This PR attempts to reduce corner cases that would result in a complete crash of the server, or at least major state issues.
All routes are now wrapped in a new "fallible" middleware that just invokes the body in a try-catch. This should make any error in a route go directly to the 500 page.
Any DB writes that occur in succession now use transactions using a new db.transaction helper function.
Any incoming forms are validated manually to present malicious actors from forging invalid requests that could lead to a bad DB state or crash. This includes the format of parameters too, such as dates or URLs.
As I went along, I also fixed some weird for-in loops and made database response variables use consistent naming.
This PR attempts to reduce corner cases that would result in a complete crash of the server, or at least major state issues.
db.transactionhelper function.