From 35ededad1e2e877db9177aacc9925163fccab17e Mon Sep 17 00:00:00 2001
From: Thomas Lynch <tom@69420.me>
Date: Tue, 23 Feb 2021 13:55:01 +0000
Subject: [PATCH] catch possible bad object id body.params for more friendly
 error

---
 helpers/paramconverter.js | 62 ++++++++++++++++++++++-----------------
 1 file changed, 35 insertions(+), 27 deletions(-)

diff --git a/helpers/paramconverter.js b/helpers/paramconverter.js
index 5f8db22d..e1246046 100644
--- a/helpers/paramconverter.js
+++ b/helpers/paramconverter.js
@@ -81,27 +81,41 @@ module.exports = (req, res, next) => {
 		}
 	}
 
-	//convert checked reports to number
-	if (req.body.checkedposts) {
-		req.body.checkedposts = req.body.checkedposts.map(Number);
-	}
-	//convert checked global reports to mongoid
-	if (req.body.globalcheckedposts) {
-		req.body.globalcheckedposts = req.body.globalcheckedposts.map(ObjectId)
-	}
-	if (req.body.checkednews) {
-		req.body.checkednews = req.body.checkednews.map(ObjectId)
-	}
-	//convert checked bans to mongoid
-	if (req.body.checkedbans) {
-		req.body.checkedbans = req.body.checkedbans.map(ObjectId)
-	}
-/*
-	//convert checked reports to mongoid
-	if (req.body.checkedreports) {
-		req.body.checkedreports = req.body.checkedreports.map(ObjectId)
+	try {
+		//ids for newspost editing
+		if (req.params.newsid) {
+			req.params.newsid = ObjectId(req.params.newsid);
+		}
+		if (req.body.news_id) {
+			req.body.news_id = ObjectId(req.body.news_id);
+		}
+		//convert checked reports to number
+		if (req.body.checkedposts) {
+			req.body.checkedposts = req.body.checkedposts.map(Number);
+		}
+		//convert checked global reports to mongoid
+		if (req.body.globalcheckedposts) {
+			req.body.globalcheckedposts = req.body.globalcheckedposts.map(ObjectId)
+		}
+		if (req.body.checkednews) {
+			req.body.checkednews = req.body.checkednews.map(ObjectId)
+		}
+		//convert checked bans to mongoid
+		if (req.body.checkedbans) {
+			req.body.checkedbans = req.body.checkedbans.map(ObjectId)
+		}
+		/*
+		//convert checked reports to mongoid
+		if (req.body.checkedreports) {
+			req.body.checkedreports = req.body.checkedreports.map(ObjectId)
+		}
+		*/
+	} catch (e) {
+		return dynamicResponse(req, res, 400, 'message', {
+			'title': 'Bad request',
+			'message': 'Malformed input'
+		});
 	}
-*/
 
 	//convert duration string to time in ms
 	for (let i = 0; i < timeFields.length; i++) {
@@ -136,17 +150,11 @@ module.exports = (req, res, next) => {
 		}
 	}
 
-	//ids for newspost editing
-	if (req.params.newsid) {
-		req.params.newsid = ObjectId(req.params.newsid);
-	}
-	if (req.body.news_id) {
-		req.body.news_id = ObjectId(req.body.news_id);
-	}
 	//thread id
 	if (req.params.id) {
 		req.params.id = +req.params.id;
 	}
+
 	//moglog date
 	if (req.params.date) {
 		let [ month, day, year ] = req.params.date.split('-');