padurlsanitize: Don't crash if `sanitizePadId()` throws

Let Express send a 500 status code to the user instead.

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

CHANGELOG.md

@@ -15,6 +15,7 @@
   from the database when the group is deleted.
 * Fixed race conditions in the `setText`, `appendText`, and `restoreRevision`
   functions (HTTP API).
+* Fixed a crash if the database is busy enough to cause a query timeout.
 
 #### For plugin authors
 

src/node/hooks/express/padurlsanitize.js

@@ -4,7 +4,8 @@ const padManager = require('../../db/PadManager');
 
 exports.expressCreateServer = (hookName, args, cb) => {
   // redirects browser to the pad's sanitized url if needed. otherwise, renders the html
-  args.app.param('pad', async (req, res, next, padId) => {
+  args.app.param('pad', (req, res, next, padId) => {
+    (async () => {
       // ensure the padname is valid and the url doesn't end with a /
       if (!padManager.isValidPadId(padId) || /\/$/.test(req.url)) {
         res.status(404).send('Such a padname is forbidden');
@@ -18,10 +19,12 @@ exports.expressCreateServer = (hookName, args, cb) => {
         next();
       } else {
         // the pad id was sanitized, so we redirect to the sanitized version
-      const realURL = encodeURIComponent(sanitizedPadId) + new URL(req.url, 'http://invalid.invalid').search;
+        const realURL =
+            encodeURIComponent(sanitizedPadId) + new URL(req.url, 'http://invalid.invalid').search;
         res.header('Location', realURL);
         res.status(302).send(`You should be redirected to <a href="${realURL}">${realURL}</a>`);
       }
+    })().catch((err) => next(err || new Error(err)));
   });
   return cb();
 };