Describe the bug
The add_asset endpoint in backend/api/v1/farms.py does not validate that the required fields name and category exist in the request body before accessing them. A POST request with a missing or empty JSON body raises an unhandled KeyError, resulting in a 500 instead of a 400.
To Reproduce
- Start the application and obtain a valid token.
- POST to /api/v1/farms/1/assets with body: {}
- Observe 500 error.
Expected behavior
Return HTTP 400 with a clear message listing the missing fields (name, category), consistent with create_farm in the same file.
Additional context
Affected file: backend/api/v1/farms.py
The create_farm route directly above already demonstrates the correct guard:
if not data or 'name' not in data or 'location' not in data:
return jsonify({'status': 'error', 'message': 'Name and location required'}), 400
The same guard is absent from add_asset.
Describe the bug
The add_asset endpoint in backend/api/v1/farms.py does not validate that the required fields name and category exist in the request body before accessing them. A POST request with a missing or empty JSON body raises an unhandled KeyError, resulting in a 500 instead of a 400.
To Reproduce
Expected behavior
Return HTTP 400 with a clear message listing the missing fields (name, category), consistent with create_farm in the same file.
Additional context
Affected file: backend/api/v1/farms.py
The create_farm route directly above already demonstrates the correct guard:
The same guard is absent from add_asset.