Get refund preview (what would happen if cancelled now)
router.get("/:id/refund-preview", authenticateToken, async (req, res) => { router.get("/:id/refund-preview", authenticateToken, async (req, res, next) => {
try { try {
const preview = await RefundService.getRefundPreview( const preview = await RefundService.getRefundPreview(
req.params.id, req.params.id,
@@ -980,12 +980,12 @@ router.get("/:id/refund-preview", authenticateToken, async (req, res) => {
rentalId: req.params.id, rentalId: req.params.id,
userId: req.user.id, userId: req.user.id,
}); });
res.status(400).json({ error: error.message }); next(error);
} }
}); });
// Get late fee preview // Get late fee preview
router.get("/:id/late-fee-preview", authenticateToken, async (req, res) => { router.get("/:id/late-fee-preview", authenticateToken, async (req, res, next) => {
try { try {
const { actualReturnDateTime } = req.query; const { actualReturnDateTime } = req.query;
@@ -1020,12 +1020,12 @@ router.get("/:id/late-fee-preview", authenticateToken, async (req, res) => {
rentalId: req.params.id, rentalId: req.params.id,
userId: req.user.id, userId: req.user.id,
}); });
res.status(400).json({ error: error.message }); next(error);
} }
}); });
// Cancel rental with refund processing // Cancel rental with refund processing
router.post("/:id/cancel", authenticateToken, async (req, res) => { router.post("/:id/cancel", authenticateToken, async (req, res, next) => {
try { try {
const { reason } = req.body; const { reason } = req.body;
@@ -1092,12 +1092,12 @@ router.post("/:id/cancel", authenticateToken, async (req, res) => {
rentalId: req.params.id, rentalId: req.params.id,
userId: req.user.id, userId: req.user.id,
}); });
res.status(400).json({ error: error.message }); next(error);
} }
}); });
// Mark item return status (owner only) // Mark item return status (owner only)
router.post("/:id/mark-return", authenticateToken, async (req, res) => { router.post("/:id/mark-return", authenticateToken, async (req, res, next) => {
try { try {
const { status, actualReturnDateTime, statusOptions } = req.body; const { status, actualReturnDateTime, statusOptions } = req.body;
const rentalId = req.params.id; const rentalId = req.params.id;
@@ -1253,12 +1253,12 @@ router.post("/:id/mark-return", authenticateToken, async (req, res) => {
userId: req.user.id, userId: req.user.id,
}); });
res.status(400).json({ error: error.message }); next(error);
} }
}); });
// Report item as damaged (owner only) // Report item as damaged (owner only)
router.post("/:id/report-damage", authenticateToken, async (req, res) => { router.post("/:id/report-damage", authenticateToken, async (req, res, next) => {
try { try {
const rentalId = req.params.id; const rentalId = req.params.id;
const userId = req.user.id; const userId = req.user.id;
@@ -1290,7 +1290,7 @@ router.post("/:id/report-damage", authenticateToken, async (req, res) => {
userId: req.user.id, userId: req.user.id,
}); });
res.status(400).json({ error: error.message }); next(error);
} }
}); });

22
backend/routes/stripe.js
View File

@@ -6,7 +6,7 @@ const logger = require("../utils/logger");
const router = express.Router(); const router = express.Router();
// Get checkout session status // Get checkout session status
router.get("/checkout-session/:sessionId", async (req, res) => { router.get("/checkout-session/:sessionId", async (req, res, next) => {
try { try {
const { sessionId } = req.params; const { sessionId } = req.params;
@@ -32,14 +32,14 @@ router.get("/checkout-session/:sessionId", async (req, res) => {
reqLogger.error("Stripe checkout session retrieval failed", { reqLogger.error("Stripe checkout session retrieval failed", {
error: error.message, error: error.message,
stack: error.stack, stack: error.stack,
sessionId: sessionId, sessionId: req.params.sessionId,
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// Create connected account // Create connected account
router.post("/accounts", authenticateToken, requireVerifiedEmail, async (req, res) => { router.post("/accounts", authenticateToken, requireVerifiedEmail, async (req, res, next) => {
try { try {
const user = await User.findByPk(req.user.id); const user = await User.findByPk(req.user.id);
