auto(agent): Improved error handling and input validation in addresses.js

2026-03-06 17:44:32 +00:00 · 2026-03-06 17:44:32 +00:00 · 4ee009a730
commit 4ee009a730
parent cd7fa3bac2
1 changed files with 116 additions and 73 deletions
--- a/backend/src/routes/addresses.js
+++ b/backend/src/routes/addresses.js
@ -9,9 +9,26 @@ const router = Router();

 const hashCode = (code) => createHash('sha256').update(code).digest('hex');

+// Schema for change request validation
+const changeRequestSchema = z.object({
+  newAddress: z.string().min(10).max(500)
+});
+
+// Schema for verification request validation
+const verifyRequestSchema = z.object({
+  requestId: z.number().int().positive(),
+  code: z.string().regex(/^\d{6}$/)
+});
+
 router.post('/change-request', requireAuth, async (req, res) => {
-  const parsed = z.object({ newAddress: z.string().min(10).max(500) }).safeParse(req.body);
-  if (!parsed.success) return res.status(400).json({ error: parsed.error.flatten() });
+  try {
+    const parsed = changeRequestSchema.safeParse(req.body);
+    if (!parsed.success) {
+      return res.status(400).json({ 
+        error: 'Invalid input data',
+        details: parsed.error.flatten() 
+      });
+    }

    // Check if user already has an address
    try {
@ -21,11 +38,15 @@ router.post('/change-request', requireAuth, async (req, res) => {
      );

      if (existingRows.length === 0) {
-      return res.status(400).json({ error: 'User must have an existing address to request a change' });
+        return res.status(400).json({ 
+          error: 'User must have an existing address to request a change' 
+        });
      }
    } catch (err) {
      console.error('Error checking existing address:', err);
-    return res.status(500).json({ error: 'Internal server error' });
+      return res.status(500).json({ 
+        error: 'Internal server error while checking existing address' 
+      });
    }

    const verificationCode = String(randomInt(100000, 999999));
@ -46,13 +67,27 @@ router.post('/change-request', requireAuth, async (req, res) => {
      });
    } catch (err) {
      console.error('Error in address change request:', err);
-    return res.status(500).json({ error: 'Internal server error' });
+      return res.status(500).json({ 
+        error: 'Internal server error while processing address change request' 
+      });
+    }
+  } catch (err) {
+    console.error('Unexpected error in change-request route:', err);
+    return res.status(500).json({ 
+      error: 'Unexpected internal server error' 
+    });
  }
 });

 router.post('/verify', requireAuth, async (req, res) => {
-  const parsed = z.object({ requestId: z.number().int().positive(), code: z.string().regex(/^\d{6}$/) }).safeParse(req.body);
-  if (!parsed.success) return res.status(400).json({ error: parsed.error.flatten() });
+  try {
+    const parsed = verifyRequestSchema.safeParse(req.body);
+    if (!parsed.success) {
+      return res.status(400).json({ 
+        error: 'Invalid input data',
+        details: parsed.error.flatten() 
+      });
+    }

    const { requestId, code } = parsed.data;

@ -102,7 +137,15 @@ router.post('/verify', requireAuth, async (req, res) => {
      res.json({ status: 'verified' });
    } catch (err) {
      console.error('Error in address verification:', err);
-    return res.status(500).json({ error: 'Internal server error' });
+      return res.status(500).json({ 
+        error: 'Internal server error while verifying address' 
+      });
+    }
+  } catch (err) {
+    console.error('Unexpected error in verify route:', err);
+    return res.status(500).json({ 
+      error: 'Unexpected internal server error' 
+    });
  }
 });