fix regex in route

src/routes/tournamentRoutes.js

@@ -6,27 +6,35 @@ const { authenticateToken, authorizeRole } = require('../middleware/authMiddlewa
 
 const router = express.Router();
 
+// Middleware to validate ID format
+const validateIdFormat = (req, res, next) => {
+  const idParam = req.params.id;
+  if (!/^[0-9a-fA-F\-]+$/.test(idParam)) {
+    return res.status(400).json({ message: 'Invalid ID format' });
+  }
+  next();
+};
+
 // --- Publicly Accessible GET Routes ---
 // GET /api/tournaments - Get all tournaments
 router.get('/', tournamentController.getAllTournaments);
 
 // GET /api/tournaments/:id - Get a specific tournament
 // Needs to be before routes with more specific parameters like /export or /:id/players
-router.get('/:id([0-9a-fA-F\\-]+)', tournamentController.getTournamentById); // Regex to ensure it's a UUID-like ID
+router.get('/:id', validateIdFormat, tournamentController.getTournamentById);
 
 // GET /api/tournaments/:id/players - Get players for a specific tournament
 router.get('/:tournamentId/players', tournamentController.getTournamentPlayers);
 
-
 // --- Admin only routes (require authentication and 'admin' role) ---
 // POST /api/tournaments - Create a new tournament
 router.post('/', authenticateToken, authorizeRole('admin'), tournamentController.createTournament);
 
 // PUT /api/tournaments/:id - Update a tournament
-router.put('/:id([0-9a-fA-F\\-]+)', authenticateToken, authorizeRole('admin'), tournamentController.updateTournament);
+router.put('/:id', validateIdFormat, authenticateToken, authorizeRole('admin'), tournamentController.updateTournament);
 
 // DELETE /api/tournaments/:id - Delete a tournament
-router.delete('/:id([0-9a-fA-F\\-]+)', authenticateToken, authorizeRole('admin'), tournamentController.deleteTournament);
+router.delete('/:id', validateIdFormat, authenticateToken, authorizeRole('admin'), tournamentController.deleteTournament);
 
 // --- NEW: Routes for managing tournament players (Admin only) ---
 
@@ -36,7 +44,6 @@ router.post('/:tournamentId/players', authenticateToken, authorizeRole('admin'),
 // DELETE /api/tournaments/:tournamentId/players/:playerId - Remove a player from a tournament
 router.delete('/:tournamentId/players/:playerId', authenticateToken, authorizeRole('admin'), tournamentController.removePlayerFromTournament);
 
-
 // --- Placeholder routes for future implementation (Admin only) ---
 
 // POST /api/tournaments/import - Import tournaments from CSV
@@ -47,7 +54,6 @@ router.post('/import', authenticateToken, authorizeRole('admin'), tournamentCont
 router.get('/export', authenticateToken, authorizeRole('admin'), tournamentController.exportTournaments);
 
 // POST /api/tournaments/:id/logo - Add/Update logo for a tournament
-router.post('/:id([0-9a-fA-F\\-]+)/logo', authenticateToken, authorizeRole('admin'), tournamentController.addLogo);
+router.post('/:id/logo', validateIdFormat, authenticateToken, authorizeRole('admin'), tournamentController.addLogo);
-
 
 module.exports = router;