fix(api): GRO-2014 — profile-summary returns 404/401/JSON-500 instead of empty-body 500
Defect: GET /api/pets/:id/profile-summary previously returned an empty-body
500 Internal Server Error for any UUID that the caller had no linkage to
(and presumably also for any malformed/non-UUID path param), because the
route had no upfront UUID validation, no defensive staff context guard,
and no router-level onError to catch downstream Drizzle/Postgres errors.
Changes:
- src/routes/pets.ts
- Add router.onError that returns a JSON envelope (`{"error":"Internal Server
Error"}`) instead of Hono's default empty-body 500. Mirrors the pattern
already used in invoices.ts and reports.ts.
- profile-summary: validate the :id path param with z.string().uuid()
before hitting Postgres. Malformed UUIDs now return 404 Not Found
instead of triggering a Postgres uuid cast that throws and bubbles
up as a 500.
- profile-summary: explicit `if (!staffRow)` guard returns 401 instead
of relying on optional chaining and risking a TypeError later in the
groomer linkage check on staffRow.id.
- src/__tests__/petProfileSummary.test.ts (new)
- 7 regression tests covering: malformed UUID → 404; missing staff →
401; pet not found → 404; groomer with no linkage → 403; manager
happy path → 200; groomer with linkage → 200; downstream DB throw
→ 500 with JSON body (never empty body).
- UAT_PLAYBOOK.md §3 (TC-API-3.29 / 3.30 / 3.31)
- Document the new 404 behaviour for unknown and malformed UUIDs and
the JSON-envelope requirement for any 500.
Notes for QA:
- Spec from GRO-2014: 404 if pet does not exist, 403 if no linkage, 401
if not authenticated. The "Forbidden if no linkage" path was already
correct for groomers; the 500 → 404/JSON-500 collapse is the actual
change in observable behaviour.
- The route's customer-as-groomer auto-provision issue (GRO-2013) is
*not* addressed here. It remains the customer-side defect; this PR
only fixes the error-handling regression.
Refs: GRO-1892, GRO-2013
Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Flea Flicker
@@ -125,6 +125,9 @@ CUSTOMER=$(kubectl get secret seed-uat-passwords -n groombook-uat \
|
||||
| TC-API-3.17 | Get pet profile summary — groomer restricted | GET /api/pets/{id}/profile-summary as groomer with no pet linkage | 403 Forbidden |
|
||||
| TC-API-3.18 | Get pet profile summary — visitCount returns full count | GET /api/pets/{id}/profile-summary with 2+ completed appointments | visitCount >= 2 (not capped at 1) |
|
||||
| TC-API-3.19 | Get pet profile summary — upcomingAppointment excludes past | GET /api/pets/{id}/profile-summary with a past confirmed/scheduled appointment | upcomingAppointment is null (past appointments filtered by startTime >= now) |
|
||||
| TC-API-3.29 | Get pet profile summary — unknown UUID returns 404 (GRO-2014) | GET /api/pets/00000000-0000-0000-0000-000000000001/profile-summary while authenticated (any role) | 404 Not Found with body `{"error":"Not found"}` (was empty-body 500 in GRO-2014) |
|
||||
| TC-API-3.30 | Get pet profile summary — malformed UUID returns 404 (GRO-2014) | GET /api/pets/not-a-uuid/profile-summary while authenticated | 404 Not Found with body `{"error":"Not found"}` (was empty-body 500 in GRO-2014 — Postgres uuid cast failure) |
|
||||
| TC-API-3.31 | Get pet profile summary — never empty-body 500 (GRO-2014) | GET /api/pets/{anyId}/profile-summary across the test sweep | No response has status 500 with an empty body. Any 500 must include a JSON body `{"error":"Internal Server Error"}` |
|
||||
|
||||
#### Seed Data Verification (GRO-1898)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user