From e1da64cac3f3e292558eb314eafee799814d3bdf Mon Sep 17 00:00:00 2001 From: Patrick <50352812+Mueller-Patrick@users.noreply.github.com> Date: Mon, 3 May 2021 19:51:46 +0200 Subject: [PATCH] BETTERZON-77: Changing error behavior as the previous behavior cloud have opened up security vulnerabilities (#38) --- .../models/categories/categories.router.ts | 54 ++--------------- .../manufacturers/manufacturers.router.ts | 54 ++--------------- Backend/src/models/prices/prices.router.ts | 57 +++--------------- .../src/models/products/products.router.ts | 60 +++---------------- Backend/src/models/users/users.router.ts | 9 ++- Backend/src/models/vendors/vendors.router.ts | 54 ++--------------- 6 files changed, 40 insertions(+), 248 deletions(-) diff --git a/Backend/src/models/categories/categories.router.ts b/Backend/src/models/categories/categories.router.ts index 1af2db5..500d94f 100644 --- a/Backend/src/models/categories/categories.router.ts +++ b/Backend/src/models/categories/categories.router.ts @@ -20,19 +20,18 @@ export const categoriesRouter = express.Router(); */ // GET categories/ - categoriesRouter.get('/', async (req: Request, res: Response) => { try { const categories: Categories = await CategoryService.findAll(); res.status(200).send(categories); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); // GET categories/:id - categoriesRouter.get('/:id', async (req: Request, res: Response) => { const id: number = parseInt(req.params.id, 10); @@ -46,12 +45,12 @@ categoriesRouter.get('/:id', async (req: Request, res: Response) => { res.status(200).send(category); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); // GET categories/search/:term - categoriesRouter.get('/search/:term', async (req: Request, res: Response) => { const term: string = req.params.term; @@ -65,48 +64,7 @@ categoriesRouter.get('/search/:term', async (req: Request, res: Response) => { res.status(200).send(categories); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); - - -// POST items/ - -// categoriesRouter.post('/', async (req: Request, res: Response) => { -// try { -// const category: Category = req.body.category; -// -// await CategoryService.create(category); -// -// res.sendStatus(201); -// } catch (e) { -// res.status(404).send(e.message); -// } -// }); -// -// // PUT items/ -// -// categoriesRouter.put('/', async (req: Request, res: Response) => { -// try { -// const category: Category = req.body.category; -// -// await CategoryService.update(category); -// -// res.sendStatus(200); -// } catch (e) { -// res.status(500).send(e.message); -// } -// }); -// -// // DELETE items/:id -// -// categoriesRouter.delete('/:id', async (req: Request, res: Response) => { -// try { -// const id: number = parseInt(req.params.id, 10); -// await CategoryService.remove(id); -// -// res.sendStatus(200); -// } catch (e) { -// res.status(500).send(e.message); -// } -// }); diff --git a/Backend/src/models/manufacturers/manufacturers.router.ts b/Backend/src/models/manufacturers/manufacturers.router.ts index e791fa4..4d64ca9 100644 --- a/Backend/src/models/manufacturers/manufacturers.router.ts +++ b/Backend/src/models/manufacturers/manufacturers.router.ts @@ -20,19 +20,18 @@ export const manufacturersRouter = express.Router(); */ // GET items/ - manufacturersRouter.get('/', async (req: Request, res: Response) => { try { const manufacturers: Manufacturers = await ManufacturerService.findAll(); res.status(200).send(manufacturers); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); // GET items/:id - manufacturersRouter.get('/:id', async (req: Request, res: Response) => { const id: number = parseInt(req.params.id, 10); @@ -46,12 +45,12 @@ manufacturersRouter.get('/:id', async (req: Request, res: Response) => { res.status(200).send(manufacturer); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); // GET items/:name - manufacturersRouter.get('/search/:term', async (req: Request, res: Response) => { const term: string = req.params.term; @@ -65,48 +64,7 @@ manufacturersRouter.get('/search/:term', async (req: Request, res: Response) => res.status(200).send(manufacturer); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); - - -// POST items/ - -// manufacturersRouter.post('/', async (req: Request, res: Response) => { -// try { -// const category: Category = req.body.category; -// -// await