WorkSimplon/brief-05-back
2
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Wiki Activity

refactor(controllers): enhance error handling in auth controller

Browse Source 
Update error handling in `auth.controller.ts` to provide more accurate responses based on operation results. This includes rigorous checking of response types before proceeding with particular operations. Notable changes include switching from string errors to error codes, and ensuring necessary properties exist in objects before accessing them.

Issue: #19
Signed-off-by: Mathis <yidhra@tuta.io>
This commit is contained in:
Mathis H (Avnyr) 2024-05-02 16:12:21 +02:00
parent 7f52a9d75e
commit 70a6e5df54
Signed by: Mathis
GPG Key ID: DD9E0666A747D126
1 changed files with 52 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
src/controllers/auth.controller.ts
View File

@ -123,14 +123,19 @@ async function loginUser(req: Request, res: Response): Promise<void> {
const LoginServiceResult = await UserService.login(loginData); const LoginServiceResult = await UserService.login(loginData);
console.log(LoginServiceResult); console.log(LoginServiceResult);
if (LoginServiceResult.error === "userNotFound") { if (
console.log("POOL"); typeof LoginServiceResult !== "string" &&
LoginServiceResult.error === 3
) {
res.type("application/json").status(HttpStatusCode.NotFound).json({ res.type("application/json").status(HttpStatusCode.NotFound).json({
error: LoginServiceResult.error, error: LoginServiceResult.error,
message: "User not found.", message: "User not found.",
}); });
} }
if (LoginServiceResult.error === "invalidPassword") { if (
typeof LoginServiceResult !== "string" &&
LoginServiceResult.error === 5
) {
res.type("application/json").status(HttpStatusCode.NotAcceptable).json({ res.type("application/json").status(HttpStatusCode.NotAcceptable).json({
error: LoginServiceResult.error, error: LoginServiceResult.error,
message: "Invalid password.", message: "Invalid password.",
@ -161,13 +166,13 @@ async function getAllUsers(req: Request, res: Response) {
error: "You dont exist anymore", error: "You dont exist anymore",
}); });
} }
if (!sourceUser.is_admin) { if ("id" in sourceUser && !sourceUser.is_admin) {
return res.type("application/json").status(HttpStatusCode.Forbidden).json({ return res.type("application/json").status(HttpStatusCode.Forbidden).json({
error: "Unauthorized", error: "Unauthorized",
}); });
} }
const AllUserResponse = await UserService.getAll(); const AllUserResponse = await UserService.getAll();
if (!AllUserResponse.users) { if (typeof AllUserResponse === "object") {
return res return res
.type("application/json") .type("application/json")
.status(HttpStatusCode.InternalServerError) .status(HttpStatusCode.InternalServerError)
@ -218,6 +223,12 @@ async function getUser(req: Request, res: Response) {
}); });
} }
const userId = req.params["id"]; const userId = req.params["id"];
if (!userId) {
logger.warn(`User ID not provided (${req.ip})`);
return res.type("application/json").status(HttpStatusCode.BadRequest).json({
error: "User ID not provided",
});
}
const dbUser = await UserService.getFromId(userId); const dbUser = await UserService.getFromId(userId);
if (!dbUser) { if (!dbUser) {
logger.warn(`User not found (${req.ip})`); logger.warn(`User not found (${req.ip})`);
@ -267,7 +278,10 @@ async function editUser(req: Request, res: Response) {
error: "You dont exist anymore", error: "You dont exist anymore",
}); });
} }
if (sourceUser.is_admin || sourceUser.id === payload.sub) { if (
("id" in sourceUser && sourceUser.is_admin) ||
("id" in sourceUser && sourceUser.id === payload.sub)
) {
if (sourceUser.is_admin) { if (sourceUser.is_admin) {
logger.info( logger.info(
`EDIT :> Source user is an admin (${sourceUser.firstname} ${sourceUser.lastname})`, `EDIT :> Source user is an admin (${sourceUser.firstname} ${sourceUser.lastname})`,
@ -294,13 +308,19 @@ async function editUser(req: Request, res: Response) {
`${targetUserId}`, `${targetUserId}`,
modifiedData, modifiedData,
