Add Zod validation, fix mass assignment, remove test endpoints and dead code
- Add centralized Zod schemas (server/utils/schemas.js) and validateBody utility for all API endpoints - Fix critical mass assignment in member creation: raw body no longer passed to new Member(), only validated fields (email, name, circle, contributionTier) are accepted - Apply Zod validation to login, profile patch, event registration, updates, verify-payment, and admin event creation endpoints - Fix logout cookie flags to match login (httpOnly: true, secure conditional on NODE_ENV) - Delete unauthenticated test/debug endpoints (test-connection, test-subscription, test-bot) - Remove sensitive console.log statements from Helcim and member endpoints - Remove unused bcryptjs dependency - Add 10MB file size limit on image uploads - Use runtime config for JWT secret across all endpoints - Add 38 validation tests (117 total, all passing)
This commit is contained in:
parent
26c300c357
commit
b7279f57d1
41 changed files with 467 additions and 321 deletions
|
|
@ -21,7 +21,7 @@ export default defineEventHandler(async (event) => {
|
|||
// Decode JWT token
|
||||
let decoded
|
||||
try {
|
||||
decoded = jwt.verify(token, process.env.JWT_SECRET)
|
||||
decoded = jwt.verify(token, useRuntimeConfig().jwtSecret)
|
||||
} catch (err) {
|
||||
throw createError({
|
||||
statusCode: 401,
|
||||
|
|
@ -59,7 +59,6 @@ export default defineEventHandler(async (event) => {
|
|||
const existingCustomer = searchData.customers.find(c => c.email === member.email)
|
||||
|
||||
if (existingCustomer) {
|
||||
console.log('Found existing Helcim customer:', existingCustomer.id)
|
||||
|
||||
// Update member record with customer ID if not already set
|
||||
if (!member.helcimCustomerId) {
|
||||
|
|
@ -77,12 +76,11 @@ export default defineEventHandler(async (event) => {
|
|||
}
|
||||
}
|
||||
} catch (searchError) {
|
||||
console.log('Error searching for customer:', searchError)
|
||||
console.error('Error searching for customer:', searchError)
|
||||
// Continue to create new customer
|
||||
}
|
||||
|
||||
// No existing customer found, create new one
|
||||
console.log('Creating new Helcim customer for:', member.email)
|
||||
const createResponse = await fetch(`${HELCIM_API_BASE}/customers`, {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
|
|
@ -107,7 +105,6 @@ export default defineEventHandler(async (event) => {
|
|||
}
|
||||
|
||||
const customerData = await createResponse.json()
|
||||
console.log('Created Helcim customer:', customerData.id)
|
||||
|
||||
// Update member record with customer ID
|
||||
member.helcimCustomerId = customerData.id
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue