Skip to content

Update /delete controller expectations#263

Merged
thehabes merged 3 commits intomainfrom
full-stack-issue257-5675d0c
May 6, 2026
Merged

Update /delete controller expectations#263
thehabes merged 3 commits intomainfrom
full-stack-issue257-5675d0c

Conversation

@habesoftware-claude-connector
Copy link
Copy Markdown
Contributor

@habesoftware-claude-connector habesoftware-claude-connector Bot commented Apr 6, 2026
edited by thehabes
Loading

Closes #257.

Removes the unreachable req.body fallback in the delete controller and tightens the surrounding error handling.

Changes

  • controllers/delete.js
    • Drop the JSON.parse(JSON.stringify(req.body)) round-trip and parseDocumentID(...) chain that pulled @id/id from the request body. DELETE requests cannot carry a body (XHR limitation, also called out in the prior comments), and the route already requires :_id, so this branch was dead code.
    • Replace the swallowed try/catch around the ID extraction with an explicit early return: when req.params._id is missing (the DELETE /v1/api/delete/ route case), respond 400 with a clear message instead of relying on incidental JSON-parse failure.
    • Drop the now-unused newID and isValidID imports from database/index.js. parseDocumentID remains imported — healHistoryTree still uses it.
    • Update the JSDoc to accurately describe the route shapes the controller serves.

Before

let id
let err = { message: `` }
try {
    id = req.params["_id"]
        ?? parseDocumentID(JSON.parse(JSON.stringify(req.body))["@id"])
        ?? parseDocumentID(JSON.parse(JSON.stringify(req.body))["id"])
} catch(error){
    return next(utils.createExpressError(error))
}

After

const id = req.params["_id"]
let err = { message: `` }
if (!id) {
    err.message = "The object's id is required in the URL. DELETE does not support request bodies."
    err.status = 400
    return next(utils.createExpressError(err))
}

Verification

Manually exercised against a local pm2 cluster:

Scenario Expected Result
DELETE /v1/api/delete (no id) 400 + new message ✅ 400
DELETE /v1/api/delete/ (trailing slash) 400 + new message ✅ 400
POST /v1/api/create then DELETE /v1/api/delete/:_id 204 ✅ 204
DELETE same id again 403 already-deleted ✅ 403
DELETE non-existent id 404 ✅ 404
DELETE without Authorization 401 ✅ 401

The existing happy-path test in routes/__tests__/delete.test.js continues to apply. No behavioral change to the 204/403/404/401 paths.

Review all changes carefully before merging.

thehabes-work: implement #257
128f227 
Generated via Full Stack Developer by HabeSoftware
@habesoftware-claude-connector habesoftware-claude-connector Bot mentioned this pull request Apr 6, 2026
Closed
@thehabes thehabes changed the title Implement #257 Update /delete controller expectations May 6, 2026
@thehabes thehabes self-assigned this May 6, 2026
@thehabes thehabes marked this pull request as ready for review May 6, 2026 15:20
@thehabes thehabes requested review from cubap and thehabes as code owners May 6, 2026 15:20
@thehabes thehabes merged commit 0aa5537 into main May 6, 2026
3 checks passed
@thehabes thehabes deleted the full-stack-issue257-5675d0c branch May 6, 2026 15:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thehabes thehabes Awaiting requested review from thehabes thehabes is a code owner

@cubap cubap Awaiting requested review from cubap cubap is a code owner

Assignees

@thehabes thehabes

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Remove unreachable req.body fallback from delete controller

1 participant

@thehabes