implemented middleware on all services

Author: akulsharma1

src/services/admission/admission-router.ts

@@ -7,6 +7,8 @@ import Models from "../../database/models.js";
 import { hasElevatedPerms } from "../auth/auth-lib.js";
 import { ApplicantDecisionFormat } from "./admission-formats.js";
 import { StatusCode } from "status-code-enum";
+import { NextFunction } from "express-serve-static-core";
+import { RouterError } from "../../middleware/error-handler.js"
 
 const admissionRouter: Router = Router();
 
@@ -45,18 +47,17 @@ const admissionRouter: Router = Router();
  * @apiError (500: Internal Server Error) {String} InternalError occurred on the server.
  * @apiError (403: Forbidden) {String} Forbidden API accessed by user without valid perms.
  * */
-admissionRouter.get("/not-sent/", strongJwtVerification, async (_: Request, res: Response) => {
+admissionRouter.get("/not-sent/", strongJwtVerification, async (_: Request, res: Response, next: NextFunction) => {
     const token: JwtPayload = res.locals.payload as JwtPayload;
     if (!hasElevatedPerms(token)) {
-        return res.status(StatusCode.ClientErrorForbidden).send({ error: "Forbidden" });
+        return next(new RouterError(StatusCode.ClientErrorForbidden, "Forbidden"));
     }
     try {
         const filteredEntries: AdmissionDecision[] = await Models.AdmissionDecision.find({ emailSent: false });
         return res.status(StatusCode.SuccessOK).send(filteredEntries);
     } catch (error) {
-        console.error(error);
+        return next(new RouterError(undefined,undefined,undefined,error));
     }
-    return res.status(StatusCode.ClientErrorBadRequest).send({ error: "InternalError" });
 });
 
 /**
@@ -91,10 +92,10 @@ admissionRouter.get("/not-sent/", strongJwtVerification, async (_: Request, res:
  * @apiError (500: Internal Server Error) {String} InternalError occurred on the server.
  * @apiError (403: Forbidden) {String} Forbidden API accessed by user without valid perms.
  * */
-admissionRouter.put("/", strongJwtVerification, async (req: Request, res: Response) => {
+admissionRouter.put("/", strongJwtVerification, async (req: Request, res: Response, next: NextFunction) => {
     const token: JwtPayload = res.locals.payload as JwtPayload;
     if (!hasElevatedPerms(token)) {
-        return res.status(StatusCode.ClientErrorForbidden).send({ error: "Forbidden" });
+        return next(new RouterError(StatusCode.ClientErrorForbidden, "Forbidden"));
     }
     const updateEntries: ApplicantDecisionFormat[] = req.body as ApplicantDecisionFormat[];
     const ops = updateEntries.map((entry) => {
@@ -104,9 +105,8 @@ admissionRouter.put("/", strongJwtVerification, async (req: Request, res: Respon
         await Promise.all(ops);
         return res.status(StatusCode.SuccessOK).send({ message: "StatusSuccess" });
     } catch (error) {
-        console.log(error);
+        return next(new RouterError(undefined,undefined,undefined,error))
     }
-    return res.status(StatusCode.ClientErrorBadRequest).send("InternalError");
 });
 
 /**
@@ -133,21 +133,21 @@ admissionRouter.put("/", strongJwtVerification, async (req: Request, res: Respon
  *
  * @apiUse strongVerifyErrors
  */
-admissionRouter.get("/rsvp/:USERID", strongJwtVerification, async (req: Request, res: Response) => {
+admissionRouter.get("/rsvp/:USERID", strongJwtVerification, async (req: Request, res: Response, next: NextFunction) => {
     const userId: string | undefined = req.params.USERID;
 
     const payload: JwtPayload = res.locals.payload as JwtPayload;
 
     //Sends error if caller doesn't have elevated perms
     if (!hasElevatedPerms(payload)) {
-        return res.status(StatusCode.ClientErrorForbidden).send({ error: "Forbidden" });
+        return next(new RouterError(StatusCode.ClientErrorForbidden, "Forbidden"));
     }
 
     const queryResult: AdmissionDecision | null = await Models.AdmissionDecision.findOne({ userId: userId });
 
