trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions

fix: replace error.message with generic "Internal server error" in all API catch blocks

Browse source 
Prevents leaking internal error details to clients across 7 route files:
health, candles, annotations, annotations/[id], upload, export, span-annotations/export.
Server-side console.error logging preserved for debugging.

Closes task 4.6.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marko Djordjevic 2026-02-18 11:16:02 +01:00
parent 81e3554d82
commit aace19b7f4
8 changed files with 28 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

2
openspec/changes/code-review-fix/tasks.md
View file

@ -31,7 +31,7 @@
- [x] 4.3 `[sonnet]` Add Zod schema validation to `src/app/api/model/load/route.ts` (validate run_id)
- [x] 4.4 `[sonnet]` Add Zod schema validation to `src/app/api/training/start/route.ts` (validate model_type)
- [x] 4.5 `[sonnet]` Add Zod schema validation to `src/app/api/patterns/detect/route.ts` (validate candles, patterns array)
- [ ] 4.6 `[sonnet]` Replace `error.message` with generic `"Internal server error"` in all catch blocks across 7+ route files: `health/route.ts`, `candles/route.ts`, `annotations/route.ts`, `annotations/[id]/route.ts`, `upload/route.ts`, `export/route.ts`, `span-annotations/export/route.ts`
- [x] 4.6 `[sonnet]` Replace `error.message` with generic `"Internal server error"` in all catch blocks across 7+ route files: `health/route.ts`, `candles/route.ts`, `annotations/route.ts`, `annotations/[id]/route.ts`, `upload/route.ts`, `export/route.ts`, `span-annotations/export/route.ts`
- [ ] 4.7 `[sonnet]` Require `chartId` for bulk delete in `src/app/api/annotations/route.ts` — reject `?all=true` without chartId with HTTP 400
- [ ] 4.8 `[sonnet]` Wrap chart cascade delete in `db.transaction()` and add `spanAnnotations` deletion in `src/app/api/charts/[id]/route.ts`
- [ ] 4.9 `[haiku]` Add `parseInt(value, 10)` with `isNaN()` guard to all routes parsing integer query params

6
src/app/api/annotations/[id]/route.ts
View file

@ -43,8 +43,9 @@ export async function PATCH(
return NextResponse.json(result[0]);
} catch (error: any) {
console.error(error);
return NextResponse.json(
{ error: error.message || 'Failed to update annotation' },
{ error: 'Internal server error' },
{ status: 500 }
);
}
@ -79,8 +80,9 @@ export async function DELETE(
return NextResponse.json({ success: true });
} catch (error: any) {
console.error(error);
return NextResponse.json(
{ error: error.message || 'Failed to delete annotation' },
{ error: 'Internal server error' },
{ status: 500 }
);
}

9
src/app/api/annotations/route.ts
View file

@ -30,8 +30,9 @@ export async function GET(request: NextRequest) {
return NextResponse.json(normalized);
} catch (error: any) {
console.error(error);
return NextResponse.json(
{ error: error.message || 'Failed to fetch annotations' },
{ error: 'Internal server error' },
{ status: 500 }
);
}
@ -82,8 +83,9 @@ export async function POST(request: NextRequest) {
timestamp: row.timestamp instanceof Date ? Math.floor(row.timestamp.getTime() / 1000) : row.timestamp,
}, { status: 201 });
} catch (error: any) {
console.error(error);
return NextResponse.json(
{ error: error.message || 'Failed to create annotation' },
{ error: 'Internal server error' },
{ status: 500 }
);
}
@ -130,8 +132,9 @@ export async function DELETE(request: NextRequest) {
deleted: result.length,
});
} catch (error: any) {
console.error(error);
return NextResponse.json(
{ error: error.message || 'Failed to delete annotations' },
{ error: 'Internal server error' },
{ status: 500 }
);
}

3
src/app/api/candles/route.ts
View file

@ -36,8 +36,9 @@ export async function GET(request: NextRequest) {
return NextResponse.json(normalized);
} catch (error: any) {
console.error(error);
return NextResponse.json(
{ error: error.message || 'Failed to fetch candles' },
{ error: 'Internal server error' },
{ status: 500 }
);
}

3
src/app/api/export/route.ts
View file

@ -63,8 +63,9 @@ export async function GET(request: NextRequest) {
},
});
} catch (error: any) {
console.error(error);
return NextResponse.json(
{ error: error.message || 'Failed to export annotations' },
{ error: 'Internal server error' },
{ status: 500 }
);
}

6
src/app/api/health/route.ts
View file

@ -18,11 +18,12 @@ export async function GET(request: NextRequest) {
await db.select().from(candles).limit(1);
response.database = 'ok';
} catch (dbError: any) {
console.error(dbError);
return NextResponse.json(
{
status: 'error',
database: 'failed',
message: dbError.message || 'Database check failed',
message: 'Internal server error',
},
{ status: 503 }
);
@ -31,10 +32,11 @@ export async function GET(request: NextRequest) {
return NextResponse.json(response);
} catch (error: any) {
console.error(error);
return NextResponse.json(
{
status: 'error',
message: error.message || 'Health check failed',
message: 'Internal server error',
},
{ status: 500 }
);

2
src/app/api/span-annotations/export/route.ts
View file

@ -120,7 +120,7 @@ export async function GET(request: NextRequest) {
} catch (error: any) {
console.error('Error exporting span annotations:', error);
return NextResponse.json(
{ error: error.message || 'Failed to export span annotations' },
{ error: 'Internal server error' },
{ status: 500 }
);
}

13
src/app/api/upload/route.ts
View file

@ -168,27 +168,30 @@ export async function POST(request: NextRequest): Promise<NextResponse> {
})
);
} catch (error: any) {
console.error(error);
resolve(
NextResponse.json(
{ error: error.message || 'Failed to process CSV data' },
{ status: 400 }
{ error: 'Internal server error' },
{ status: 500 }
)
);
}
},
error: (error: any) => {
console.error(error);
resolve(
NextResponse.json(
{ error: `CSV parsing error: ${error.message}` },
{ status: 400 }
{ error: 'Internal server error' },
{ status: 500 }
)
);
},
});
});
} catch (error: any) {
console.error(error);
return NextResponse.json(
{ error: error.message || 'Internal server error' },
{ error: 'Internal server error' },
{ status: 500 }
);
}