12-08-2025

🚀 Major Refactor for Maintainability & Robustness

This release marks a significant architectural overhaul of the API's core data routes. The primary focus was not on adding new features, but on a deep refactoring effort to improve maintainability, extensibility, and resilience. We've centralized logic, streamlined middleware, and enhanced data model consistency.

---

🏛️ Architectural Refactor: Middleware & Data Operations

We've fundamentally changed how the API handles data requests to make the system cleaner and much easier to extend in the future. The big-picture goal was to move logic out of individual route handlers and into single-responsibility components.

Our Rationale: Large switch statements and duplicated logic in every route handler are hard to maintain. By centralizing data operations and middleware responsibilities, we can add new data models or change behavior in one place, rather than many.

• New DataOperationRegistry: This is the centerpiece of the refactor. A new registry now centrally manages all CRUD (Create, Read, Update, Delete) operations, completely eliminating the large, cumbersome switch statements from our route handlers.
• Smarter Middleware Chain:
  • A new DataFetchMiddleware is now solely responsible for fetching items by ID, making the data available to other middleware in the request context.
  • The OwnershipCheckMiddleware has been simplified. It no longer fetches data itself; it now just validates ownership on the pre-fetched item.
• Optimized Database Calls: By passing fetched data through the request context, we've eliminated redundant database reads that were occurring in the old workflow.

🛡️ Enhanced Error Handling & Resilience

We've hardened the API to be more resilient against malformed requests, ensuring it provides clear and actionable feedback instead of generic server errors.

• Robust Query Parameter Parsing: Added try-catch blocks around the parsing of filter and sort query parameters. Invalid JSON or incorrect formats now return a specific BadRequestException.
• Safe Request Body Handling: The logic that converts incoming JSON to data models in POST requests is now wrapped in a try-catch block, gracefully handling malformed bodies.
• Improved Logging: Implemented more comprehensive logging throughout the data routes, including error and stack trace details, to improve visibility for debugging.

🔄 Data Model & Synchronization Updates

To keep the API in sync with changes across the entire toolkit, we've updated several data models and permissions.

• Data Model Consistency:
  • The feedActionStatus field has been renamed to feedDecoratorStatus to align with terminology used in the client applications.
  • A user's language preference is no longer a simple string ('en') but a structured Language object, improving data integrity.
• Secure Guest User Updates: Guest users are now permitted to update a secure, whitelisted portion of their own user object (specifically, their feedDecoratorStatus), which is essential for certain client-side features. This is handled with a secure partial update that prevents any changes to sensitive fields.