@@ -82,12 +82,12 @@ router.post("/accounts", authenticateToken, requireVerifiedEmail, async (req, re
stack: error.stack, stack: error.stack,
userId: req.user.id, userId: req.user.id,
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// Generate onboarding link // Generate onboarding link
router.post("/account-links", authenticateToken, requireVerifiedEmail, async (req, res) => { router.post("/account-links", authenticateToken, requireVerifiedEmail, async (req, res, next) => {
try { try {
const user = await User.findByPk(req.user.id); const user = await User.findByPk(req.user.id);
@@ -128,12 +128,12 @@ router.post("/account-links", authenticateToken, requireVerifiedEmail, async (re
userId: req.user.id, userId: req.user.id,
stripeConnectedAccountId: user?.stripeConnectedAccountId, stripeConnectedAccountId: user?.stripeConnectedAccountId,
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// Get account status // Get account status
router.get("/account-status", authenticateToken, async (req, res) => { router.get("/account-status", authenticateToken, async (req, res, next) => {
try { try {
const user = await User.findByPk(req.user.id); const user = await User.findByPk(req.user.id);
@@ -168,7 +168,7 @@ router.get("/account-status", authenticateToken, async (req, res) => {
userId: req.user.id, userId: req.user.id,
stripeConnectedAccountId: user?.stripeConnectedAccountId, stripeConnectedAccountId: user?.stripeConnectedAccountId,
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
@@ -177,7 +177,7 @@ router.post(
"/create-setup-checkout-session", "/create-setup-checkout-session",
authenticateToken, authenticateToken,
requireVerifiedEmail, requireVerifiedEmail,
async (req, res) => { async (req, res, next) => {
try { try {
const { rentalData } = req.body; const { rentalData } = req.body;
@@ -238,7 +238,7 @@ router.post(
userId: req.user.id, userId: req.user.id,
stripeCustomerId: user?.stripeCustomerId, stripeCustomerId: user?.stripeCustomerId,
}); });
res.status(500).json({ error: error.message }); next(error);
} }
} }
); );

43
backend/routes/users.js
View File

@@ -8,7 +8,7 @@ const fs = require('fs').promises;
const path = require('path'); const path = require('path');
const router = express.Router(); const router = express.Router();
router.get('/profile', authenticateToken, async (req, res) => { router.get('/profile', authenticateToken, async (req, res, next) => {
try { try {
const user = await User.findByPk(req.user.id, { const user = await User.findByPk(req.user.id, {
attributes: { exclude: ['password'] } attributes: { exclude: ['password'] }
@@ -27,12 +27,12 @@ router.get('/profile', authenticateToken, async (req, res) => {
stack: error.stack, stack: error.stack,
userId: req.user.id userId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// Address routes (must come before /:id route) // Address routes (must come before /:id route)
router.get('/addresses', authenticateToken, async (req, res) => { router.get('/addresses', authenticateToken, async (req, res, next) => {
try { try {
const addresses = await UserAddress.findAll({ const addresses = await UserAddress.findAll({
where: { userId: req.user.id }, where: { userId: req.user.id },
@@ -52,11 +52,11 @@ router.get('/addresses', authenticateToken, async (req, res) => {
stack: error.stack, stack: error.stack,
userId: req.user.id userId: req.user.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
router.post('/addresses', authenticateToken, async (req, res) => { router.post('/addresses', authenticateToken, async (req, res, next) => {
try { try {
const address = await userService.createUserAddress(req.user.id, req.body); const address = await userService.createUserAddress(req.user.id, req.body);
@@ -69,11 +69,11 @@ router.post('/addresses', authenticateToken, async (req, res) => {
userId: req.user.id, userId: req.user.id,
addressData: logger.sanitize(req.body) addressData: logger.sanitize(req.body)
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
router.put('/addresses/:id', authenticateToken, async (req, res) => { router.put('/addresses/:id', authenticateToken, async (req, res, next) => {
try { try {
