openclaw/helpyourneighbour
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

auto(agent): Added try/catch blocks, improved input validation with Zod and added proper error handling in contacts route

Browse source
This commit is contained in:
OpenClaw 2026-03-06 17:39:27 +00:00
parent 00661fd99e
commit b03b264c5e
1 changed files with 119 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

185
backend/src/routes/contacts.js
View file

@ -6,92 +6,145 @@ import { requireAuth } from '../middleware/auth.js';
const router = Router(); const router = Router();
const getDealParticipants = async (dealId) => { const getDealParticipants = async (dealId) => {
const [rows] = await pool.query( try {
`SELECT d.id, hr.requester_id, o.helper_id const [rows] = await pool.query(
FROM deals d `SELECT d.id, hr.requester_id, o.helper_id
JOIN help_requests hr ON hr.id = d.request_id FROM deals d
JOIN offers o ON o.id = d.offer_id JOIN help_requests hr ON hr.id = d.request_id
WHERE d.id = ? LIMIT 1`, JOIN offers o ON o.id = d.offer_id
[dealId] WHERE d.id = ? LIMIT 1`,
); [dealId]
);
return rows[0] || null; return rows[0] || null;
} catch (error) {
throw new Error('Database error while fetching deal participants');
}
}; };
router.post('/request', requireAuth, async (req, res) => { router.post('/request', requireAuth, async (req, res) => {
const parsed = z.object({ dealId: z.number().int().positive(), targetUserId: z.number().int().positive() }).safeParse(req.body); try {
if (!parsed.success) return res.status(400).json({ error: parsed.error.flatten() }); const parsed = z.object({
dealId: z.number().int().positive(),
targetUserId: z.number().int().positive()
}).safeParse(req.body);
if (!parsed.success) {
return res.status(400).json({ error: 'Invalid input data', details: parsed.error.flatten() });
}
const { dealId, targetUserId } = parsed.data; const { dealId, targetUserId } = parsed.data;
const deal = await getDealParticipants(dealId); const deal = await getDealParticipants(dealId);
if (!deal) return res.status(404).json({ error: 'Deal not found' });
if (!deal) {
return res.status(404).json({ error: 'Deal not found' });
}
const participants = [deal.requester_id, deal.helper_id]; const participants = [deal.requester_id, deal.helper_id];
if (!participants.includes(req.user.userId) || !participants.includes(targetUserId) || req.user.userId === targetUserId) {
return res.status(403).json({ error: 'Forbidden' }); if (!participants.includes(req.user.userId) || !participants.includes(targetUserId) || req.user.userId === targetUserId) {
return res.status(403).json({ error: 'Forbidden' });
}
const [existing] = await pool.query(
`SELECT id FROM contact_exchange_requests
WHERE deal_id = ? AND requester_id = ? AND target_id = ? LIMIT 1`,
[dealId, req.user.userId, targetUserId]
);
if (existing.length) {
return res.status(409).json({ error: 'Request already exists' });
}
const [result] = await pool.query(
`INSERT INTO contact_exchange_requests (deal_id, requester_id, target_id, accepted)
VALUES (?, ?, ?, FALSE)`,
[dealId, req.user.userId, targetUserId]
);
res.status(201).json({ id: result.insertId });
} catch (error) {
console.error('Error in contacts request route:', error);
res.status(500).json({ error: 'Internal server error' });
} }
const [existing] = await pool.query(
`SELECT id FROM contact_exchange_requests
WHERE deal_id = ? AND requester_id = ? AND target_id = ? LIMIT 1`,
[dealId, req.user.userId, targetUserId]
);
if (existing.length) return res.status(409).json({ error: 'Request already exists' });
const [result] = await pool.query(
`INSERT INTO contact_exchange_requests (deal_id, requester_id, target_id, accepted)
VALUES (?, ?, ?, FALSE)`,
[dealId, req.user.userId, targetUserId]
);
res.status(201).json({ id: result.insertId });
}); });
