streamflow/backend/utils/routeProtection.js

/**
 * Route Protection Utility
 * Ensures all routes have proper error handling (CWE-391 compliance)
 * Wraps database callbacks and async operations with error handlers
 */

const logger = require('./logger');
const { sanitizeError } = require('./errorHandler');

/**
 * Wrap database callback to ensure errors are caught
 * 
 * @param {Function} callback - Database callback function
 * @param {Object} res - Express response object
 * @param {string} context - Context for error logging
 * @returns {Function} Wrapped callback
 */
function wrapDbCallback(callback, res, context = 'Database operation') {
  return function(err, ...args) {
    if (err) {
      logger.error(`${context} error:`, {
        error: err.message,
        stack: err.stack,
        context
      });
      
      const sanitized = sanitizeError(err);
      return res.status(500).json({
        error: sanitized.message,
        code: sanitized.code,
        timestamp: new Date().toISOString()
      });
    }
    
    try {
      return callback(err, ...args);
    } catch (callbackError) {
      logger.error(`${context} callback error:`, {
        error: callbackError.message,
        stack: callbackError.stack,
        context
      });
      
      const sanitized = sanitizeError(callbackError);
      return res.status(500).json({
        error: sanitized.message,
        code: sanitized.code,
        timestamp: new Date().toISOString()
      });
    }
  };
}

/**
 * Wrap sync route handler to catch any errors
 * 
 * @param {Function} handler - Route handler function
 * @returns {Function} Wrapped handler
 */
function wrapSyncHandler(handler) {
  return function(req, res, next) {
    try {
      return handler(req, res, next);
    } catch (error) {
      logger.error('Sync route handler error:', {
        error: error.message,
        stack: error.stack,
        method: req.method,
        path: req.path
      });
      
      next(error);
    }
  };
}

/**
 * Wrap async route handler to catch promise rejections
 * 
 * @param {Function} handler - Async route handler function
 * @returns {Function} Wrapped handler
 */
function wrapAsyncHandler(handler) {
  return function(req, res, next) {
    Promise.resolve(handler(req, res, next))
      .catch((error) => {
        logger.error('Async route handler error:', {
          error: error.message,
          stack: error.stack,
          method: req.method,
          path: req.path
        });
        
        next(error);
      });
  };
}

/**
 * Smart route wrapper - automatically detects and wraps handlers
 * 
 * @param {Function} handler - Route handler (sync or async)
 * @returns {Function} Wrapped handler
 */
function protectRoute(handler) {
  // Check if handler is async
  if (handler.constructor.name === 'AsyncFunction') {
    return wrapAsyncHandler(handler);
  }
  
  return wrapSyncHandler(handler);
}

/**
 * Protect all routes in a router
 * 
 * @param {Object} router - Express router
 * @param {Array} routes - Array of route definitions
 */
function protectAllRoutes(router, routes) {
  routes.forEach(({ method, path, middleware = [], handler }) => {
    const wrappedHandler = protectRoute(handler);
    router[method](path, ...middleware, wrappedHandler);
  });
}

/**
 * Create a safe database wrapper with automatic error handling
 * 
 * @param {Object} db - Database connection
 * @returns {Object} Wrapped database object
 */
function createSafeDb(db) {
  return {
    // Wrap db.run
    run: (sql, params, callback) => {
      try {
        return db.run(sql, params, (err, ...args) => {
          if (err) {
            logger.error('Database run error:', {
              error: err.message,
              sql: sql.substring(0, 100) // Log first 100 chars only
            });
          }
          if (callback) {
            try {
              return callback(err, ...args);
            } catch (callbackError) {
              logger.error('Database run callback error:', callbackError);
            }
          }
        });
      } catch (error) {
        logger.error('Database run exception:', error);
        if (callback) {
          callback(error);
        }
      }
    },
    