const address = await userService.updateUserAddress(req.user.id, req.params.id, req.body); const address = await userService.updateUserAddress(req.user.id, req.params.id, req.body);
@@ -88,14 +88,14 @@ router.put('/addresses/:id', authenticateToken, async (req, res) => {
}); });
if (error.message === 'Address not found') { if (error.message === 'Address not found') {
return res.status(404).json({ error: error.message }); return res.status(404).json({ error: 'Address not found' });
} }
res.status(500).json({ error: error.message }); next(error);
} }
}); });
router.delete('/addresses/:id', authenticateToken, async (req, res) => { router.delete('/addresses/:id', authenticateToken, async (req, res, next) => {
try { try {
await userService.deleteUserAddress(req.user.id, req.params.id); await userService.deleteUserAddress(req.user.id, req.params.id);
@@ -110,15 +110,15 @@ router.delete('/addresses/:id', authenticateToken, async (req, res) => {
}); });
if (error.message === 'Address not found') { if (error.message === 'Address not found') {
return res.status(404).json({ error: error.message }); return res.status(404).json({ error: 'Address not found' });
} }
res.status(500).json({ error: error.message }); next(error);
} }
}); });
// User availability routes (must come before /:id route) // User availability routes (must come before /:id route)
router.get('/availability', authenticateToken, async (req, res) => { router.get('/availability', authenticateToken, async (req, res, next) => {
try { try {
const user = await User.findByPk(req.user.id, { const user = await User.findByPk(req.user.id, {
attributes: ['defaultAvailableAfter', 'defaultAvailableBefore', 'defaultSpecifyTimesPerDay', 'defaultWeeklyTimes'] attributes: ['defaultAvailableAfter', 'defaultAvailableBefore', 'defaultSpecifyTimesPerDay', 'defaultWeeklyTimes']
@@ -130,11 +130,11 @@ router.get('/availability', authenticateToken, async (req, res) => {
weeklyTimes: user.defaultWeeklyTimes weeklyTimes: user.defaultWeeklyTimes
}); });
} catch (error) { } catch (error) {
res.status(500).json({ error: error.message }); next(error);
} }
}); });
router.put('/availability', authenticateToken, async (req, res) => { router.put('/availability', authenticateToken, async (req, res, next) => {
try { try {
const { generalAvailableAfter, generalAvailableBefore, specifyTimesPerDay, weeklyTimes } = req.body; const { generalAvailableAfter, generalAvailableBefore, specifyTimesPerDay, weeklyTimes } = req.body;
@@ -149,11 +149,11 @@ router.put('/availability', authenticateToken, async (req, res) => {
res.json({ message: 'Availability updated successfully' }); res.json({ message: 'Availability updated successfully' });
} catch (error) { } catch (error) {
res.status(500).json({ error: error.message }); next(error);
} }
}); });
router.get('/:id', async (req, res) => { router.get('/:id', async (req, res, next) => {
try { try {
const user = await User.findByPk(req.params.id, { const user = await User.findByPk(req.params.id, {
attributes: { exclude: ['password', 'email', 'phone', 'address'] } attributes: { exclude: ['password', 'email', 'phone', 'address'] }
@@ -176,11 +176,11 @@ router.get('/:id', async (req, res) => {
stack: error.stack, stack: error.stack,
requestedUserId: req.params.id requestedUserId: req.params.id
}); });
res.status(500).json({ error: error.message }); next(error);
} }
}); });
router.put('/profile', authenticateToken, async (req, res) => { router.put('/profile', authenticateToken, async (req, res, next) => {
try { try {
// Use UserService to handle update and email notification // Use UserService to handle update and email notification
const updatedUser = await userService.updateProfile(req.user.id, req.body); const updatedUser = await userService.updateProfile(req.user.id, req.body);
@@ -188,10 +188,7 @@ router.put('/profile', authenticateToken, async (req, res) => {
res.json(updatedUser); res.json(updatedUser);
} catch (error) { } catch (error) {
console.error('Profile update error:', error); console.error('Profile update error:', error);
res.status(500).json({ next(error);
error: error.message,
details: error.errors ? error.errors.map(e => ({ field: e.path, message: e.message })) : undefined
});
} }
}); });