From 7f52a9d75e737e382ff2d18c0c6327e06d2929bd Mon Sep 17 00:00:00 2001
From: Mathis <yidhra@tuta.io>
Date: Thu, 2 May 2024 15:41:38 +0200
Subject: [PATCH] feat(controllers): improve response error handling in
 auth.controller

- Improve error handling in methods of the `auth.controller`
- Refactor conditional checks for errors to handle non-string types and missing payload data.
- Update response error messages to be more consistent and informative.

Issue: #19
Signed-off-by: Mathis <yidhra@tuta.io>
---
 src/controllers/auth.controller.ts | 48 ++++++++++++++++++++----------
 1 file changed, 33 insertions(+), 15 deletions(-)

diff --git a/src/controllers/auth.controller.ts b/src/controllers/auth.controller.ts
index 46a4052..1da2e91 100644
--- a/src/controllers/auth.controller.ts
+++ b/src/controllers/auth.controller.ts
@@ -64,7 +64,10 @@ async function registerUser(req: Request, res: Response): Promise<Response> {
 
 	const RegisterServiceResult = await UserService.register(sanitizeData);
 
-	if (typeof RegisterServiceResult !== 'string' && RegisterServiceResult.message === "GDPR acceptance is required.") {
+	if (
+		typeof RegisterServiceResult !== "string" &&
+		RegisterServiceResult.message === "GDPR acceptance is required."
+	) {
 		logger.warn(`GDPR not approved (${req.ip})`);
 		return res.status(HttpStatusCode.BadRequest).json({
 			error: RegisterServiceResult.error,
@@ -165,11 +168,17 @@ async function getAllUsers(req: Request, res: Response) {
 	}
 	const AllUserResponse = await UserService.getAll();
 	if (!AllUserResponse.users) {
-		return res.type("application/json").status(HttpStatusCode.InternalServerError).json({
-			error: "Internal server error",
-		});
+		return res
+			.type("application/json")
+			.status(HttpStatusCode.InternalServerError)
+			.json({
+				error: "Internal server error",
+			});
 	}
-	return res.type("application/json").status(HttpStatusCode.Found).json(AllUserResponse);
+	return res
+		.type("application/json")
+		.status(HttpStatusCode.Found)
+		.json(AllUserResponse);
 }
 
 async function getUser(req: Request, res: Response) {
@@ -177,16 +186,22 @@ async function getUser(req: Request, res: Response) {
 	const bearerToken = authHeader?.split(" ")[1];
 	if (!bearerToken) {
 		logger.warn(`Bearer token not provided (${req.ip})`);
-		return res.type("application/json").status(HttpStatusCode.Unauthorized).json({
-			error: "Unauthorized",
-		});
+		return res
+			.type("application/json")
+			.status(HttpStatusCode.Unauthorized)
+			.json({
+				error: "Unauthorized",
+			});
 	}
 	const payload = await JwtService.verify(bearerToken);
 	if (!payload || !payload.sub) {
 		logger.warn(`Unauthorized access attempt (${req.ip})`);
-		return res.type("application/json").status(HttpStatusCode.Unauthorized).json({
-			error: "Unauthorized",
-		});
+		return res
+			.type("application/json")
+			.status(HttpStatusCode.Unauthorized)
+			.json({
+				error: "Unauthorized",
+			});
 	}
 	const sourceUser = await UserService.getFromId(payload.sub);
 	if (!sourceUser) {
@@ -195,9 +210,12 @@ async function getUser(req: Request, res: Response) {
 		});
 	}
 	if ("username" in sourceUser && !sourceUser.is_admin) {
-		return res.type("application/json").status(HttpStatusCode.Unauthorized).json({
-			error: "Unauthorized",
-		});
+		return res
+			.type("application/json")
+			.status(HttpStatusCode.Unauthorized)
+			.json({
+				error: "Unauthorized",
+			});
 	}
 	const userId = req.params["id"];
 	const dbUser = await UserService.getFromId(userId);
@@ -308,7 +326,7 @@ async function deleteUser(req: Request, res: Response): Promise<Response> {
 	}
 	const payload = await JwtService.verify(bearerToken);
 
-	if (!payload) {
+	if (!payload || !payload.sub) {
 		logger.warn(`Invalid token (${req.ip})`);
 		return res.type("application/json").status(401).json({
 			error: "Invalid token",