CategoryService.create(category); -// -// res.sendStatus(201); -// } catch (e) { -// res.status(404).send(e.message); -// } -// }); -// -// // PUT items/ -// -// manufacturersRouter.put('/', async (req: Request, res: Response) => { -// try { -// const category: Category = req.body.category; -// -// await CategoryService.update(category); -// -// res.sendStatus(200); -// } catch (e) { -// res.status(500).send(e.message); -// } -// }); -// -// // DELETE items/:id -// -// manufacturersRouter.delete('/:id', async (req: Request, res: Response) => { -// try { -// const id: number = parseInt(req.params.id, 10); -// await CategoryService.remove(id); -// -// res.sendStatus(200); -// } catch (e) { -// res.status(500).send(e.message); -// } -// }); diff --git a/Backend/src/models/prices/prices.router.ts b/Backend/src/models/prices/prices.router.ts index db91724..f215a82 100644 --- a/Backend/src/models/prices/prices.router.ts +++ b/Backend/src/models/prices/prices.router.ts @@ -20,7 +20,6 @@ export const pricesRouter = express.Router(); */ // GET prices/ - pricesRouter.get('/', async (req: Request, res: Response) => { try { let prices: Prices = []; @@ -40,12 +39,12 @@ pricesRouter.get('/', async (req: Request, res: Response) => { res.status(200).send(prices); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); // GET prices/:id - pricesRouter.get('/:id', async (req: Request, res: Response) => { const id: number = parseInt(req.params.id, 10); @@ -59,12 +58,12 @@ pricesRouter.get('/:id', async (req: Request, res: Response) => { res.status(200).send(price); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); // GET prices/bestDeals - pricesRouter.get('/bestDeals/:amount', async (req: Request, res: Response) => { const amount: number = parseInt(req.params.amount, 10); @@ -78,12 +77,12 @@ pricesRouter.get('/bestDeals/:amount', async (req: Request, res: Response) => { res.status(200).send(prices); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); // GET prices/byProduct/list/[] - pricesRouter.get('/byProduct/list/:ids', async (req: Request, res: Response) => { const productIds: [number] = JSON.parse(req.params.ids); @@ -97,47 +96,7 @@ pricesRouter.get('/byProduct/list/:ids', async (req: Request, res: Response) => res.status(200).send(prices); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); - -// POST items/ - -// pricesRouter.post('/', async (req: Request, res: Response) => { -// try { -// const category: Category = req.body.category; -// -// await CategoryService.create(category); -// -// res.sendStatus(201); -// } catch (e) { -// res.status(404).send(e.message); -// } -// }); -// -// // PUT items/ -// -// pricesRouter.put('/', async (req: Request, res: Response) => { -// try { -// const category: Category = req.body.category; -// -// await CategoryService.update(category); -// -// res.sendStatus(200); -// } catch (e) { -// res.status(500).send(e.message); -// } -// }); -// -// // DELETE items/:id -// -// pricesRouter.delete('/:id', async (req: Request, res: Response) => { -// try { -// const id: number = parseInt(req.params.id, 10); -// await CategoryService.remove(id); -// -// res.sendStatus(200); -// } catch (e) { -// res.status(500).send(e.message); -// } -// }); diff --git a/Backend/src/models/products/products.router.ts b/Backend/src/models/products/products.router.ts index 03649de..0c5c22d 100644 --- a/Backend/src/models/products/products.router.ts +++ b/Backend/src/models/products/products.router.ts @@ -20,19 +20,18 @@ export const productsRouter = express.Router(); */ // GET products/ - productsRouter.get('/', async (req: Request, res: Response) => { try { const products: Products = await ProductService.findAll(); res.status(200).send(products); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); // GET products/:id - productsRouter.get('/:id', async (req: Request, res: Response) => { const id: number = parseInt(req.params.id, 10); @@ -46,12 +45,12 @@ productsRouter.get('/:id', async (req: Request, res: Response) => { res.status(200).send(product); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); // GET products/search/:term - productsRouter.get('/search/:term', async (req: Request, res: Response) => { const term: string = req.params.term; @@ -65,12 +64,12 @@ productsRouter.get('/search/:term', async (req: Request, res: Response) => { res.status(200).send(products); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); // GET