address PR review: input validation, error handling, env guard, dynamic port, generate scripts

Author: DiluDevX

deployment-platforms/rest-express-docker-aws-ec2/.github/workflows/deploy.yml

@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - main
+      - latest
 
 jobs:
   deploy:

deployment-platforms/rest-express-docker-aws-ec2/package.json

@@ -3,8 +3,8 @@
   "version": "1.0.0",
   "license": "MIT",
   "scripts": {
-    "build": "tsc",
-    "dev": "tsx src/index.ts",
+    "build": "prisma generate && tsc",
+    "dev": "prisma generate && tsx src/index.ts",
     "start": "node dist/index.js"
   },
   "dependencies": {

deployment-platforms/rest-express-docker-aws-ec2/src/index.ts

@@ -9,6 +9,7 @@ app.use(express.json())
 app.use(postRouter)
 app.use(userRouter)
 
-app.listen(3000, () =>
-  console.log('Server ready at: http://localhost:3000'),
+const PORT = process.env.PORT || 3000
+app.listen(PORT, () =>
+  console.log(`Server ready at: http://localhost:${PORT}`),
 )

deployment-platforms/rest-express-docker-aws-ec2/src/lib/prisma.ts

@@ -1,5 +1,10 @@
 import { PrismaClient } from '../../prisma/generated/client'
 import { PrismaPg } from '@prisma/adapter-pg'
 
-const pool = new PrismaPg({ connectionString: process.env.DATABASE_URL! })
+const databaseUrl = process.env.DATABASE_URL
+if (!databaseUrl) {
+  throw new Error('Missing DATABASE_URL environment variable')
+}
+
+const pool = new PrismaPg({ connectionString: databaseUrl })
 export const prisma = new PrismaClient({ adapter: pool })

deployment-platforms/rest-express-docker-aws-ec2/src/routes/post.routes.ts

@@ -4,6 +4,15 @@ import { prisma } from '../lib/prisma'
 
 export const postRouter = Router()
 
+function parsePostId(id: string | string[], res: Response): number | null {
+  const postId = Number(id)
+  if (!Number.isInteger(postId) || postId <= 0) {
+    res.status(400).json({ error: `Invalid post ID: ${id}` })
+    return null
+  }
+  return postId
+}
+
 // GET /feed — all published posts
 postRouter.get('/feed', async (_req: Request, res: Response) => {
   const posts = await prisma.post.findMany({
@@ -15,25 +24,25 @@ postRouter.get('/feed', async (_req: Request, res: Response) => {
 
 // GET /post/:id — single post by id
 postRouter.get('/post/:id', async (req: Request, res: Response) => {
-  const { id } = req.params
-  const postId = Number(id)
-  if (!Number.isInteger(postId)) {
-    res.status(400).json({ error: `Invalid post ID: ${id}` })
-    return
-  }
+  const postId = parsePostId(req.params.id, res)
+  if (postId === null) return
   const post = await prisma.post.findUnique({
     where: { id: postId },
   })
   if (!post) {
-    res.status(404).json({ error: `Post with ID ${id} not found` })
+    res.status(404).json({ error: `Post with ID ${req.params.id} not found` })
     return
   }
   res.json(post)
 })
 
 // POST /post — create post
 postRouter.post('/post', async (req: Request, res: Response) => {
-  const { title, content, authorEmail } = req.body
+  const { title, authorEmail, content } = req.body
+  if (!title || !authorEmail) {
+    res.status(400).json({ error: 'title and authorEmail are required' })
+    return
+  }
   const post = await prisma.post.create({
     data: {
       title,
@@ -46,12 +55,8 @@ postRouter.post('/post', async (req: Request, res: Response) => {
 
 // PUT /publish/:id — publish a post
 postRouter.put('/publish/:id', async (req: Request, res: Response) => {
-  const { id } = req.params
-  const postId = Number(id)
-  if (!Number.isInteger(postId)) {
-    res.status(400).json({ error: `Invalid post ID: ${id}` })
-    return
-  }
+  const postId = parsePostId(req.params.id, res)
+  if (postId === null) return
   try {
     const post = await prisma.post.update({
       where: { id: postId },
@@ -63,7 +68,7 @@ postRouter.put('/publish/:id', async (req: Request, res: Response) => {
       error instanceof Prisma.PrismaClientKnownRequestError &&
       error.code === 'P2025'
     ) {
-      res.status(404).json({ error: `Post with ID ${id} not found` })
+      res.status(404).json({ error: `Post with ID ${req.params.id} not found` })
       return
     }
     res.status(500).json({ error: 'Internal server error' })
@@ -72,12 +77,8 @@ postRouter.put('/publish/:id', async (req: Request, res: Response) => {
 
 // DELETE /post/:id — delete post
 postRouter.delete('/post/:id', async (req: Request, res: Response) => {
-  const { id } = req.params
-  const postId = Number(id)
-  if (!Number.isInteger(postId)) {
-    res.status(400).json({ error: `Invalid post ID: ${id}` })
-    return
-  }
+  const postId = parsePostId(req.params.id, res)
+  if (postId === null) return
   try {
     const post = await prisma.post.delete({
       where: { id: postId },
@@ -88,7 +89,7 @@ postRouter.delete('/post/:id', async (req: Request, res: Response) => {
       error instanceof Prisma.PrismaClientKnownRequestError &&
       error.code === 'P2025'
     ) {
-      res.status(404).json({ error: `Post with ID ${id} not found` })
+      res.status(404).json({ error: `Post with ID ${req.params.id} not found` })
       return
     }
     res.status(500).json({ error: 'Internal server error' })

deployment-platforms/rest-express-docker-aws-ec2/src/routes/user.routes.ts

@@ -1,13 +1,33 @@
 import { Router, Request, Response } from 'express'
+import { Prisma } from '../../prisma/generated/client'
 import { prisma } from '../lib/prisma'
 
 export const userRouter = Router()
 
 // POST /user — create user
 userRouter.post('/user', async (req: Request, res: Response) => {
   const { email, name } = req.body
-  const user = await prisma.user.create({
-    data: { email, name },
-  })
-  res.json(user)
+  if (!email) {
+    res.status(400).json({ error: 'email is required' })
+    return
+  }
+  if (typeof email !== 'string' || !email.includes('@')) {
+    res.status(400).json({ error: 'email must be a valid email address' })
+    return
+  }
+  try {
+    const user = await prisma.user.create({
+      data: { email, name },
+    })
+    res.json(user)
+  } catch (error: unknown) {
+    if (
+      error instanceof Prisma.PrismaClientKnownRequestError &&
+      error.code === 'P2002'
+    ) {
+      res.status(409).json({ error: `Email ${email} is already in use` })
+      return
+    }
+    res.status(500).json({ error: 'Internal server error' })
+  }
 })