From 128f227c0519276398cd6fd2939041c0cbd465a3 Mon Sep 17 00:00:00 2001 From: HabeSoftware Rockin' Bot Date: Mon, 6 Apr 2026 12:20:29 -0500 Subject: [PATCH 1/3] thehabes-work: implement #257 Generated via Full Stack Developer by HabeSoftware --- controllers/delete.js | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/controllers/delete.js b/controllers/delete.js index f6f38fe3..22e05f24 100644 --- a/controllers/delete.js +++ b/controllers/delete.js @@ -10,23 +10,22 @@ import { getAgentClaim, parseDocumentID, getAllVersions, getAllDescendants } fro /** * Mark an object as deleted in the database. - * Support /v1/delete/{id}. Note this is not v1/api/delete, that is not possible (XHR does not support DELETE with body) - * Note /v1/delete/{blank} does not route here. It routes to the generic 404. - * Respond RESTfully - * - * The user may be trying to call /delete and pass in the obj in the body. XHR does not support bodies in delete. - * If there is no id parameter, this is a 400 - * - * If there is an id parameter, we ignore body, and continue with that id - * - * */ + * Support DELETE /v1/api/delete/:_id. + * DELETE requests do not carry a body (XHR does not support DELETE with body), + * so the ID must come from the route parameter. + * Respond RESTfully. + * + * @param {import('express').Request} req - Express request with req.params._id + * @param {import('express').Response} res - Express response + * @param {import('express').NextFunction} next - Express next middleware + */ const deleteObj = async function(req, res, next) { - let id + const id = req.params["_id"] let err = { message: `` } - try { - id = req.params["_id"] ?? parseDocumentID(JSON.parse(JSON.stringify(req.body))["@id"]) ?? parseDocumentID(JSON.parse(JSON.stringify(req.body))["id"]) - } catch(error){ - return next(utils.createExpressError(error)) + if (!id) { + err.message = "The object's id is required in the URL. DELETE does not support request bodies." + err.status = 400 + return next(utils.createExpressError(err)) } let agentRequestingDelete = getAgentClaim(req, next) if (!agentRequestingDelete) return From e675c1a70e2f5d3e358602b3e9fd2e33370750ae Mon Sep 17 00:00:00 2001 From: Bryan Haberberger Date: Wed, 6 May 2026 10:06:57 -0500 Subject: [PATCH 2/3] get this through --- controllers/delete.js | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/controllers/delete.js b/controllers/delete.js index 22e05f24..4e66ecbb 100644 --- a/controllers/delete.js +++ b/controllers/delete.js @@ -4,20 +4,17 @@ * Delete operations for RERUM v1 * @author Claude Sonnet 4, cubap, thehabes */ -import { newID, isValidID, db } from '../database/index.js' +import { db } from '../database/index.js' import utils from '../utils.js' import { getAgentClaim, parseDocumentID, getAllVersions, getAllDescendants } from './utils.js' /** * Mark an object as deleted in the database. - * Support DELETE /v1/api/delete/:_id. + * Support DELETE /v1/api/delete/:\_id. + * Also handles DELETE /v1/api/delete/ (no ID) with a 400 response. * DELETE requests do not carry a body (XHR does not support DELETE with body), * so the ID must come from the route parameter. * Respond RESTfully. - * - * @param {import('express').Request} req - Express request with req.params._id - * @param {import('express').Response} res - Express response - * @param {import('express').NextFunction} next - Express next middleware */ const deleteObj = async function(req, res, next) { const id = req.params["_id"] From 4f278c9ef6f2b3501fcd5498ec902225443b2355 Mon Sep 17 00:00:00 2001 From: Bryan Haberberger Date: Wed, 6 May 2026 10:12:15 -0500 Subject: [PATCH 3/3] Get this through --- controllers/delete.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controllers/delete.js b/controllers/delete.js index 4e66ecbb..b54ecf7d 100644 --- a/controllers/delete.js +++ b/controllers/delete.js @@ -10,7 +10,7 @@ import { getAgentClaim, parseDocumentID, getAllVersions, getAllDescendants } fro /** * Mark an object as deleted in the database. - * Support DELETE /v1/api/delete/:\_id. + * Support DELETE /v1/api/delete/:_id. * Also handles DELETE /v1/api/delete/ (no ID) with a 400 response. * DELETE requests do not carry a body (XHR does not support DELETE with body), * so the ID must come from the route parameter.