refactor: address PR feedback for HTTP helpers

- Fix account not found to return 404 instead of 400
- Update getAccountWithRelations to return null instead of throwing
- Add AccountStatus enum to replace magic strings
- Add Zod validation for audit logs query parameters
- Improve type safety across account and audit log handlers

Author: JDIZM

src/handlers/accounts/accounts.handlers.ts

@@ -38,7 +38,7 @@ export const getAccount = asyncHandler(async (req: Request, res: Response): Prom
   const result = await getAccountWithRelations(req.params.id);
 
   if (!result) {
-    const response = apiResponse.error(HttpErrors.ValidationFailed("Account not found"));
+    const response = apiResponse.error(HttpErrors.NotFound("Account"));
     res.status(response.code).send(response);
     return;
   }

src/handlers/accounts/accounts.methods.ts

@@ -63,7 +63,7 @@ export async function getAccountById(accountId: string): Promise<AccountSelectTy
   return result;
 }
 
-export async function getAccountWithRelations(accountId: string): Promise<AccountWithRelations> {
+export async function getAccountWithRelations(accountId: string): Promise<AccountWithRelations | null> {
   const validationResult = uuidSchema.safeParse({ uuid: accountId });
   if (!validationResult.success) {
     throw new Error(`Invalid account ID: ${validationResult.error.message}`);
@@ -85,9 +85,5 @@ export async function getAccountWithRelations(accountId: string): Promise<Accoun
     }
   });
 
-  if (!result) {
-    throw new Error("Account not found");
-  }
-
-  return result;
+  return result || null;
 }

src/handlers/admin/auditLogs.handlers.ts

@@ -1,28 +1,43 @@
-import { HttpStatusCode } from "@/helpers/Http.ts";
+import { HttpErrors, HttpStatusCode } from "@/helpers/Http.ts";
 import { apiResponse } from "@/helpers/response.ts";
 import { asyncHandler } from "@/helpers/request.ts";
 import { accounts, auditLogs } from "@/schema.ts";
 import { db } from "@/services/db/drizzle.ts";
 import { and, desc, eq, gte, lte, sql } from "drizzle-orm";
 import type { Request, Response } from "express";
+import { z } from "zod";
+
+// Zod schema for audit logs query parameters
+const auditLogsQuerySchema = z.object({
+  page: z.coerce.number().int().positive().default(1),
+  limit: z.coerce.number().int().positive().max(100).default(50),
+  action: z.string().optional(),
+  entityType: z.string().optional(),
+  actorId: z.string().uuid().optional(),
+  entityId: z.string().uuid().optional(),
+  workspaceId: z.string().uuid().optional(),
+  startDate: z.string().datetime().optional(),
+  endDate: z.string().datetime().optional()
+});
 
 /**
  * GET /admin/audit-logs
  * List audit logs with filtering and pagination (SuperAdmin only)
  */
 export const getAuditLogs = asyncHandler(async (req: Request, res: Response): Promise<void> => {
-  const page = parseInt(req.query.page as string) || 1;
-  const limit = parseInt(req.query.limit as string) || 50;
-  const offset = (page - 1) * limit;
+  // Validate query parameters
+  const validationResult = auditLogsQuerySchema.safeParse(req.query);
+
+  if (!validationResult.success) {
+    const response = apiResponse.error(
+      HttpErrors.ValidationFailed(`Invalid query parameters: ${validationResult.error.message}`)
+    );
+    res.status(response.code).send(response);
+    return;
+  }
 
-  // Filter parameters
-  const action = req.query.action as string;
-  const entityType = req.query.entityType as string;
-  const actorId = req.query.actorId as string;
-  const entityId = req.query.entityId as string;
-  const workspaceId = req.query.workspaceId as string;
-  const startDate = req.query.startDate as string;
-  const endDate = req.query.endDate as string;
+  const { page, limit, action, entityType, actorId, entityId, workspaceId, startDate, endDate } = validationResult.data;
+  const offset = (page - 1) * limit;
 
   // Build conditions for filtering
   const conditions = [];

src/middleware/checkAccountStatus.ts

@@ -1,5 +1,5 @@
 import { logger } from "@/helpers/index.ts";
-import { accounts } from "@/schema.ts";
+import { AccountStatus, accounts } from "@/schema.ts";
 import { db } from "@/services/db/drizzle.ts";
 import { eq } from "drizzle-orm";
 import type { NextFunction, Request, Response } from "express";
@@ -33,8 +33,8 @@ export const checkAccountStatus = async (req: Request, res: Response, next: Next
       res.status(response.code).send(response);
       return;
     }
-    // TODO enum for account status
-    if (account.status !== "active") {
+
+    if (account.status !== AccountStatus.ACTIVE) {
       logger.warn({ msg: `Access denied for ${account.status} account: ${accountId}` });
       const response = apiResponse.error(HttpErrors.Forbidden(`Account is ${account.status}`));
       res.status(response.code).send(response);

src/schema.ts

@@ -10,6 +10,15 @@ export const uuidSchema = z.uuid();
 // Validate UUID in object form (for backward compatibility)
 export const uuidObjectSchema = z.object({ uuid: uuidSchema });
 
+// Account status enum
+export const AccountStatus = {
+  ACTIVE: "active",
+  INACTIVE: "inactive",
+  SUSPENDED: "suspended"
+} as const;
+
+export type AccountStatusType = (typeof AccountStatus)[keyof typeof AccountStatus];
+
 export const accounts = pgTable("accounts", {
   uuid: uuid("uuid").defaultRandom().primaryKey(),
   fullName: text("full_name").notNull(),