     //Returns error if query is empty
     if (!queryResult) {
-        return res.status(StatusCode.ClientErrorBadRequest).send({ error: "UserNotFound" });
+        return next(new RouterError(StatusCode.ClientErrorBadRequest, "UserNotFound"));
     }
 
     return res.status(StatusCode.SuccessOK).send(queryResult);
@@ -182,7 +182,7 @@ admissionRouter.get("/rsvp/:USERID", strongJwtVerification, async (req: Request,
  *
  * @apiUse strongVerifyErrors
  */
-admissionRouter.get("/rsvp", strongJwtVerification, async (_: Request, res: Response) => {
+admissionRouter.get("/rsvp", strongJwtVerification, async (_: Request, res: Response, next: NextFunction) => {
     const payload: JwtPayload = res.locals.payload as JwtPayload;
 
     const userId: string = payload.id;
@@ -191,7 +191,7 @@ admissionRouter.get("/rsvp", strongJwtVerification, async (_: Request, res: Resp
 
     //Returns error if query is empty
     if (!queryResult) {
-        return res.status(StatusCode.ClientErrorBadRequest).send({ error: "UserNotFound" });
+        return next(new RouterError(StatusCode.ClientErrorBadRequest, "UserNotFound"));
     }
 
     //Filters data if caller doesn't have elevated perms
@@ -232,12 +232,12 @@ admissionRouter.get("/rsvp", strongJwtVerification, async (_: Request, res: Resp
  *
  * @apiUse strongVerifyErrors
  */
-admissionRouter.put("/rsvp/", strongJwtVerification, async (req: Request, res: Response) => {
+admissionRouter.put("/rsvp/", strongJwtVerification, async (req: Request, res: Response, next: NextFunction) => {
     const rsvp: boolean | undefined = req.body.isAttending;
 
     //Returns error if request body has no isAttending parameter
     if (rsvp === undefined) {
-        return res.status(StatusCode.ClientErrorBadRequest).send({ error: "InvalidParams" });
+        return next(new RouterError(StatusCode.ClientErrorBadRequest, "InvalidParams"));
     }
 
     const payload: JwtPayload = res.locals.payload as JwtPayload;
@@ -248,12 +248,12 @@ admissionRouter.put("/rsvp/", strongJwtVerification, async (req: Request, res: R
 
     //Returns error if query is empty
     if (!queryResult) {
-        return res.status(StatusCode.ClientErrorBadRequest).send({ error: "UserNotFound" });
+        return next(new RouterError(StatusCode.ClientErrorBadRequest, "UserNotFound"));
     }
 
     //If the current user has not been accepted, send an error
     if (queryResult.status != DecisionStatus.ACCEPTED) {
-        return res.status(StatusCode.ClientErrorForbidden).send({ error: "NotAccepted" });
+        return next(new RouterError(StatusCode.ClientErrorForbidden, "NotAccepted"));
     }
 
     //If current user has been accepted, update their RSVP decision to "ACCEPTED"/"DECLINED" acoordingly
@@ -270,7 +270,7 @@ admissionRouter.put("/rsvp/", strongJwtVerification, async (req: Request, res: R
         //return res.status(StatusCode.SuccessOK).send(updatedDecision.toObject());
         return res.status(StatusCode.SuccessOK).send(updatedDecision);
     } else {
-        return res.status(StatusCode.ServerErrorInternal).send({ error: "InternalError" });
+        return next(new RouterError());
     }
 });
 

src/services/auth/auth-router.ts

@@ -21,6 +21,7 @@ import {
     getUsersWithRole,
 } from "./auth-lib.js";
 import Models from "../../database/models.js";
+import { RouterError } from "../../middleware/error-handler.js";
 
 passport.use(
     Provider.GITHUB,
@@ -53,10 +54,10 @@ authRouter.get("/test/", (_: Request, res: Response) => {
     res.end("Auth endpoint is working!");
 });
 
-authRouter.get("/dev/", (req: Request, res: Response) => {
+authRouter.get("/dev/", (req: Request, res: Response, next: NextFunction) => {
     const token: string | undefined = req.query.token as string | undefined;
     if (!token) {
-        res.status(StatusCode.ClientErrorBadRequest).send({ error: "NoToken" });
+        return next(new RouterError(StatusCode.ClientErrorBadRequest, "NoToken"));
     }
 
     res.status(StatusCode.SuccessOK).send({ token: token });
@@ -85,7 +86,7 @@ authRouter.get("/login/github/", (req: Request, res: Response, next: NextFunctio
     const device: string = (req.query.device as string | undefined) ?? Config.DEFAULT_DEVICE;
 
     if (device && !Config.REDIRECT_URLS.has(device)) {
-        return res.status(StatusCode.ClientErrorBadRequest).send({ error: "BadDevice" });
+        return next(new RouterError(StatusCode.ClientErrorBadRequest, "BadDevice"));
     }
     return SelectAuthProvider("github", device)(req, res, next);
 });
@@ -113,7 +114,7 @@ authRouter.get("/login/google/", (req: Request, res: Response, next: NextFunctio
     const device: string = (req.query.device as string | undefined) ?? Config.DEFAULT_DEVICE;
 
