From a5f99ba47500f7a7d119b4b4f2ac90d5905629d1 Mon Sep 17 00:00:00 2001
From: Nico <Nico>
Date: Mon, 16 Feb 2026 01:20:45 -0800
Subject: [PATCH] fix: normalize frontend api errors and remove sensitive debug
 logs

---
 backend/app.js                                |  7 +++--
 backend/controllers/lists.controller.v2.js    |  1 -
 backend/models/list.model.v2.js               |  1 -
 backend/models/user.model.js                  | 10 +++----
 frontend/src/api/axios.js                     | 27 ++++++++++++-------
 .../components/manage/CreateJoinHousehold.jsx |  1 -
 6 files changed, 24 insertions(+), 23 deletions(-)

diff --git a/backend/app.js b/backend/app.js
index 0ee9485..07b2eb7 100644
--- a/backend/app.js
+++ b/backend/app.js
@@ -12,10 +12,9 @@ app.use(express.json());
 // Serve static files from public directory
 app.use('/test', express.static(path.join(__dirname, 'public')));
 
-const allowedOrigins = process.env.ALLOWED_ORIGINS.split(",").map(origin => origin.trim());
-console.log("Allowed Origins:", allowedOrigins);
-app.use(
-  cors({
+const allowedOrigins = process.env.ALLOWED_ORIGINS.split(",").map(origin => origin.trim());
+app.use(
+  cors({
     origin: function (origin, callback) {
       if (!origin) return callback(null, true);
       if (allowedOrigins.includes(origin)) return callback(null, true);
diff --git a/backend/controllers/lists.controller.v2.js b/backend/controllers/lists.controller.v2.js
index 41ccf7d..174c96a 100644
--- a/backend/controllers/lists.controller.v2.js
+++ b/backend/controllers/lists.controller.v2.js
@@ -100,7 +100,6 @@ exports.markBought = async (req, res) => {
     if (!item_name) return res.status(400).json({ message: "Item name is required" });
 
     const item = await List.getItemByName(householdId, storeId, item_name);
-    console.log('requesting mark  ', { item, householdId, storeId, item_name, bought, quantity_bought });
     if (!item) return res.status(404).json({ message: "Item not found" });
 
 
diff --git a/backend/models/list.model.v2.js b/backend/models/list.model.v2.js
index aa01a43..1b4173a 100644
--- a/backend/models/list.model.v2.js
+++ b/backend/models/list.model.v2.js
@@ -97,7 +97,6 @@ exports.getItemByName = async (householdId, storeId, itemName) => {
       AND hl.item_id = $3`,
     [householdId, storeId, itemId]
   );
-  console.log(result.rows);
   return result.rows[0] || null;
 };
 
diff --git a/backend/models/user.model.js b/backend/models/user.model.js
index 633aebe..6d55380 100644
--- a/backend/models/user.model.js
+++ b/backend/models/user.model.js
@@ -5,12 +5,10 @@ exports.ROLES = {
   USER: "user",
 }
 
-exports.findByUsername = async (username) => {
-  query = `SELECT * FROM users WHERE username = ${username}`;
-  const result = await pool.query("SELECT * FROM users WHERE username = $1", [username]);
-  console.log(query);
-  return result.rows[0];
-};
+exports.findByUsername = async (username) => {
+  const result = await pool.query("SELECT * FROM users WHERE username = $1", [username]);
+  return result.rows[0];
+};
 
 exports.createUser = async (username, hashedPassword, name) => {
   const result = await pool.query(
diff --git a/frontend/src/api/axios.js b/frontend/src/api/axios.js
index bee1254..be106aa 100644
--- a/frontend/src/api/axios.js
+++ b/frontend/src/api/axios.js
@@ -16,17 +16,24 @@ api.interceptors.request.use((config => {
   return config;
 }));
 
-api.interceptors.response.use(
-  response => response,
-  error => {
-    if (error.response?.status === 401 &&
-      error.response?.data?.message === "Invalid or expired token") {
-      localStorage.removeItem("token");
-      window.location.href = "/login";
-      alert("Your session has expired. Please log in again.");
-    }
+api.interceptors.response.use(
+  response => response,
+  error => {
+    const payload = error.response?.data;
+    const normalizedMessage = payload?.error?.message || payload?.message;
+
+    if (payload?.error?.message && payload.message === undefined) {
+      payload.message = payload.error.message;
+    }
+
+    if (error.response?.status === 401 &&
+      normalizedMessage === "Invalid or expired token") {
+      localStorage.removeItem("token");
+      window.location.href = "/login";
+      alert("Your session has expired. Please log in again.");
+    }
     return Promise.reject(error);
   }
 );
 
-export default api;
\ No newline at end of file
+export default api;
diff --git a/frontend/src/components/manage/CreateJoinHousehold.jsx b/frontend/src/components/manage/CreateJoinHousehold.jsx
index a1bf909..ffb43e6 100644
--- a/frontend/src/components/manage/CreateJoinHousehold.jsx
+++ b/frontend/src/components/manage/CreateJoinHousehold.jsx
@@ -38,7 +38,6 @@ export default function CreateJoinHousehold({ onClose }) {
     setError("");
 
     try {
-      console.log("Joining household with invite code:", inviteCode);
       await joinHousehold(inviteCode);
       await refreshHouseholds();
       onClose();