fix(webapp): wrap admin.notifications archive/delete/publish handlers in try/catch

d-cs · d-cs · commit 6b877bc73d5c · 2026-05-08T10:47:00.000+01:00
The three Prisma-backed dashboard action helpers (archivePlatformNotification, deletePlatformNotification, publishNowPlatformNotification) throw on underlying DB errors. Without try/catch in the route handler, the throw escapes to Remix's default action error response, which serialises message + stack into the JSON body — exposing server-side details and absolute build paths to the dashboard caller.

Wrap each handler in try/catch with logger.error + a generic 500 typedjson body, matching the pattern already used by handleCreateAction and handleEditAction in the same file.
diff --git a/apps/webapp/app/routes/admin.notifications.tsx b/apps/webapp/app/routes/admin.notifications.tsx
@@ -251,8 +251,13 @@ async function handleArchiveAction(formData: FormData) {
     return typedjson({ error: "Missing notificationId" }, { status: 400 });
   }
 
-  await archivePlatformNotification(notificationId);
-  return typedjson({ success: true });
+  try {
+    await archivePlatformNotification(notificationId);
+    return typedjson({ success: true });
+  } catch (error) {
+    logger.error("Failed to archive platform notification", { error });
+    return typedjson({ error: "Failed to archive notification" }, { status: 500 });
+  }
 }
 
 async function handleDeleteAction(formData: FormData) {
@@ -261,8 +266,13 @@ async function handleDeleteAction(formData: FormData) {
     return typedjson({ error: "Missing notificationId" }, { status: 400 });
   }
 
-  await deletePlatformNotification(notificationId);
-  return typedjson({ success: true });
+  try {
+    await deletePlatformNotification(notificationId);
+    return typedjson({ success: true });
+  } catch (error) {
+    logger.error("Failed to delete platform notification", { error });
+    return typedjson({ error: "Failed to delete notification" }, { status: 500 });
+  }
 }
 
 async function handlePublishNowAction(formData: FormData) {
@@ -271,8 +281,13 @@ async function handlePublishNowAction(formData: FormData) {
     return typedjson({ error: "Missing notificationId" }, { status: 400 });
   }
 
-  await publishNowPlatformNotification(notificationId);
-  return typedjson({ success: true });
+  try {
+    await publishNowPlatformNotification(notificationId);
+    return typedjson({ success: true });
+  } catch (error) {
+    logger.error("Failed to publish platform notification", { error });
+    return typedjson({ error: "Failed to publish notification" }, { status: 500 });
+  }
 }
 
 async function handleEditAction(formData: FormData) {
