From 7523d4cbd989420c66e3d97ffa44497e547bc6d3 Mon Sep 17 00:00:00 2001
From: "groombook-ci[bot]" <ci@groombook.bot>
Date: Sun, 29 Mar 2026 20:38:18 +0000
Subject: [PATCH] fix(api): add error handling and null guard to /api/staff/me
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Wrap c.json() in try/catch to surface any remaining serialization
errors rather than crashing with a generic 500. Also change the null-
staff guard from 404 → 500 since a missing staff context is an
internal error, not a not-found case.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 apps/api/src/routes/staff.ts | 37 +++++++++++++++++++++---------------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/apps/api/src/routes/staff.ts b/apps/api/src/routes/staff.ts
index 3c952d5..b762b95 100644
--- a/apps/api/src/routes/staff.ts
+++ b/apps/api/src/routes/staff.ts
@@ -24,21 +24,28 @@ const updateStaffSchema = z.object({
 });
 
 staffRouter.get("/me", async (c) => {
-  const staffRow = c.get("staff");
-  if (!staffRow) return c.json({ error: "Staff record not found" }, 404);
-  // Explicitly pick serializable fields to avoid BigInt/Date/undefined serialization issues
-  return c.json({
-    id: staffRow.id,
-    name: staffRow.name,
-    email: staffRow.email,
-    role: staffRow.role,
-    active: staffRow.active,
-    isSuperUser: staffRow.isSuperUser,
-    userId: staffRow.userId,
-    oidcSub: staffRow.oidcSub,
-    createdAt: staffRow.createdAt,
-    updatedAt: staffRow.updatedAt,
-  });
+  try {
+    const staffRow = c.get("staff");
+    if (!staffRow) {
+      return c.json({ error: "Staff record not found in context" }, 500);
+    }
+    // Explicitly pick serializable fields to avoid BigInt/Date/undefined serialization issues
+    return c.json({
+      id: staffRow.id,
+      name: staffRow.name,
+      email: staffRow.email,
+      role: staffRow.role,
+      active: staffRow.active,
+      isSuperUser: staffRow.isSuperUser,
+      userId: staffRow.userId,
+      oidcSub: staffRow.oidcSub,
+      createdAt: staffRow.createdAt,
+      updatedAt: staffRow.updatedAt,
+    });
+  } catch (err) {
+    console.error("[/api/staff/me] error:", err, "staffRow:", c.get("staff"));
+    return c.json({ error: "Internal error", detail: String(err) }, 500);
+  }
 });
 
 staffRouter.get("/", async (c) => {