auto(agent): Added try/catch blocks, improved input validation with Zod and added proper error handling in contacts route
This commit is contained in:
OpenClaw
parent
00661fd99e
commit
b03b264c5e
1 changed files with 119 additions and 66 deletions
|
|
@ -6,6 +6,7 @@ import { requireAuth } from '../middleware/auth.js';
|
||||||
const router = Router();
|
const router = Router();
|
||||||
|
|
||||||
const getDealParticipants = async (dealId) => {
|
const getDealParticipants = async (dealId) => {
|
||||||
|
try {
|
||||||
const [rows] = await pool.query(
|
const [rows] = await pool.query(
|
||||||
`SELECT d.id, hr.requester_id, o.helper_id
|
`SELECT d.id, hr.requester_id, o.helper_id
|
||||||
FROM deals d
|
FROM deals d
|
||||||
|
|
@ -16,17 +17,31 @@ const getDealParticipants = async (dealId) => {
|
||||||
);
|
);
|
||||||
|
|
||||||
return rows[0] || null;
|
return rows[0] || null;
|
||||||
|
} catch (error) {
|
||||||
|
throw new Error('Database error while fetching deal participants');
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
router.post('/request', requireAuth, async (req, res) => {
|
router.post('/request', requireAuth, async (req, res) => {
|
||||||
const parsed = z.object({ dealId: z.number().int().positive(), targetUserId: z.number().int().positive() }).safeParse(req.body);
|
try {
|
||||||
if (!parsed.success) return res.status(400).json({ error: parsed.error.flatten() });
|
const parsed = z.object({
|
||||||
|
dealId: z.number().int().positive(),
|
||||||
|
targetUserId: z.number().int().positive()
|
||||||
|
}).safeParse(req.body);
|
||||||
|
|
||||||
|
if (!parsed.success) {
|
||||||
|
return res.status(400).json({ error: 'Invalid input data', details: parsed.error.flatten() });
|
||||||
|
}
|
||||||
|
|
||||||
const { dealId, targetUserId } = parsed.data;
|
const { dealId, targetUserId } = parsed.data;
|
||||||
const deal = await getDealParticipants(dealId);
|
const deal = await getDealParticipants(dealId);
|
||||||
if (!deal) return res.status(404).json({ error: 'Deal not found' });
|
|
||||||
|
if (!deal) {
|
||||||
|
return res.status(404).json({ error: 'Deal not found' });
|
||||||
|
}
|
||||||
|
|
||||||
const participants = [deal.requester_id, deal.helper_id];
|
const participants = [deal.requester_id, deal.helper_id];
|
||||||
|
|
||||||
if (!participants.includes(req.user.userId) || !participants.includes(targetUserId) || req.user.userId === targetUserId) {
|
if (!participants.includes(req.user.userId) || !participants.includes(targetUserId) || req.user.userId === targetUserId) {
|
||||||
return res.status(403).json({ error: 'Forbidden' });
|
return res.status(403).json({ error: 'Forbidden' });
|
||||||
}
|
}
|
||||||
|
|
@ -36,7 +51,10 @@ router.post('/request', requireAuth, async (req, res) => {
|
||||||
WHERE deal_id = ? AND requester_id = ? AND target_id = ? LIMIT 1`,
|
WHERE deal_id = ? AND requester_id = ? AND target_id = ? LIMIT 1`,
|
||||||
[dealId, req.user.userId, targetUserId]
|
[dealId, req.user.userId, targetUserId]
|
||||||
);
|
);
|
||||||
if (existing.length) return res.status(409).json({ error: 'Request already exists' });
|
|
||||||
|
if (existing.length) {
|
||||||
|
return res.status(409).json({ error: 'Request already exists' });
|
||||||
|
}
|
||||||
|
|
||||||
const [result] = await pool.query(
|
const [result] = await pool.query(
|
||||||
`INSERT INTO contact_exchange_requests (deal_id, requester_id, target_id, accepted)
|
`INSERT INTO contact_exchange_requests (deal_id, requester_id, target_id, accepted)
|
||||||
|
|
@ -45,11 +63,22 @@ router.post('/request', requireAuth, async (req, res) => {
|
||||||
);
|
);
|
||||||
|
|
||||||
res.status(201).json({ id: result.insertId });
|
res.status(201).json({ id: result.insertId });
|
||||||
|
} catch (error) {
|
||||||
|
console.error('Error in contacts request route:', error);
|
||||||
|
res.status(500).json({ error: 'Internal server error' });
|
||||||
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
router.post('/respond', requireAuth, async (req, res) => {
|
