2 files changed, 12 insertions, 7 deletions

diff --git a/api/src/middlewares/Authentication.ts b/api/src/middlewares/Authentication.ts

index 34a66a6b..a300c786 100644
--- a/api/src/middlewares/Authentication.ts
+++ b/api/src/middlewares/Authentication.ts
@@ -18,9 +18,9 @@ export const API_PREFIX_TRAILING_SLASH = /^\/api(\/v\d+)?\//;
 declare global {
 	namespace Express {
 		interface Request {
-			user_id: any;
+			user_id: string;
 			user_bot: boolean;
-			token: any;
+			token: string;
 		}
 	}
 }
@@ -47,7 +47,7 @@ export async function Authentication(req: Request, res: Response, next: NextFunc
 		req.user_id = decoded.id;
 		req.user_bot = user.bot;
 		return next();
-	} catch (error) {
-		return next(new HTTPError(error.toString(), 400));
+	} catch (error: any) {
+		return next(new HTTPError(error?.toString(), 400));
 	}
 }
diff --git a/api/src/middlewares/ErrorHandler.ts b/api/src/middlewares/ErrorHandler.ts

index 5fc36f33..f061172a 100644
--- a/api/src/middlewares/ErrorHandler.ts
+++ b/api/src/middlewares/ErrorHandler.ts
@@ -1,5 +1,6 @@
 import { NextFunction, Request, Response } from "express";
 import { HTTPError } from "lambert-server";
+import { EntityNotFoundError } from "typeorm";
 import { FieldError } from "../util/instanceOf";
 import {ApiError} from "../util/ApiError";
 
@@ -19,12 +20,18 @@ export function ErrorHandler(error: Error, req: Request, res: Response, next: Ne
 			message = error.message;
 			httpcode = error.httpStatus;
 		}
-		else if (error instanceof FieldError) {
+		else if (error instanceof EntityNotFoundError) {
+			message = `${(error as any).stringifyTarget} can not be found`;
+			code = 404;
+		} else if (error instanceof FieldError) {
 			code = Number(error.code);
 			message = error.message;
 			errors = error.errors;
 		} else {
+			console.error(`[Error] ${code} ${req.url}`, errors || error, "body:", req.body);
+
 			if (req.server?.options?.production) {
+				// don't expose internal errors to the user, instead human errors should be thrown as HTTPError
 				message = "Internal Server Error";
 			}
 			code = httpcode = 500;
@@ -32,8 +39,6 @@ export function ErrorHandler(error: Error, req: Request, res: Response, next: Ne
 
 		if (httpcode > 511) httpcode = 400;
 
-		console.error(`[Error] ${code} ${req.url}`, errors || error, "body:", req.body);
-
 		res.status(httpcode).json({ code: code, message, errors });
 	} catch (error) {
 		console.error(`[Internal Server Error] 500`, error);