    // Wrap db.get
    get: (sql, params, callback) => {
      try {
        return db.get(sql, params, (err, ...args) => {
          if (err) {
            logger.error('Database get error:', {
              error: err.message,
              sql: sql.substring(0, 100)
            });
          }
          if (callback) {
            try {
              return callback(err, ...args);
            } catch (callbackError) {
              logger.error('Database get callback error:', callbackError);
            }
          }
        });
      } catch (error) {
        logger.error('Database get exception:', error);
        if (callback) {
          callback(error);
        }
      }
    },
    
    // Wrap db.all
    all: (sql, params, callback) => {
      try {
        return db.all(sql, params, (err, ...args) => {
          if (err) {
            logger.error('Database all error:', {
              error: err.message,
              sql: sql.substring(0, 100)
            });
          }
          if (callback) {
            try {
              return callback(err, ...args);
            } catch (callbackError) {
              logger.error('Database all callback error:', callbackError);
            }
          }
        });
      } catch (error) {
        logger.error('Database all exception:', error);
        if (callback) {
          callback(error);
        }
      }
    },
    
    // Pass through other methods
    close: (...args) => db.close(...args),
    serialize: (...args) => db.serialize(...args),
    parallelize: (...args) => db.parallelize(...args)
  };
}

module.exports = {
  wrapDbCallback,
  wrapSyncHandler,
  wrapAsyncHandler,
  protectRoute,
  protectAllRoutes,
  createSafeDb
};
Initial commit: StreamFlow IPTV platform 2025-12-17 00:42:43 +00:00			`/**`
			`* Route Protection Utility`
			`* Ensures all routes have proper error handling (CWE-391 compliance)`
			`* Wraps database callbacks and async operations with error handlers`
			`*/`

			`const logger = require('./logger');`
			`const { sanitizeError } = require('./errorHandler');`

			`/**`
			`* Wrap database callback to ensure errors are caught`
			`*`
			`* @param {Function} callback - Database callback function`
			`* @param {Object} res - Express response object`
			`* @param {string} context - Context for error logging`
			`* @returns {Function} Wrapped callback`
			`*/`
			`function wrapDbCallback(callback, res, context = 'Database operation') {`
			`return function(err, ...args) {`
			`if (err) {`
			logger.error(`${context} error:`, {
			`error: err.message,`
			`stack: err.stack,`
			`context`
			`});`

			`const sanitized = sanitizeError(err);`
			`return res.status(500).json({`
			`error: sanitized.message,`
			`code: sanitized.code,`
			`timestamp: new Date().toISOString()`
			`});`
			`}`

			`try {`
			`return callback(err, ...args);`
			`} catch (callbackError) {`
			logger.error(`${context} callback error:`, {
			`error: callbackError.message,`
			`stack: callbackError.stack,`
			`context`
			`});`

			`const sanitized = sanitizeError(callbackError);`
			`return res.status(500).json({`
			`error: sanitized.message,`
			`code: sanitized.code,`
			`timestamp: new Date().toISOString()`
			`});`
			`}`
			`};`
			`}`

			`/**`
			`* Wrap sync route handler to catch any errors`
			`*`
			`* @param {Function} handler - Route handler function`
			`* @returns {Function} Wrapped handler`
			`*/`
			`function wrapSyncHandler(handler) {`
			`return function(req, res, next) {`
			`try {`
			`return handler(req, res, next);`
			`} catch (error) {`
			`logger.error('Sync route handler error:', {`
			`error: error.message,`
			`stack: error.stack,`
			`method: req.method,`
			`path: req.path`
			`});`

			`next(error);`
			`}`
			`};`
			`}`

			`/**`
			`* Wrap async route handler to catch promise rejections`
			`*`
			`* @param {Function} handler - Async route handler function`
			`* @returns {Function} Wrapped handler`
			`*/`
			`function wrapAsyncHandler(handler) {`
			`return function(req, res, next) {`
			`Promise.resolve(handler(req, res, next))`
			`.catch((error) => {`
			`logger.error('Async route handler error:', {`
			`error: error.message,`
			`stack: error.stack,`
			`method: req.method,`
			`path: req.path`
			`});`

