Commit Graph

4 Commits

Author SHA1 Message Date
julien 96da68e18e chore(deps): upgrade to Express 5 and remove redundant middleware
- Express 4 → 5.2.1
- Remove method-override (unused with Angular HttpClient) and errorhandler (superseded by exceptions.handler.js)
- Remove asyncHandler wrapper from all controllers — Express 5 propagates async rejections natively
- Remove body-parser (redundant, Express 5 includes it internally)
- Patch/minor updates: cors, dotenv, ejs, express-jwt, express-session, jsonwebtoken, morgan, mysql2, sequelize, underscore
- Dev updates: eslint 9.0→9.39, nodemon 2→3, globals, sequelize-cli
- Fix getUser endpoint to include SkydiverProfile data in response
- docs: add ADR 0013, update README
2026-05-01 20:42:39 +02:00
julien 61cdec00e7 feat(validation): introduce express-validator on CMS user and article endpoints
Replaces the broken fieldValidation helper (called next() without return,
so execution continued on invalid input) with express-validator chains
applied at the route level. Validation covers: email format, username
constraints, password min length, field lengths, URL and phone formats.
products and tags controllers retain their local fieldValidation pending
a separate ecommerce validation pass.
2026-04-26 22:06:28 +02:00
julien a27b8018b1 fix(users): restrict role updates to Admin users only
Any authenticated user could previously call PUT /update/role and
escalate their own role to Admin. The endpoint now returns 403 if
the requesting user is not already an Admin.
2026-04-26 20:32:37 +02:00
julien 4c765945b3 refactor(naming): harmonize controller and route file names
- Delete product.controller.js, merge unique functions into products.controller.js
- Rename user.controller.js → users.controller.js, user.routes.js → users.routes.js
- Remove dead herowars/herowars.routes.js reference from herowars index
- Update all import paths accordingly
2026-04-26 00:39:29 +02:00