auto(agent): Added PUT and DELETE routes with input validation and error handling in helpRequests.js

2026-03-06 17:47:31 +00:00 · 2026-03-06 17:47:31 +00:00 · e6c84d7237
commit e6c84d7237
parent 51be362dc4
1 changed files with 77 additions and 1 deletions
--- a/backend/src/routes/helpRequests.js
+++ b/backend/src/routes/helpRequests.js
@ -5,6 +5,7 @@ import { requireAuth } from '../middleware/auth.js';

 const router = Router();

+// GET /help-requests - Fetch all help requests with requester names
 router.get('/', async (_req, res) => {
  try {
    const [rows] = await pool.query(
@ -20,6 +21,7 @@ router.get('/', async (_req, res) => {
  }
 });

+// POST /help-requests - Create a new help request
 router.post('/', requireAuth, async (req, res) => {
  try {
    const parsed = z.object({
@ -28,7 +30,12 @@ router.post('/', requireAuth, async (req, res) => {
      valueChf: z.number().positive()
    }).safeParse(req.body);

-    if (!parsed.success) return res.status(400).json({ error: parsed.error.flatten() });
+    if (!parsed.success) {
+      return res.status(400).json({ 
+        error: 'Validation failed',
+        details: parsed.error.flatten() 
+      });
+    }

    const { title, description, valueChf } = parsed.data;
    const [result] = await pool.query(
@ -43,4 +50,73 @@ router.post('/', requireAuth, async (req, res) => {
  }
 });

+// PUT /help-requests/:id - Update a help request
+router.put('/:id', requireAuth, async (req, res) => {
+  try {
+    const { id } = req.params;
+    const parsed = z.object({
+      title: z.string().min(3).max(180),
+      description: z.string().min(5),
+      valueChf: z.number().positive(),
+      status: z.enum(['open', 'in_progress', 'completed', 'cancelled']).optional()
+    }).safeParse(req.body);
+
+    if (!parsed.success) {
+      return res.status(400).json({ 
+        error: 'Validation failed',
+        details: parsed.error.flatten() 
+      });
+    }
+
+    const { title, description, valueChf, status } = parsed.data;
+    
+    // Check if the help request exists and belongs to the user
+    const [existing] = await pool.query(
+      'SELECT id FROM help_requests WHERE id = ? AND requester_id = ?',
+      [id, req.user.userId]
+    );
+
+    if (existing.length === 0) {
+      return res.status(404).json({ error: 'Help request not found or unauthorized' });
+    }
+
+    const [result] = await pool.query(
+      'UPDATE help_requests SET title = ?, description = ?, value_chf = ?, status = ? WHERE id = ?',
+      [title, description, valueChf, status, id]
+    );
+
+    res.status(200).json({ message: 'Help request updated successfully' });
+  } catch (error) {
+    console.error('Error updating help request:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// DELETE /help-requests/:id - Delete a help request
+router.delete('/:id', requireAuth, async (req, res) => {
+  try {
+    const { id } = req.params;
+    
+    // Check if the help request exists and belongs to the user
+    const [existing] = await pool.query(
+      'SELECT id FROM help_requests WHERE id = ? AND requester_id = ?',
+      [id, req.user.userId]
+    );
+
+    if (existing.length === 0) {
+      return res.status(404).json({ error: 'Help request not found or unauthorized' });
+    }
+
+    const [result] = await pool.query(
+      'DELETE FROM help_requests WHERE id = ?',
+      [id]
+    );
+
+    res.status(200).json({ message: 'Help request deleted successfully' });
+  } catch (error) {
+    console.error('Error deleting help request:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
 export default router;