bug(delete) - fixed bug)

apps/Backend/src/routes/appointments.ts

@@ -357,34 +357,33 @@ router.put(
 );
 
 // Delete an appointment
-router.delete(
+router.delete("/:id", async (req: Request, res: Response): Promise<any> => {
-  "/:id",
+  try {
-
+    const appointmentIdParam = req.params.id;
-  async (req: Request, res: Response): Promise<any> => {
+    if (!appointmentIdParam) {
-    try {
+      return res.status(400).json({ message: "Appointment ID is required" });
-      const appointmentIdParam = req.params.id;
-      if (!appointmentIdParam) {
-        return res.status(400).json({ message: "Appointment ID is required" });
-      }
-      const appointmentId = parseInt(appointmentIdParam);
-
-      // Check if appointment exists and belongs to user
-      const existingAppointment = await storage.getAppointment(appointmentId);
-      if (!existingAppointment) {
-        return res.status(404).json({ message: "Appointment not found" });
-      }
-
-      if (existingAppointment.userId !== req.user!.id) {
-        return res.status(403).json({ message: "Forbidden" });
-      }
-
-      // Delete appointment
-      await storage.deleteAppointment(appointmentId);
-      res.status(204).send();
-    } catch (error) {
-      res.status(500).json({ message: "Failed to delete appointment" });
     }
+    const appointmentId = parseInt(appointmentIdParam);
+
+    // Check if appointment exists and belongs to user
+    const existingAppointment = await storage.getAppointment(appointmentId);
+    if (!existingAppointment) {
+      return res.status(404).json({ message: "Appointment not found" });
+    }
+
+    if (existingAppointment.userId !== req.user!.id) {
+      return res.status(403).json({
+        message:
+          "Forbidden: Appointment belongs to a different user, you can't delete this.",
+      });
+    }
+
+    // Delete appointment
+    await storage.deleteAppointment(appointmentId);
+    res.status(204).send();
+  } catch (error) {
+    res.status(500).json({ message: "Failed to delete appointment" });
   }
-);
+});
 
 export default router;

apps/Backend/src/routes/claims.ts

@@ -375,7 +375,10 @@ router.delete("/:id", async (req: Request, res: Response): Promise<any> => {
     }
 
     if (existingClaim.userId !== req.user!.id) {
-      return res.status(403).json({ message: "Forbidden" });
+      return res.status(403).json({
+        message:
+          "Forbidden: Claim belongs to a different user, you can't delete this.",
+      });
     }
 
     await storage.deleteClaim(claimId);

apps/Backend/src/routes/insuranceCreds.ts

@@ -102,9 +102,10 @@ router.delete("/:id", async (req: Request, res: Response): Promise<any> => {
 
     // 2) Ownership check
     if (existing.userId !== userId) {
-      return res
+      return res.status(403).json({
-        .status(403)
+        message:
-        .json({ message: "Forbidden: Not your credential" });
+          "Forbidden: Credentials belongs to a different user, you can't delete this.",
+      });
     }
 
     // 3) Delete (storage method enforces userId + id)

apps/Frontend/src/components/payments/payments-recent-table.tsx

@@ -304,7 +304,7 @@ export default function PaymentsRecentTable({
     onError: (error) => {
       toast({
         title: "Error",
-        description: `Failed to delete payment: ${error.message})`,
+        description: `Failed to delete payment: ${error.message}`,
         variant: "destructive",
       });
     },

apps/Frontend/src/lib/queryClient.ts

@@ -4,7 +4,7 @@ const API_BASE_URL = import.meta.env.VITE_API_BASE_URL_BACKEND ?? "";
 
 async function throwIfResNotOk(res: Response) {
   if (!res.ok) {
-    if (res.status === 401 || res.status === 403) {
+    if (res.status === 401) {
       localStorage.removeItem("token");
       if (!window.location.pathname.startsWith("/auth")) {
         window.location.href = "/auth";