router.post('/respond', requireAuth, async (req, res) => {
|
||||||
const parsed = z.object({ requestId: z.number().int().positive(), accept: z.boolean() }).safeParse(req.body);
|
try {
|
||||||
if (!parsed.success) return res.status(400).json({ error: parsed.error.flatten() });
|
const parsed = z.object({
|
||||||
|
requestId: z.number().int().positive(),
|
||||||
|
accept: z.boolean()
|
||||||
|
}).safeParse(req.body);
|
||||||
|
|
||||||
|
if (!parsed.success) {
|
||||||
|
return res.status(400).json({ error: 'Invalid input data', details: parsed.error.flatten() });
|
||||||
|
}
|
||||||
|
|
||||||
const { requestId, accept } = parsed.data;
|
const { requestId, accept } = parsed.data;
|
||||||
const [rows] = await pool.query(
|
const [rows] = await pool.query(
|
||||||
|
|
@ -58,8 +87,14 @@ router.post('/respond', requireAuth, async (req, res) => {
|
||||||
);
|
);
|
||||||
|
|
||||||
const row = rows[0];
|
const row = rows[0];
|
||||||
if (!row) return res.status(404).json({ error: 'Request not found' });
|
|
||||||
if (row.target_id !== req.user.userId) return res.status(403).json({ error: 'Forbidden' });
|
if (!row) {
|
||||||
|
return res.status(404).json({ error: 'Request not found' });
|
||||||
|
}
|
||||||
|
|
||||||
|
if (row.target_id !== req.user.userId) {
|
||||||
|
return res.status(403).json({ error: 'Forbidden' });
|
||||||
|
}
|
||||||
|
|
||||||
if (accept) {
|
if (accept) {
|
||||||
await pool.query('UPDATE contact_exchange_requests SET accepted = TRUE WHERE id = ?', [requestId]);
|
await pool.query('UPDATE contact_exchange_requests SET accepted = TRUE WHERE id = ?', [requestId]);
|
||||||
|
|
@ -68,17 +103,31 @@ router.post('/respond', requireAuth, async (req, res) => {
|
||||||
|
|
||||||
await pool.query('DELETE FROM contact_exchange_requests WHERE id = ?', [requestId]);
|
await pool.query('DELETE FROM contact_exchange_requests WHERE id = ?', [requestId]);
|
||||||
res.json({ status: 'rejected' });
|
res.json({ status: 'rejected' });
|
||||||
|
} catch (error) {
|
||||||
|
console.error('Error in contacts respond route:', error);
|
||||||
|
res.status(500).json({ error: 'Internal server error' });
|
||||||
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
router.get('/deal/:dealId', requireAuth, async (req, res) => {
|
router.get('/deal/:dealId', requireAuth, async (req, res) => {
|
||||||
|
try {
|
||||||
const dealId = Number(req.params.dealId);
|
const dealId = Number(req.params.dealId);
|
||||||
if (Number.isNaN(dealId)) return res.status(400).json({ error: 'Invalid dealId' });
|
|
||||||
|
if (Number.isNaN(dealId)) {
|
||||||
|
return res.status(400).json({ error: 'Invalid dealId' });
|
||||||
|
}
|
||||||
|
|
||||||
const deal = await getDealParticipants(dealId);
|
const deal = await getDealParticipants(dealId);
|
||||||
if (!deal) return res.status(404).json({ error: 'Deal not found' });
|
|
||||||
|
if (!deal) {
|
||||||
|
return res.status(404).json({ error: 'Deal not found' });
|
||||||
|
}
|
||||||
|
|
||||||
const participants = [deal.requester_id, deal.helper_id];
|
const participants = [deal.requester_id, deal.helper_id];
|
||||||
if (!participants.includes(req.user.userId)) return res.status(403).json({ error: 'Forbidden' });
|
|
||||||
|
if (!participants.includes(req.user.userId)) {
|
||||||
|
return res.status(403).json({ error: 'Forbidden' });
|
||||||
|
}
|
||||||
|
|
||||||
const [rows] = await pool.query(
|
const [rows] = await pool.query(
|
||||||
`SELECT cer.id, cer.requester_id, cer.target_id, cer.accepted,
|
`SELECT cer.id, cer.requester_id, cer.target_id, cer.accepted,
|
||||||
|
|
@ -92,6 +141,10 @@ router.get('/deal/:dealId', requireAuth, async (req, res) => {
|
||||||
);
|
);
|
||||||
|
|
||||||
res.json(rows);
|
res.json(rows);
|
||||||
|
} catch (error) {
|
||||||
|
console.error('Error in contacts deal route:', error);
|
||||||
|
res.status(500).json({ error: 'Internal server error' });
|
||||||
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
export default router;
|
export default router;
|
||||||
Loading…
Add table
Add a link
Reference in a new issue