🐛: /api/fraud/batch/:batchId logs use console.log, but route mounts via /api/fraud with generalLimiter, and auth middleware mismatches frontend expectations.

[Aditya8369]

🔍 Description

backend/src/index.js documents the fraud endpoints, but the actual routes/fraud.js implementation relies on optionalAuth and applies router.use(generalLimiter). Many production setups treat GET without auth as anonymous and the UI may still send an Authorization header; rate limiting + auth coupling can cause intermittent 401/429 and confusing frontend errors.

✅ Expected Behavior

POST /api/register-batch should validate exactly the fields the handler uses:

• batchName, location, photoUrl (and any additional fields required by submitBatchData/insertBatch).
• Clients should receive a consistent 400 response only for missing/invalid required fields.

📷 Screenshots / 🎥 Video

No response

📄 Affected Page(s)

• Frontend Page
• Backend Page
• Others (mention)

💻 Environment

No response

💬 Additional Info

Proposed fix:
Make rate limiting strategy endpoint-aware: keep generalLimiter but reduce coupling by moving limiter to only specific routes, or increasing limits for overview/batch endpoints.
Enforce consistent auth header format in the frontend and add clearer error mapping (401 vs 429) to the frontend.

📞 Contact

Name- Aditya Mahajan
Github- adityamahajan0601
Email- mahajan2005aditya@gmail.com

[Aditya8369]

hey @daviddprtma please assign me if this you find this issue helpful

[daviddprtma]

okay I assign you for this issue. do the best for your work🙏