Standardize response handling and header checks in routes

Merge request body into responses and only set Location when present for create, update, and overwrite routes; send JSON with chained status/.json. Use res.sendStatus(204) and correct error forwarding in delete routes. Replace hasOwnProperty checks with Object.hasOwn and guard header access (headers.get) to avoid runtime errors. These changes make responses consistent, safer against missing properties, and prevent sending empty Location headers.

Author: cubap

routes/create.js

@@ -29,9 +29,12 @@ router.post('/', checkAccessToken, async (req, res, next) => {
     })
     // Send RERUM error responses to error-messenger.js
     if (errored) return next(result)
-    res.setHeader("Location", result["@id"] ?? result.id)
-    res.status(201)
-    res.json(result)
+    const location = result?.["@id"] ?? result?.id
+    const responseBody = { ...req.body, ...(result ?? {}) }
+    if (location) {
+      res.setHeader("Location", location)
+    }
+    res.status(201).json(responseBody)
   }
   catch (err) {
     next(err)
@@ -42,4 +45,4 @@ router.all('/', (req, res, next) => {
   res.status(405).send("Method Not Allowed")
 })
 
-export default router
+export default router

routes/delete.js

@@ -32,9 +32,8 @@ router.delete('/', checkAccessToken, async (req, res, next) => {
       throw err
     })
     // Send RERUM error responses to error-messenger.js
-    if (errored) return next(results)
-    res.status(204)
-    res.send(result)
+    if (errored) return next(result)
+    res.sendStatus(204)
   }
   catch (err) {
     next(err)
@@ -62,9 +61,8 @@ router.delete('/:id', async (req, res, next) => {
       throw err
     })
     // Send RERUM error responses to error-messenger.js
-    if (errored) return next(results)
-    res.status(204)
-    res.send(result)
+    if (errored) return next(result)
+    res.sendStatus(204)
   }
   catch (err) {
     next(err)

routes/overwrite.js

@@ -25,13 +25,13 @@ router.put('/', checkAccessToken, async (req, res, next) => {
     }
 
     // Pass through If-Overwritten-Version header if present
-    const ifOverwrittenVersion = req.headers.hasOwnProperty('if-overwritten-version') ? req.headers['if-overwritten-version'] : null
+    const ifOverwrittenVersion = Object.hasOwn(req.headers, 'if-overwritten-version') ? req.headers['if-overwritten-version'] : null
     if (ifOverwrittenVersion !== null) {
       overwriteOptions.headers['If-Overwritten-Version'] = ifOverwrittenVersion
     }
 
     // Check for __rerum.isOverwritten in body and use as If-Overwritten-Version header
-    const isOverwrittenValue = req.body?.__rerum?.hasOwnProperty("isOverwritten") ? req.body.__rerum.isOverwritten : null
+    const isOverwrittenValue = Object.hasOwn(req.body?.__rerum ?? {}, "isOverwritten") ? req.body.__rerum.isOverwritten : null
     if (isOverwrittenValue !== null) {
       overwriteOptions.headers['If-Overwritten-Version'] = isOverwrittenValue
     }
@@ -42,7 +42,7 @@ router.put('/', checkAccessToken, async (req, res, next) => {
     .then(async rerum_res=>{
       if (rerum_res.ok) return rerum_res.json()
       errored = true
-      if (rerum_res.headers.get("Content-Type").includes("json")) {
+      if ((rerum_res.headers?.get("Content-Type") ?? "").includes("json")) {
         // Special handling.  This does not go through to error-messenger.js
         if (rerum_res.status === 409) {
           const currentVersion = await rerum_res.json()
@@ -58,11 +58,11 @@ router.put('/', checkAccessToken, async (req, res, next) => {
     if (errored) return next(response)
     const result = response
     const location = result?.["@id"] ?? result?.id
+    const responseBody = { ...req.body, ...(result ?? {}) }
     if (location) {
       res.setHeader("Location", location)
     }
-    res.status(200)
-    res.json(result)
+    res.status(200).json(responseBody)
   }
   catch (err) {
     next(err)

routes/update.js

@@ -34,9 +34,12 @@ router.put('/', checkAccessToken, async (req, res, next) => {
     })
     // Send RERUM error responses to error-messenger.js
     if (errored) return next(result)
-    res.setHeader("Location", result["@id"] ?? result.id)
-    res.status(200)
-    res.send(result)
+    const location = result?.["@id"] ?? result?.id
+    const responseBody = { ...req.body, ...(result ?? {}) }
+    if (location) {
+      res.setHeader("Location", location)
+    }
+    res.status(200).json(responseBody)
   }
   catch (err) {
     next(err)