API contract review - Phase one

[felipeneuhauss]

Problem description

This PR aims to fix the points bellow related to the Account, Profile, and Tokens modules

The API nowadays contains a lot of resources and we need to fix and improve some points in terms of best practices for RESTful APIs.

These are the points identified and require our attention:

1. To fix status codes applying 200 for PUT, POST, 201 for entity creations, 204 when no body content is required, and 202 when an async process is executed in the background.
2. To Apply validations for body data, path, and query requests, which means returning 422 for the user, with clear messages as well.
3. When saving new data, check if it's indispensable to return some response. Maybe one id attribute is enough.
4. Return 500 only for exceptions. Validation error is not an exception.
5. To improve the route names, like applying plural names for resources keeping the conventions.
6. Avoid returns like res.json('null') because it will generate an unexpected response for the consumer. Use res.json({}) or res.json([]) instead.
7. Avoid the use of res.end(). The res.send() checks the structure of your output and sets header information accordingly.
8. For deletions 204 status code for most cases is enough.
9. Some endpoints contain params that are not used, such us profiles/:username. In this case for example, the data managed comes from the logged user and the :username param does not influence in the result.

Furthermore, we need to improve the strategy to manage all validations. As mentioned previously some policies and schema validations are not being appropriately treated.

We need to create a standard way to organize and manage any validation rules and place its logic in a different function or class in order to improve maintenance e.g.

The route should process only the functions it was made for. As practiced in the Express framework, middleware filters, sanitize, or even logs data. So we can use the same place to manage validation rules.

More information here

Requirements

This PR is related to the Account, Profile, and Tokens modules

Furthermore, these items need to be fixed.

• Validations were applied through a new middleware.
• Route names were changed to plural like /artifact to /artifacts
• The way the errors were handled was changed to be more user-friendly not only returning 500 but also 422, 404, 403, with the specific errors.
• The error handler was improved to centralize all request errors
• Duplicated codes were removed in one only call
• Some unnecessary casts were removed
• Some unreachable conditions were removed.
• Unnecessary conditions to check URL params were removed because once it's not present it automatically returns 404.
• The hpp express middleware was added to protect against HTTP Parameter Pollution attacks

Definition of done

All the API attend the RESTful standard.

Acceptance criteria

All the API attend the RESTful standard.

[ieumuzair]

@prernaadev01