jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Zod validation to all API endpoints and remove debug test route

Browse source 
Adds schema-based input validation across helcim, events, members,
series, admin, and updates API endpoints. Removes the peer-support
debug test endpoint. Adds validation test coverage.
This commit is contained in:
Jennie Robinson Faber 2026-03-01 17:04:26 +00:00
parent e4813075b7
commit 025c1a180f
38 changed files with 1132 additions and 309 deletions
Download patch file Download diff file Expand all files Collapse all files

29
server/api/members/update-contribution.post.js
View file

@ -14,7 +14,7 @@ export default defineEventHandler(async (event) => {
try {
await connectDB();
const config = useRuntimeConfig(event);
const body = await readBody(event);
const body = await validateBody(event, updateContributionSchema);
const token = getCookie(event, "auth-token");
if (!token) {
@ -35,17 +35,6 @@ export default defineEventHandler(async (event) => {
});
}
// Validate contribution tier
if (
!body.contributionTier ||
!isValidContributionValue(body.contributionTier)
) {
throw createError({
statusCode: 400,
statusMessage: "Invalid contribution tier",
});
}
// Get member
const member = await Member.findById(decoded.memberId);
if (!member) {
@ -63,7 +52,6 @@ export default defineEventHandler(async (event) => {
return {
success: true,
message: "Already on this tier",
member,
};
}
@ -186,7 +174,7 @@ export default defineEventHandler(async (event) => {
if (!subscriptionResponse.ok) {
const errorText = await subscriptionResponse.text();
console.error("Failed to create subscription:", errorText);
throw new Error(`Failed to create subscription: ${errorText}`);
throw new Error('Subscription creation failed');
}
const subscriptionData = await subscriptionResponse.json();
@ -206,7 +194,6 @@ export default defineEventHandler(async (event) => {
return {
success: true,
message: "Successfully upgraded to paid tier",
member,
subscription: {
subscriptionId: subscription.id,
status: subscription.status,
@ -262,7 +249,6 @@ export default defineEventHandler(async (event) => {
return {
success: true,
message: "Successfully downgraded to free tier",
member,
};
}
@ -311,7 +297,7 @@ export default defineEventHandler(async (event) => {
response.status,
errorText,
);
throw new Error(`Failed to update subscription: ${errorText}`);
throw new Error('Subscription update failed');
}
const subscriptionData = await response.json();
@ -323,14 +309,13 @@ export default defineEventHandler(async (event) => {
return {
success: true,
message: "Successfully updated contribution level",
member,
subscription: subscriptionData,
};
} catch (error) {
console.error("Error updating Helcim subscription:", error);
throw createError({
statusCode: 500,
statusMessage: error.message || "Failed to update subscription",
statusMessage: "Subscription update failed",
});
}
}
@ -342,13 +327,13 @@ export default defineEventHandler(async (event) => {
return {
success: true,
message: "Successfully updated contribution level",
member,
};
} catch (error) {
if (error.statusCode) throw error;
console.error("Error updating contribution tier:", error);
throw createError({
statusCode: error.statusCode || 500,
statusMessage: error.message || "Failed to update contribution tier",
statusCode: 500,
statusMessage: "An unexpected error occurred",
});
}
});