Harden feed/profile routes against invalid IDs and null profiles

2026-02-20 19:09:15 -05:00
parent 0b36db9b33
commit c136d25974
4 changed files with 74 additions and 35 deletions
--- a/routes/profile.js
+++ b/routes/profile.js
@@ -795,12 +795,24 @@ DB.getDB.then((DB) => {
 *               $ref: '#/components/schemas/Profile'
 */
    router.get("/:id", async (req, res) => {
-        let profileId = req.params.id;
-        let profile = await DB.getProfile(profileId);
-        return res.json({
-            status: "ok",
-            ...profile
-        });
+        try {
+            let profileId = req.params.id;
+            let profile = await DB.getProfile(profileId);
+            if (!profile || !profile._id) {
+                return res.status(404).json({
+                    status: "Profile not found",
+                });
+            }
+            return res.json({
+                status: "ok",
+                ...profile
+            });
+        } catch (error) {
+            console.error("Error loading profile", error);
+            return res.status(500).json({
+                status: "Internal server error"
+            });
+        }
    });

    /**
@@ -913,4 +925,4 @@ DB.getDB.then((DB) => {

 });

-module.exports = router
+module.exports = router