fix: sanitise Zod validation error messages in game controller

apps/api/src/controllers/gameController.test.ts

@@ -119,6 +119,17 @@ describe("POST /api/v1/game/start", () => {
     expect(res.status).toBe(404);
     expect(body.success).toBe(false);
   });
+
+  it("returns a sanitised error message when the body is invalid", async () => {
+    const res = await request(app)
+      .post("/api/v1/game/start")
+      .send({ ...validBody, difficulty: "impossible" });
+    const body = res.body as ErrorResponse;
+    expect(res.status).toBe(400);
+    expect(body.error).toBe("Invalid game settings");
+    expect(body.error).not.toContain("Invalid literal value");
+    expect(body.error).not.toContain("Invalid enum value");
+  });
 });
 
 describe("POST /api/v1/game/answer", () => {

apps/api/src/controllers/gameController.ts

@@ -14,7 +14,7 @@ export const createGameController = (store: GameSessionStore) => ({
     try {
       const gameSettings = GameRequestSchema.safeParse(req.body);
       if (!gameSettings.success) {
-        throw new ValidationError(gameSettings.error.message);
+        throw new ValidationError("Invalid game settings");
       }
       const gameQuestions = await createGameSession(
         gameSettings.data,
@@ -35,7 +35,7 @@ export const createGameController = (store: GameSessionStore) => ({
     try {
       const submission = AnswerSubmissionSchema.safeParse(req.body);
       if (!submission.success) {
-        throw new ValidationError(submission.error.message);
+        throw new ValidationError("Invalid answer submission");
       }
       const result = await evaluateAnswer(
         submission.data,