fix: auth middleware and database error zod

GenerateNU · Jan 4, 2025 · 1ba83b0 · 1ba83b0
1 parent 82df166
commit 1ba83b0
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 5 deletions.
diff --git a/backend/src/constants/db-error.ts b/backend/src/constants/db-error.ts
@@ -31,7 +31,7 @@ export const DatabaseErrorSchema = z
     message: z.string(),
     severity: z.string().optional(),
     severity_local: z.string().optional(),
-    table_name: z.string(),
+    table_name: z.string().optional(),
     schema_name: z.string().optional(),
     constraint_name: z.string().optional(),
   })

diff --git a/backend/src/middlewares/auth.ts b/backend/src/middlewares/auth.ts
@@ -12,8 +12,12 @@ export const isAuthorized = (jwtSecretKey: string) => {
 
     const token = authHeader.split(" ")[1];
 
+    if (!token) {
+      return ctx.json({ error: "Unauthorized" }, 401);
+    }
+
     try {
-      const decoded = jwt.verify(token!, jwtSecretKey) as jwt.JwtPayload;
+      const decoded = jwt.verify(token, jwtSecretKey) as jwt.JwtPayload;
 
       if (!decoded.sub || !validate(decoded.sub)) {
         return ctx.json({ error: "Unauthorized" }, 401);

diff --git a/backend/src/tests/server/auth.test.ts b/backend/src/tests/server/auth.test.ts
@@ -118,6 +118,21 @@ describe("Authorization Middleware", () => {
       .assertError("Unauthorized");
   });
 
+  it("should return 401 if no JWT", async () => {
+    (
+      await testBuilder.request({
+        app,
+        route: "/protected",
+        autoAuthorized: false,
+        headers: {
+          Authorization: `Bearer `,
+        },
+      })
+    )
+      .assertStatusCode(401)
+      .assertError("Unauthorized");
+  });
+
   it("should return 401 if decoded JWT has no sub field", async () => {
     const now = Math.floor(Date.now() / 1000);
     const payload = {

diff --git a/backend/src/utilities/errors/db-error.ts b/backend/src/utilities/errors/db-error.ts
@@ -28,11 +28,11 @@ const DB_ERROR_TO_APP_ERROR_MAP: Partial<
 > = {
   [DatabaseErrorType.UniqueConstraintViolation]: (error) => {
     const { table_name, detail } = error;
-    return new ConflictError(getFriendlyErrorMessage(table_name, detail));
+    return new ConflictError(getFriendlyErrorMessage(table_name!, detail));
   },
   [DatabaseErrorType.ForeignKeyViolation]: (error) => {
     const { table_name, detail } = error;
-    return new NotFoundError("", getFriendlyErrorMessage(table_name, detail));
+    return new NotFoundError("", getFriendlyErrorMessage(table_name!, detail));
   },
   [DatabaseErrorType.CheckConstraintViolation]: () =>
     new BadRequestError(`The value provided is out of the acceptable range.`),

diff --git a/backend/src/utilities/errors/service-error.ts b/backend/src/utilities/errors/service-error.ts
@@ -11,7 +11,7 @@ export const handleServiceError = <T>(fn: () => T) => {
       } else if (isDatabaseError(error)) {
         throw mapDBErrorToAppError(error);
       } else {
-        throw new InternalServerError("An unexpected database error occurred.");
+        throw new InternalServerError("An unexpected server error occurred.");
       }
     }
   };