router.post('/respond', requireAuth, async (req, res) => { router.post('/respond', requireAuth, async (req, res) => {
const parsed = z.object({ requestId: z.number().int().positive(), accept: z.boolean() }).safeParse(req.body); try {
if (!parsed.success) return res.status(400).json({ error: parsed.error.flatten() }); const parsed = z.object({
requestId: z.number().int().positive(),
accept: z.boolean()
}).safeParse(req.body);
if (!parsed.success) {
return res.status(400).json({ error: 'Invalid input data', details: parsed.error.flatten() });
}
const { requestId, accept } = parsed.data; const { requestId, accept } = parsed.data;
const [rows] = await pool.query( const [rows] = await pool.query(
`SELECT id, target_id FROM contact_exchange_requests WHERE id = ? LIMIT 1`, `SELECT id, target_id FROM contact_exchange_requests WHERE id = ? LIMIT 1`,
[requestId] [requestId]
); );
const row = rows[0]; const row = rows[0];
if (!row) return res.status(404).json({ error: 'Request not found' });
if (row.target_id !== req.user.userId) return res.status(403).json({ error: 'Forbidden' }); if (!row) {
return res.status(404).json({ error: 'Request not found' });
}
if (row.target_id !== req.user.userId) {
return res.status(403).json({ error: 'Forbidden' });
}
if (accept) { if (accept) {
await pool.query('UPDATE contact_exchange_requests SET accepted = TRUE WHERE id = ?', [requestId]); await pool.query('UPDATE contact_exchange_requests SET accepted = TRUE WHERE id = ?', [requestId]);
return res.json({ status: 'accepted' }); return res.json({ status: 'accepted' });
}
await pool.query('DELETE FROM contact_exchange_requests WHERE id = ?', [requestId]);
res.json({ status: 'rejected' });
} catch (error) {
console.error('Error in contacts respond route:', error);
res.status(500).json({ error: 'Internal server error' });
} }
await pool.query('DELETE FROM contact_exchange_requests WHERE id = ?', [requestId]);
res.json({ status: 'rejected' });
}); });
router.get('/deal/:dealId', requireAuth, async (req, res) => { router.get('/deal/:dealId', requireAuth, async (req, res) => {
const dealId = Number(req.params.dealId); try {
if (Number.isNaN(dealId)) return res.status(400).json({ error: 'Invalid dealId' }); const dealId = Number(req.params.dealId);
if (Number.isNaN(dealId)) {
return res.status(400).json({ error: 'Invalid dealId' });
}
const deal = await getDealParticipants(dealId); const deal = await getDealParticipants(dealId);
if (!deal) return res.status(404).json({ error: 'Deal not found' });
if (!deal) {
return res.status(404).json({ error: 'Deal not found' });
}
const participants = [deal.requester_id, deal.helper_id]; const participants = [deal.requester_id, deal.helper_id];
if (!participants.includes(req.user.userId)) return res.status(403).json({ error: 'Forbidden' });
if (!participants.includes(req.user.userId)) {
return res.status(403).json({ error: 'Forbidden' });
}
const [rows] = await pool.query( const [rows] = await pool.query(
`SELECT cer.id, cer.requester_id, cer.target_id, cer.accepted, `SELECT cer.id, cer.requester_id, cer.target_id, cer.accepted,
ru.phone_encrypted AS requester_phone_encrypted, ru.phone_encrypted AS requester_phone_encrypted,
tu.phone_encrypted AS target_phone_encrypted tu.phone_encrypted AS target_phone_encrypted
FROM contact_exchange_requests cer FROM contact_exchange_requests cer
JOIN users ru ON ru.id = cer.requester_id JOIN users ru ON ru.id = cer.requester_id
JOIN users tu ON tu.id = cer.target_id JOIN users tu ON tu.id = cer.target_id
WHERE cer.deal_id = ? AND cer.accepted = TRUE`, WHERE cer.deal_id = ? AND cer.accepted = TRUE`,
[dealId] [dealId]
); );
res.json(rows); res.json(rows);
} catch (error) {
console.error('Error in contacts deal route:', error);
res.status(500).json({ error: 'Internal server error' });
}
}); });
export default router; export default router;