Improve security and error handling in backend functions

Update Supabase functions for cancel-email-change, detect-location, send-escalation-notification, and upload-image to enhance security and implement robust error handling.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: a46bc7a0-bbf8-43ab-97c0-a58c66c2e365
Replit-Commit-Checkpoint-Type: intermediate_checkpoint

supabase/functions/detect-location/index.ts

@@ -25,17 +25,29 @@ serve(async (req) => {
     
     console.log('Detecting location for IP:', clientIP);
 
-    // Use a free IP geolocation service
-    const geoResponse = await fetch(`http://ip-api.com/json/${clientIP}?fields=status,country,countryCode`);
-    
-    if (!geoResponse.ok) {
-      throw new Error('Failed to fetch location data');
+    // Use a free IP geolocation service with proper error handling
+    let geoResponse;
+    try {
+      geoResponse = await fetch(`http://ip-api.com/json/${clientIP}?fields=status,country,countryCode`);
+    } catch (fetchError) {
+      console.error('Network error fetching location data:', fetchError);
+      throw new Error('Network error: Unable to reach geolocation service');
     }
     
-    const geoData = await geoResponse.json();
+    if (!geoResponse.ok) {
+      throw new Error(`Geolocation service returned ${geoResponse.status}: ${geoResponse.statusText}`);
+    }
+    
+    let geoData;
+    try {
+      geoData = await geoResponse.json();
+    } catch (parseError) {
+      console.error('Failed to parse geolocation response:', parseError);
+      throw new Error('Invalid response format from geolocation service');
+    }
     
     if (geoData.status !== 'success') {
-      throw new Error('Invalid location data received');
+      throw new Error(`Geolocation failed: ${geoData.message || 'Invalid location data'}`);
     }
 
     // Countries that primarily use imperial system