fix: normalize frontend api errors and remove sensitive debug logs

2026-02-16 01:20:45 -08:00 · 2026-02-16 01:20:45 -08:00 · a5f99ba475
commit a5f99ba475
parent ac92bed8a1
6 changed files with 24 additions and 23 deletions
--- a/backend/app.js
+++ b/backend/app.js
@ -12,10 +12,9 @@ app.use(express.json());
 // Serve static files from public directory
 app.use('/test', express.static(path.join(__dirname, 'public')));
-const allowedOrigins = process.env.ALLOWED_ORIGINS.split(",").map(origin => origin.trim());
+const allowedOrigins = process.env.ALLOWED_ORIGINS.split(",").map(origin => origin.trim());
-console.log("Allowed Origins:", allowedOrigins);
+app.use(
-app.use(
+  cors({
  cors({
    origin: function (origin, callback) {
      if (!origin) return callback(null, true);
      if (allowedOrigins.includes(origin)) return callback(null, true);
--- a/backend/controllers/lists.controller.v2.js
+++ b/backend/controllers/lists.controller.v2.js
@ -100,7 +100,6 @@ exports.markBought = async (req, res) => {
    if (!item_name) return res.status(400).json({ message: "Item name is required" });
    const item = await List.getItemByName(householdId, storeId, item_name);
    console.log('requesting mark  ', { item, householdId, storeId, item_name, bought, quantity_bought });
    if (!item) return res.status(404).json({ message: "Item not found" });
--- a/backend/models/list.model.v2.js
+++ b/backend/models/list.model.v2.js
@ -97,7 +97,6 @@ exports.getItemByName = async (householdId, storeId, itemName) => {
      AND hl.item_id = $3`,
    [householdId, storeId, itemId]
  );
  console.log(result.rows);
  return result.rows[0] || null;
 };
--- a/backend/models/user.model.js
+++ b/backend/models/user.model.js
@ -5,12 +5,10 @@ exports.ROLES = {
  USER: "user",
 }
-exports.findByUsername = async (username) => {
+exports.findByUsername = async (username) => {
-  query = `SELECT * FROM users WHERE username = ${username}`;
+  const result = await pool.query("SELECT * FROM users WHERE username = $1", [username]);
-  const result = await pool.query("SELECT * FROM users WHERE username = $1", [username]);
+  return result.rows[0];
-  console.log(query);
+};
  return result.rows[0];
 };
 exports.createUser = async (username, hashedPassword, name) => {
  const result = await pool.query(
--- a/frontend/src/api/axios.js
+++ b/frontend/src/api/axios.js
@ -16,17 +16,24 @@ api.interceptors.request.use((config => {
  return config;
 }));
-api.interceptors.response.use(
+api.interceptors.response.use(
-  response => response,
+  response => response,
-  error => {
+  error => {
-    if (error.response?.status === 401 &&
+    const payload = error.response?.data;
-      error.response?.data?.message === "Invalid or expired token") {
+    const normalizedMessage = payload?.error?.message || payload?.message;
-      localStorage.removeItem("token");
+
-      window.location.href = "/login";
+    if (payload?.error?.message && payload.message === undefined) {
-      alert("Your session has expired. Please log in again.");
+      payload.message = payload.error.message;
-    }
+    }
    if (error.response?.status === 401 &&
      normalizedMessage === "Invalid or expired token") {
      localStorage.removeItem("token");
      window.location.href = "/login";
      alert("Your session has expired. Please log in again.");
    }
    return Promise.reject(error);
  }
 );
-export default api;
+export default api;
--- a/frontend/src/components/manage/CreateJoinHousehold.jsx
+++ b/frontend/src/components/manage/CreateJoinHousehold.jsx
@ -38,7 +38,6 @@ export default function CreateJoinHousehold({ onClose }) {
    setError("");
    try {
      console.log("Joining household with invite code:", inviteCode);
      await joinHousehold(inviteCode);
      await refreshHouseholds();
      onClose();