Improve security and error handling in backend functions

Update Supabase functions for cancel-email-change, detect-location, send-escalation-notification, and upload-image to enhance security and implement robust error handling. Replit-Commit-Author: Agent Replit-Commit-Session-Id: a46bc7a0-bbf8-43ab-97c0-a58c66c2e365 Replit-Commit-Checkpoint-Type: intermediate_checkpoint
2025-12-20 09:51:13 -05:00 · 2025-10-08 12:06:35 +00:00
parent ccea99fecd
commit 0b57cba16f
4 changed files with 132 additions and 44 deletions
--- a/supabase/functions/upload-image/index.ts
+++ b/supabase/functions/upload-image/index.ts
@@ -111,17 +111,41 @@ serve(async (req) => {
        )
      }

-      const deleteResponse = await fetch(
-        `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_ACCOUNT_ID}/images/v1/${imageId}`,
-        {
-          method: 'DELETE',
-          headers: {
-            'Authorization': `Bearer ${CLOUDFLARE_IMAGES_API_TOKEN}`,
-          },
-        }
-      )
+      let deleteResponse;
+      try {
+        deleteResponse = await fetch(
+          `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_ACCOUNT_ID}/images/v1/${imageId}`,
+          {
+            method: 'DELETE',
+            headers: {
+              'Authorization': `Bearer ${CLOUDFLARE_IMAGES_API_TOKEN}`,
+            },
+          }
+        )
+      } catch (fetchError) {
+        console.error('Network error deleting image:', fetchError)
+        return new Response(
+          JSON.stringify({ error: 'Network error: Unable to reach Cloudflare Images API' }),
+          { 
+            status: 500, 
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' } 
+          }
+        )
+      }

-      const deleteResult = await deleteResponse.json()
+      let deleteResult;
+      try {
+        deleteResult = await deleteResponse.json()
+      } catch (parseError) {
+        console.error('Failed to parse Cloudflare delete response:', parseError)
+        return new Response(
+          JSON.stringify({ error: 'Invalid response from Cloudflare Images API' }),
+          { 
+            status: 500, 
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' } 
+          }
+        )
+      }

      if (!deleteResponse.ok) {
        console.error('Cloudflare delete error:', deleteResult)
@@ -235,18 +259,42 @@ serve(async (req) => {
        formData.append('metadata', JSON.stringify(metadata))
      }

-      const directUploadResponse = await fetch(
-        `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_ACCOUNT_ID}/images/v2/direct_upload`,
-        {
-          method: 'POST',
-          headers: {
-            'Authorization': `Bearer ${CLOUDFLARE_IMAGES_API_TOKEN}`,
-          },
-          body: formData,
-        }
-      )
+      let directUploadResponse;
+      try {
+        directUploadResponse = await fetch(
+          `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_ACCOUNT_ID}/images/v2/direct_upload`,
+          {
+            method: 'POST',
+            headers: {
+              'Authorization': `Bearer ${CLOUDFLARE_IMAGES_API_TOKEN}`,
+            },
+            body: formData,
+          }
+        )
+      } catch (fetchError) {
+        console.error('Network error getting upload URL:', fetchError)
+        return new Response(
+          JSON.stringify({ error: 'Network error: Unable to reach Cloudflare Images API' }),
+          { 
+            status: 500, 
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' } 
+          }
+        )
+      }

-      const directUploadResult = await directUploadResponse.json()
+      let directUploadResult;
+      try {
+        directUploadResult = await directUploadResponse.json()
+      } catch (parseError) {
+        console.error('Failed to parse Cloudflare upload response:', parseError)
+        return new Response(
+          JSON.stringify({ error: 'Invalid response from Cloudflare Images API' }),
+          { 
+            status: 500, 
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' } 
+          }
+        )
+      }

      if (!directUploadResponse.ok) {
        console.error('Cloudflare direct upload error:', directUploadResult)
@@ -321,16 +369,40 @@ serve(async (req) => {
        )
      }

-      const imageResponse = await fetch(
-        `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_ACCOUNT_ID}/images/v1/${imageId}`,
-        {
-          headers: {
-            'Authorization': `Bearer ${CLOUDFLARE_IMAGES_API_TOKEN}`,
-          },
-        }
-      )
+      let imageResponse;
+      try {
+        imageResponse = await fetch(
+          `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_ACCOUNT_ID}/images/v1/${imageId}`,
+          {
+            headers: {
+              'Authorization': `Bearer ${CLOUDFLARE_IMAGES_API_TOKEN}`,
+            },
+          }
+        )
+      } catch (fetchError) {
+        console.error('Network error fetching image status:', fetchError)
+        return new Response(
+          JSON.stringify({ error: 'Network error: Unable to reach Cloudflare Images API' }),
+          { 
+            status: 500, 
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' } 
+          }
+        )
+      }

-      const imageResult = await imageResponse.json()
+      let imageResult;
+      try {
+        imageResult = await imageResponse.json()
+      } catch (parseError) {
+        console.error('Failed to parse Cloudflare image status response:', parseError)
+        return new Response(
+          JSON.stringify({ error: 'Invalid response from Cloudflare Images API' }),
+          { 
+            status: 500, 
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' } 
+          }
+        )
+      }

      if (!imageResponse.ok) {
        console.error('Cloudflare image status error:', imageResult)