products/list/[1,2,3] - productsRouter.get('/list/:ids', async (req: Request, res: Response) => { const ids: [number] = JSON.parse(req.params.ids); @@ -84,50 +83,7 @@ productsRouter.get('/list/:ids', async (req: Request, res: Response) => { res.status(200).send(products); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); - -// GET products/bestDeals - - -// POST items/ - -// productsRouter.post('/', async (req: Request, res: Response) => { -// try { -// const product: Product = req.body.product; -// -// await ProductService.create(product); -// -// res.sendStatus(201); -// } catch (e) { -// res.status(404).send(e.message); -// } -// }); -// -// // PUT items/ -// -// productsRouter.put('/', async (req: Request, res: Response) => { -// try { -// const product: Product = req.body.product; -// -// await ProductService.update(product); -// -// res.sendStatus(200); -// } catch (e) { -// res.status(500).send(e.message); -// } -// }); -// -// // DELETE items/:id -// -// productsRouter.delete('/:id', async (req: Request, res: Response) => { -// try { -// const id: number = parseInt(req.params.id, 10); -// await ProductService.remove(id); -// -// res.sendStatus(200); -// } catch (e) { -// res.status(500).send(e.message); -// } -// }); diff --git a/Backend/src/models/users/users.router.ts b/Backend/src/models/users/users.router.ts index 6f13fe0..ee6d9f3 100644 --- a/Backend/src/models/users/users.router.ts +++ b/Backend/src/models/users/users.router.ts @@ -49,7 +49,8 @@ usersRouter.post('/register', async (req: Request, res: Response) => { // Send the session details back to the user res.status(201).send(session); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); @@ -78,7 +79,8 @@ usersRouter.post('/login', async (req: Request, res: Response) => { // Send the session details back to the user res.status(201).send(session); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); @@ -107,6 +109,7 @@ usersRouter.post('/checkSessionValid', async (req: Request, res: Response) => { // Send the session details back to the user res.status(201).send(user); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); diff --git a/Backend/src/models/vendors/vendors.router.ts b/Backend/src/models/vendors/vendors.router.ts index 3876c2b..335cac6 100644 --- a/Backend/src/models/vendors/vendors.router.ts +++ b/Backend/src/models/vendors/vendors.router.ts @@ -20,19 +20,18 @@ export const vendorsRouter = express.Router(); */ // GET items/ - vendorsRouter.get('/', async (req: Request, res: Response) => { try { const vendors: Vendors = await VendorService.findAll(); res.status(200).send(vendors); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); // GET items/:id - vendorsRouter.get('/:id', async (req: Request, res: Response) => { const id: number = parseInt(req.params.id, 10); @@ -46,12 +45,12 @@ vendorsRouter.get('/:id', async (req: Request, res: Response) => { res.status(200).send(vendor); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); // GET items/:name - vendorsRouter.get('/search/:term', async (req: Request, res: Response) => { const term: string = req.params.term; @@ -65,48 +64,7 @@ vendorsRouter.get('/search/:term', async (req: Request, res: Response) => { res.status(200).send(vendors); } catch (e) { - res.status(404).send(e.message); + console.log('Error handling a request: ' + e.message); + res.status(500).send(JSON.stringify({"message": "Internal Server Error. Try again later."})); } }); - - -// POST items/ - -// vendorsRouter.post('/', async (req: Request, res: Response) => { -// try { -// const category: Category = req.body.category; -// -// await CategoryService.create(category); -// -// res.sendStatus(201); -// } catch (e) { -// res.status(404).send(e.message); -// } -// }); -// -// // PUT items/ -// -// vendorsRouter.put('/', async (req: Request, res: Response) => { -// try { -// const category: Category = req.body.category; -// -// await CategoryService.update(category); -// -// res.sendStatus(200); -// } catch (e) { -// res.status(500).send(e.message); -// } -// }); -// -// // DELETE items/:id -// -// vendorsRouter.delete('/:id', async (req: Request, res: Response) => { -// try { -// const id: number = parseInt(req.params.id, 10); -// await CategoryService.remove(id); -// -// res.sendStatus(200); -// } catch (e) { -// res.status(500).send(e.message); -// } -// });