Improve error handling and environment configuration across the application

Enhance input validation, update environment variable usage for Supabase and Turnstile, and refine image upload and auth logic for better robustness and developer experience. Replit-Commit-Author: Agent Replit-Commit-Session-Id: cb061c75-702e-4b89-a8d1-77a96cdcdfbb Replit-Commit-Checkpoint-Type: intermediate_checkpoint Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/7cdf4e95-3f41-4180-b8e3-8ef56d032c0e/cb061c75-702e-4b89-a8d1-77a96cdcdfbb/ANdRXVZ
2025-12-20 10:11:13 -05:00 · 2025-10-07 14:42:22 +00:00
parent 01c2df62a8
commit 1addcbc0dd
8 changed files with 412 additions and 116 deletions
--- a/supabase/functions/upload-image/index.ts
+++ b/supabase/functions/upload-image/index.ts
@@ -55,11 +55,24 @@ serve(async (req) => {
      }

      // Delete image from Cloudflare
-      const { imageId } = await req.json()
-      
-      if (!imageId) {
+      let requestBody;
+      try {
+        requestBody = await req.json();
+      } catch (error) {
        return new Response(
-          JSON.stringify({ error: 'Image ID is required for deletion' }),
+          JSON.stringify({ error: 'Invalid JSON in request body' }),
+          { 
+            status: 400, 
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' } 
+          }
+        )
+      }
+
+      const { imageId } = requestBody;
+      
+      if (!imageId || typeof imageId !== 'string' || imageId.trim() === '') {
+        return new Response(
+          JSON.stringify({ error: 'imageId is required and must be a non-empty string' }),
          { 
            status: 400, 
            headers: { ...corsHeaders, 'Content-Type': 'application/json' } 
@@ -103,7 +116,25 @@ serve(async (req) => {

    if (req.method === 'POST') {
      // Request a direct upload URL from Cloudflare
-      const { metadata = {}, variant = 'public', requireSignedURLs = false } = await req.json().catch(() => ({}))
+      let requestBody;
+      try {
+        requestBody = await req.json();
+      } catch (error) {
+        requestBody = {};
+      }
+
+      // Validate request body structure
+      if (requestBody && typeof requestBody !== 'object') {
+        return new Response(
+          JSON.stringify({ error: 'Request body must be a valid JSON object' }),
+          { 
+            status: 400, 
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' } 
+          }
+        )
+      }
+
+      const { metadata = {}, variant = 'public', requireSignedURLs = false } = requestBody;

      // Create FormData for the request (Cloudflare API requires multipart/form-data)
      const formData = new FormData()
@@ -159,9 +190,9 @@ serve(async (req) => {
      const url = new URL(req.url)
      const imageId = url.searchParams.get('id')
      
-      if (!imageId) {
+      if (!imageId || imageId.trim() === '') {
        return new Response(
-          JSON.stringify({ error: 'Image ID is required' }),
+          JSON.stringify({ error: 'id query parameter is required and must be non-empty' }),
          { 
            status: 400, 
            headers: { ...corsHeaders, 'Content-Type': 'application/json' }