); );
if (EditUserServiceResult.error === "userNotFound") { if (
typeof EditUserServiceResult !== "boolean" &&
EditUserServiceResult.error === 3
) {
logger.warn(`User not found (${req.ip})`); logger.warn(`User not found (${req.ip})`);
return res.type("application/json").status(404).json({ return res.type("application/json").status(404).json({
error: "User not found", error: "User not found",
}); });
} }
if (EditUserServiceResult.error !== "none") { if (
typeof EditUserServiceResult !== "boolean" &&
EditUserServiceResult.error
) {
logger.error(`Error occurred during user edit (${req.ip})`); logger.error(`Error occurred during user edit (${req.ip})`);
return res.type("application/json").status(500).json({ return res.type("application/json").status(500).json({
error: "Internal server error", error: "Internal server error",
@ -340,7 +360,10 @@ async function deleteUser(req: Request, res: Response): Promise<Response> {
error: "You dont exist anymore", error: "You dont exist anymore",
}); });
} }
if (sourceUser.is_admin || sourceUser.id === payload.sub) { if (
("id" in sourceUser && sourceUser.is_admin) ||
("id" in sourceUser && sourceUser.id === payload.sub)
) {
const deleteUserServiceResult = await UserService.delete(`${targetUserId}`); const deleteUserServiceResult = await UserService.delete(`${targetUserId}`);
if (!deleteUserServiceResult) { if (!deleteUserServiceResult) {
logger.error(`Error occurred during user delete (${req.ip})`); logger.error(`Error occurred during user delete (${req.ip})`);
@ -368,7 +391,7 @@ async function deleteSelf(req: Request, res: Response) {
}); });
} }
const payload = await JwtService.verify(bearerToken); const payload = await JwtService.verify(bearerToken);
if (!payload) { if (!payload || !payload.sub) {
logger.warn(`Unauthorized access attempt (${req.ip})`); logger.warn(`Unauthorized access attempt (${req.ip})`);
return res.type("application/json").status(401).json({ return res.type("application/json").status(401).json({
error: "Unauthorized", error: "Unauthorized",
@ -380,17 +403,20 @@ async function deleteSelf(req: Request, res: Response) {
error: "You dont exist anymore", error: "You dont exist anymore",
}); });
} }
if (sourceUser.id !== req.params["id"]) { if ("id" in sourceUser && sourceUser.id !== req.params["id"]) {
return res.type("application/json").status(403).json({ return res.type("application/json").status(403).json({
error: "Unauthorized", error: "Unauthorized",
}); });
} }
const deleteResult = await UserService.delete(sourceUser.id); if ("id" in sourceUser) {
if (!deleteResult) { const deleteResult = await UserService.delete(sourceUser.id);
logger.error(`Failed to delete user (${req.ip})`);
return res.type("application/json").status(500).json({ if (!deleteResult) {
error: "Failed to delete user", logger.error(`Failed to delete user (${req.ip})`);
}); return res.type("application/json").status(500).json({
error: "Failed to delete user",
});
}
} }
return res.type("application/json").status(200).json({ return res.type("application/json").status(200).json({
message: "User deleted successfully", message: "User deleted successfully",
@ -413,17 +439,17 @@ async function getSelf(req: Request, res: Response) {
}); });
} }
const GetUserResult = await UserService.getFromId(payload.sub); const GetUserResult = await UserService.getFromId(payload.sub);
if (!GetUserResult) { if ("id" in GetUserResult) {
return res.type("application/json").status(404).json({ return res.type("application/json").status(200).json({
error: "User not found", id: GetUserResult.id,
username: GetUserResult.username,
firstName: GetUserResult.firstname,
lastName: GetUserResult.lastname,
isAdmin: GetUserResult.is_admin,
}); });
} }
return res.type("application/json").status(200).json({ return res.type("application/json").status(404).json({
id: GetUserResult.id, error: "User not found",
username: GetUserResult.username,
firstName: GetUserResult.firstname,
lastName: GetUserResult.firstname,
isAdmin: GetUserResult.firstname,
}); });
} }