     if (device && !Config.REDIRECT_URLS.has(device)) {
-        return res.status(StatusCode.ClientErrorBadRequest).send({ error: "BadDevice" });
+        return next(new RouterError(StatusCode.ClientErrorBadRequest, "BadDevice"));
     }
     return SelectAuthProvider("google", device)(req, res, next);
 });
@@ -127,18 +128,18 @@ authRouter.get(
             const device = req.params.DEVICE;
 
             if (!device || !Config.REDIRECT_URLS.has(device)) {
-                throw Error(`Bad device ${device}`);
+                throw Error(`${device}`);
             }
 
             res.locals.device = device;
             SelectAuthProvider(provider, device)(req, res, next);
         } catch (error) {
-            console.error(error);
+            return next(new RouterError(StatusCode.ClientErrorBadRequest, `Bad device ${error}`))
         }
     },
-    async (req: Request, res: Response) => {
+    async (req: Request, res: Response, next: NextFunction) => {
         if (!req.isAuthenticated()) {
-            return res.status(StatusCode.ClientErrorUnauthorized).send({ error: "FailedAuth" });
+            return next(new RouterError(StatusCode.ClientErrorUnauthorized, "FailedAuth"));
         }
 
         const device: string = (res.locals.device ?? Config.DEFAULT_DEVICE) as string;
@@ -166,8 +167,7 @@ authRouter.get(
             const url: string = `${redirect}?token=${token}`;
             return res.redirect(url);
         } catch (error) {
-            console.error(error);
-            return res.status(StatusCode.ClientErrorBadRequest).send({ error: "InvalidData" });
+            return next(new RouterError(StatusCode.ClientErrorBadRequest, "InvalidData"));
         }
     },
 );
@@ -192,7 +192,7 @@ authRouter.get(
  * @apiError (400: Bad Request) {String} UserNotFound User doesn't exist in the database.
  * @apiError (403: Forbidden) {String} Forbidden API accessed by user without valid perms.
  */
-authRouter.get("/roles/:USERID", strongJwtVerification, async (req: Request, res: Response) => {
+authRouter.get("/roles/:USERID", strongJwtVerification, async (req: Request, res: Response, next: NextFunction) => {
     const targetUser: string | undefined = req.params.USERID;
 
     // Check if we have a user to get roles for - if not, get roles for current user
@@ -210,11 +210,10 @@ authRouter.get("/roles/:USERID", strongJwtVerification, async (req: Request, res
             const roles: Role[] = await getRoles(targetUser);
             return res.status(StatusCode.SuccessOK).send({ id: targetUser, roles: roles });
         } catch (error) {
-            console.error(error);
-            return res.status(StatusCode.ClientErrorBadRequest).send({ error: "UserNotFound" });
+            return next(new RouterError(StatusCode.ClientErrorBadRequest, "UserNotFound"));
         }
     } else {
-        return res.status(StatusCode.ClientErrorForbidden).send("Forbidden");
+        return next(new RouterError(StatusCode.ClientErrorForbidden, "Forbidden"));
     }
 });
 
@@ -239,36 +238,35 @@ authRouter.get("/roles/:USERID", strongJwtVerification, async (req: Request, res
  * @apiError (400: Bad Request) {String} InvalidRole Nonexistent role passed in.
  * @apiUse strongVerifyErrors
  */
-authRouter.put("/roles/:OPERATION/", strongJwtVerification, async (req: Request, res: Response) => {
+authRouter.put("/roles/:OPERATION/", strongJwtVerification, async (req: Request, res: Response, next: NextFunction) => {
     const payload: JwtPayload = res.locals.payload as JwtPayload;
 
     // Not authenticated with modify roles perms
     if (!hasElevatedPerms(payload)) {
-        return res.status(StatusCode.ClientErrorForbidden).send({ error: "Forbidden" });
+        return next(new RouterError(StatusCode.ClientErrorForbidden, "Forbidden"));
     }
 
     // Parse to get operation type
     const op: RoleOperation | undefined = RoleOperation[req.params.operation as keyof typeof RoleOperation];
 
     // No operation - fail out
     if (!op) {
-        return res.status(StatusCode.ClientErrorBadRequest).send({ error: "InvalidOperation" });
+        return next(new RouterError(StatusCode.ClientErrorBadRequest, "InvalidOperation"));
     }
 