			`next(error);`
			`});`
			`};`
			`}`

			`/**`
			`* Smart route wrapper - automatically detects and wraps handlers`
			`*`
			`* @param {Function} handler - Route handler (sync or async)`
			`* @returns {Function} Wrapped handler`
			`*/`
			`function protectRoute(handler) {`
			`// Check if handler is async`
			`if (handler.constructor.name === 'AsyncFunction') {`
			`return wrapAsyncHandler(handler);`
			`}`

			`return wrapSyncHandler(handler);`
			`}`

			`/**`
			`* Protect all routes in a router`
			`*`
			`* @param {Object} router - Express router`
			`* @param {Array} routes - Array of route definitions`
			`*/`
			`function protectAllRoutes(router, routes) {`
			`routes.forEach(({ method, path, middleware = [], handler }) => {`
			`const wrappedHandler = protectRoute(handler);`
			`router[method](path, ...middleware, wrappedHandler);`
			`});`
			`}`

			`/**`
			`* Create a safe database wrapper with automatic error handling`
			`*`
			`* @param {Object} db - Database connection`
			`* @returns {Object} Wrapped database object`
			`*/`
			`function createSafeDb(db) {`
			`return {`
			`// Wrap db.run`
			`run: (sql, params, callback) => {`
			`try {`
			`return db.run(sql, params, (err, ...args) => {`
			`if (err) {`
			`logger.error('Database run error:', {`
			`error: err.message,`
			`sql: sql.substring(0, 100) // Log first 100 chars only`
			`});`
			`}`
			`if (callback) {`
			`try {`
			`return callback(err, ...args);`
			`} catch (callbackError) {`
			`logger.error('Database run callback error:', callbackError);`
			`}`
			`}`
			`});`
			`} catch (error) {`
			`logger.error('Database run exception:', error);`
			`if (callback) {`
			`callback(error);`
			`}`
			`}`
			`},`

			`// Wrap db.get`
			`get: (sql, params, callback) => {`
			`try {`
			`return db.get(sql, params, (err, ...args) => {`
			`if (err) {`
			`logger.error('Database get error:', {`
			`error: err.message,`
			`sql: sql.substring(0, 100)`
			`});`
			`}`
			`if (callback) {`
			`try {`
			`return callback(err, ...args);`
			`} catch (callbackError) {`
			`logger.error('Database get callback error:', callbackError);`
			`}`
			`}`
			`});`
			`} catch (error) {`
			`logger.error('Database get exception:', error);`
			`if (callback) {`
			`callback(error);`
			`}`
			`}`
			`},`

			`// Wrap db.all`
			`all: (sql, params, callback) => {`
			`try {`
			`return db.all(sql, params, (err, ...args) => {`
			`if (err) {`
			`logger.error('Database all error:', {`
			`error: err.message,`
			`sql: sql.substring(0, 100)`
			`});`
			`}`
			`if (callback) {`
			`try {`
			`return callback(err, ...args);`
			`} catch (callbackError) {`
			`logger.error('Database all callback error:', callbackError);`
			`}`
			`}`
			`});`
			`} catch (error) {`
			`logger.error('Database all exception:', error);`
			`if (callback) {`
			`callback(error);`
			`}`
			`}`
			`},`

			`// Pass through other methods`
			`close: (...args) => db.close(...args),`
			`serialize: (...args) => db.serialize(...args),`
			`parallelize: (...args) => db.parallelize(...args)`
			`};`
			`}`

			`module.exports = {`
			`wrapDbCallback,`
			`wrapSyncHandler,`
			`wrapAsyncHandler,`
			`protectRoute,`
			`protectAllRoutes,`
			`createSafeDb`
			`};`