From 6afdb4fcdd4b7075ff975e3046a256f288e206c5 Mon Sep 17 00:00:00 2001
From: Spacelord <git@spacelord.de>
Date: Mon, 15 May 2023 19:07:13 +0200
Subject: [PATCH] Added validation for category api route.

---
 src/routes/api/v1/categories.ts | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/src/routes/api/v1/categories.ts b/src/routes/api/v1/categories.ts
index 040c146..6e11beb 100644
--- a/src/routes/api/v1/categories.ts
+++ b/src/routes/api/v1/categories.ts
@@ -19,7 +19,7 @@ function get(req: Request, res: Response) {
 			if (item) {
 				res.status(200).json(JSON.stringify(item));
 			} else {
-				res.status(410).json({error: 'Item does not exist'});
+				res.status(410).json({ error: 'Category does not exist.' });
 			}
 		})
 		.catch((err) => {
@@ -83,13 +83,30 @@ function patch(req: Request, res: Response) {
 }
 
 // Delete category.
-function del(req: Request, res: Response) {
+async function del(req: Request, res: Response) {
 	// Check if required fields are present.
 	if (!req.body.id) {
 		res.status(400).render(__path + '/src/frontend/errors/400.eta.html');
 		return;
 	}
 
+	// Does the id exist? If not return 410 Gone.
+	try {
+		const result = await prisma.itemCategory.findUnique({
+			where: {
+				id: parseInt(req.body.id)
+			}
+		});
+
+		if (result === null) {
+			res.status(410).json({ error: 'Category does not exist.' });
+			return;
+		}
+	} catch (err) {
+		log.db.error(err);
+		res.status(500).render(__path + '/src/frontend/errors/dbError.eta.html', { error: err });
+	}
+
 	prisma.itemCategory
 		.delete({
 			where: {
@@ -100,7 +117,6 @@ function del(req: Request, res: Response) {
 			res.status(201).json({ status: 'deleted' });
 		})
 		.catch((err) => {
-			// TODO Catch if is a duplicate error and show a message to the user
 			log.db.error(err);
 			res.status(500).render(__path + '/src/frontend/errors/dbError.eta.html', { error: err });
 		});