     // Check if role to add/remove actually exists
     const data: ModifyRoleRequest = req.body as ModifyRoleRequest;
     const role: Role | undefined = Role[data.role.toUpperCase() as keyof typeof Role];
     if (!role) {
-        return res.status(StatusCode.ClientErrorBadRequest).send({ error: "InvalidRole" });
+        return next(new RouterError(StatusCode.ClientErrorBadRequest, "InvalidRole"));
     }
 
     // Try to update roles, if possible
     try {
         const newRoles: Role[] = await updateRoles(data.id, role, op);
         return res.status(StatusCode.SuccessOK).send({ id: data.id, roles: newRoles });
     } catch (error) {
-        console.error(error);
-        return res.status(StatusCode.ServerErrorInternal).send({ error: "InternalError" });
+        return next(new RouterError());
     }
 });
 
@@ -289,12 +287,12 @@ authRouter.put("/roles/:OPERATION/", strongJwtVerification, async (req: Request,
  * @apiError (400: Bad Request) {String} UserNotFound User doesn't exist in the database
  * @apiError (403: Forbidden) {String} Forbidden API accessed by user without valid perms
  */
-authRouter.get("/list/roles/", strongJwtVerification, (_: Request, res: Response) => {
+authRouter.get("/list/roles/", strongJwtVerification, (_: Request, res: Response, next: NextFunction) => {
     const payload: JwtPayload = res.locals.payload as JwtPayload;
 
     // Check if current user should be able to access all roles
     if (!hasElevatedPerms(payload)) {
-        return res.status(StatusCode.ClientErrorForbidden).send({ error: "Forbidden" });
+        return next(new RouterError(StatusCode.ClientErrorForbidden, "Forbidden"));
     }
 
     // Filter enum to get all possible string keys
@@ -321,7 +319,7 @@ authRouter.get("/list/roles/", strongJwtVerification, (_: Request, res: Response
  *
  * @apiUse strongVerifyErrors
  */
-authRouter.get("/roles/", strongJwtVerification, async (_: Request, res: Response) => {
+authRouter.get("/roles/", strongJwtVerification, async (_: Request, res: Response, next: NextFunction) => {
     const payload: JwtPayload = res.locals.payload as JwtPayload;
     const targetUser: string = payload.id;
 
@@ -330,8 +328,7 @@ authRouter.get("/roles/", strongJwtVerification, async (_: Request, res: Respons
             return res.status(StatusCode.SuccessOK).send({ id: targetUser, roles: roles });
         })
         .catch((error: Error) => {
-            console.error(error);
-            return res.status(StatusCode.ClientErrorBadRequest).send({ error: "UserNotFound" });
+            return next(new RouterError(StatusCode.ClientErrorBadRequest, "UserNotFound", undefined, error.message));
         });
 });
 
@@ -351,7 +348,7 @@ authRouter.get("/roles/", strongJwtVerification, async (_: Request, res: Respons
  *
  * @apiUse strongVerifyErrors
  */
-authRouter.get("/roles/list/:ROLE", async (req: Request, res: Response) => {
+authRouter.get("/roles/list/:ROLE", async (req: Request, res: Response, next: NextFunction) => {
     const role: string | undefined = req.params.ROLE;
 
     //Returns error if role parameter is empty
@@ -365,7 +362,7 @@ authRouter.get("/roles/list/:ROLE", async (req: Request, res: Response) => {
         })
         .catch((error: Error) => {
             console.error(error);
-            return res.status(StatusCode.ClientErrorBadRequest).send({ error: "Unknown Error" });
+            return next(new RouterError(StatusCode.ClientErrorBadRequest, "Unknown Error"));
         });
 });
 
@@ -383,7 +380,7 @@ authRouter.get("/roles/list/:ROLE", async (req: Request, res: Response) => {
  *
  * @apiUse strongVerifyErrors
  */
-authRouter.get("/token/refresh", strongJwtVerification, async (_: Request, res: Response) => {
+authRouter.get("/token/refresh", strongJwtVerification, async (_: Request, res: Response, next: NextFunction) => {
     // Get old data from token
     const oldPayload: JwtPayload = res.locals.payload as JwtPayload;
     const data: ProfileData = {
@@ -399,8 +396,7 @@ authRouter.get("/token/refresh", strongJwtVerification, async (_: Request, res:
         const newToken: string = generateJwtToken(newPayload);
         return res.status(StatusCode.SuccessOK).send({ token: newToken });
     } catch (error) {
-        console.error(error);
-        return res.status(StatusCode.ServerErrorInternal).send({ error: "InternalError" });
+        return next(new RouterError());
     }
 });