Problem
The POST /api/tasks handler validates that title is present, but the PUT /api/tasks/:id handler does not. A PUT request with no title will overwrite the existing title with undefined, setting the column to NULL — violating the NOT NULL constraint and returning a 500 error instead of a proper 400 Bad Request.
Recommendation
Add the same title presence check to the PUT handler before running the UPDATE query:
if (!title) {
return res.status(400).json({ error: 'Title is required' });
}
Location: src/routes/tasks.js — PUT route handler (around line 70)
Severity: high
Problem
The
POST /api/taskshandler validates thattitleis present, but thePUT /api/tasks/:idhandler does not. A PUT request with notitlewill overwrite the existing title withundefined, setting the column to NULL — violating the NOT NULL constraint and returning a 500 error instead of a proper 400 Bad Request.Recommendation
Add the same title presence check to the PUT handler before running the UPDATE query:
Location:
src/routes/tasks.js— PUT route handler (around line 70)Severity: high