some secruity fixes

Author: hkittelberger

frontend/api/borrowManagement.js

@@ -118,7 +118,7 @@ export async function borrowHandler(req, res) {
           borrowId: newBorrowId
         });
       } catch (itemError) {
-        console.error(`Error processing item ${itemId}:`, itemError);
+        console.error(`Error processing item`, itemError);
         failedItems.push({ id: itemId, reason: 'Processing error' });
       }
     }
@@ -158,6 +158,11 @@ export async function returnHandler(req, res) {
   const { notes_id } = req.body;
   const { notes_content } = req.body;
 
+  if (!Array.isArray(notes_content)) {
+    console.error('notes_content is not an array');
+    return res.status(400).json({ error: 'notes_content must be an array' });
+  }
+
   try {
     // Arrays to keep track of items 
     const invalidItems = [];

frontend/api/email.js

@@ -12,6 +12,8 @@ import { query } from './db.js';
 
 const mailjet = Mailjet.apiConnect(process.env.MJ_APIKEY_PUBLIC, process.env.MJ_APIKEY_PRIVATE);
 
+const sendEmailAddr = "somerville.museum1@gmail.com"
+
 /* send the automatic borrow email */
 export async function handlesendBorrowedEmail(req, res) {
     if (req.method !== "POST") {
@@ -32,7 +34,7 @@ export async function handlesendBorrowedEmail(req, res) {
             Messages: [
                 {
                     From: {
-                        Email: "somerville.museum1@gmail.com",  // Replace with verified sender email
+                        Email: sendEmailAddr,
                         Name: "Somerville Museum",
                     },
                     To: [
@@ -87,7 +89,7 @@ export async function handlesendOverdueEmail(req, res) {
             const response = await mailjet.post("send", { version: "v3.1" }).request({
                 Messages: [
                     {
-                        From: { Email: "somerville.museum1@gmail.com", Name: "Somerville Museum" },
+                        From: { Email: sendEmailAddr, Name: "Somerville Museum" },
                         To: [{ Email: borrower_email, Name: borrower_name }],
                         Subject: "Overdue Notice: Your Borrowed Items Are Past Due",
                         HTMLPart: `
@@ -130,7 +132,7 @@ export async function handlesendReminderEmail(req, res) {
             const response = await mailjet.post("send", { version: "v3.1" }).request({
                 Messages: [
                     {
-                        From: { Email: "somerville.museum1@gmail.com", Name: "Somerville Museum" },
+                        From: { Email: sendEmailAddr, Name: "Somerville Museum" },
                         To: [{ Email: borrower_email, Name: borrower_name }],
                         Subject: "Reminder: Your Borrowed Items Are Due Soon",
                         HTMLPart: `
@@ -191,7 +193,7 @@ export async function handlesendReturnEmail(req, res) {
         const response = await mailjet.post("send", { version: "v3.1" }).request({
             Messages: [
                 {
-                    From: { Email: "somerville.museum1@gmail.com", Name: "Somerville Museum" },
+                    From: { Email: sendEmailAddr, Name: "Somerville Museum" },
                     To: [{ Email: borrower_email, Name: borrower_name }],
                     Subject: "Confirmation: Your Items Have Been Returned",
                     HTMLPart: `
@@ -271,7 +273,7 @@ async function sendEmail({ to, subject, htmlContent }) {
         Messages: [
             {
                 From: {
-                    Email: "somerville.museum1@gmail.com",
+                    Email: sendEmailAddr,
                     Name: "Somerville Museum",
                 },
                 To: [

frontend/src/app/components/EditPage.jsx

@@ -215,35 +215,6 @@ export default function EditPage({ unit }) {
         }
     };
 
-    // const handleConditionSelect = (selectedConditions) => {
-    
-    //     // Ensure selectedconditionOptions is always an array
-    //     if (!Array.isArray(selectedconditionOptions)) {
-    //         setconditionOption([]);
-    //         return;
-    //     }
-    
-    //     // Extract only names, handling undefined values safely
-    //     const selectedNames = selectedconditionOptions.map(item => item?.name || "").filter(name => name !== "");
-    
-    //     // Update state
-    //     setconditionOption(selectedNames);
-    // };
-
-    // const handleTimePeriodSelect = (selectedTimePeriods) => {    
-    //     // Ensure selectedTimePeriods is always an array
-    //     if (!Array.isArray(selectedTimePeriods)) {
-    //         setSelectedTimePeriod([]);
-    //         return;
-    //     }
-    
-    //     // Extract only names
-    //     const selectedNames = selectedTimePeriods.map(item => item?.name || "");
-    
-    //     // Update state
-    //     setSelectedTimePeriod(selectedNames.filter(name => name !== ""));
-    // };
-
     const handleSeasonSelect = (season) => {
         setSelectedSeason((prevSelected) => {
             if (prevSelected.includes(season)) {
@@ -337,7 +308,7 @@ export default function EditPage({ unit }) {
         const urlParams = new URLSearchParams(window.location.search);
         const itemId = urlParams.get('id');
         if (itemId) {
-            retrieveItem(itemId);
+            retrieveItem();
         }
     }, []);