6ba5307c6c
Adopt 8 PR-agent (Qodo) findings; 4 declined (concurrency already guarded by the putSyncedRecord/markRecordSynced guards + RPC optimistic concurrency; SQL-injection / won-equality / microtask-race are false positives — see PR reply). - markRecordSynced: guard on updatedAt too — softDeleteStory doesn't bump rev, so a same-rev newer local tombstone must not be marked synced by an older push's ack (symmetric with putSyncedRecord's guard) - recordToEnvelope: fallback timestamps to 0 not Date.now() (a corrupt record should lose LWW, not win as "now") - push/delete routes: validate rev/updatedAt as finite -> 400 (was silent 200); push: Content-Length pre-check before buffering the body - pushDeletion: idbGet a single record instead of a full-store scan - manifest: Cache-Control private,no-store + client fetch cache:no-store - cloudSyncClient: Array.isArray narrowing on items/blobs - RPC: `if found` instead of `v_row.id is not null` after RETURNING INTO Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
39 lines
1.6 KiB
TypeScript
39 lines
1.6 KiB
TypeScript
import { NextResponse } from "next/server";
|
|
import { requireUser } from "@/lib/supabase/guard";
|
|
import { cloudSoftDeleteStory } from "@/lib/persistence/cloudStore";
|
|
|
|
export const runtime = "nodejs";
|
|
|
|
// POST /api/stories/delete — body { id, rev, deletedAt } → { ok }. Propagates a
|
|
// soft-delete (tombstone) under the same optimistic-concurrency guard as push.
|
|
// requireUser 401s an unauthenticated commercial caller; on the open-source
|
|
// build cloudSoftDeleteStory short-circuits to false.
|
|
export async function POST(req: Request) {
|
|
const auth = await requireUser();
|
|
if (auth instanceof NextResponse) return auth;
|
|
|
|
let body: { id?: unknown; rev?: unknown; deletedAt?: unknown };
|
|
try {
|
|
body = await req.json();
|
|
} catch {
|
|
return NextResponse.json({ error: "invalid json" }, { status: 400 });
|
|
}
|
|
|
|
const id = typeof body.id === "string" ? body.id : "";
|
|
if (!id) {
|
|
return NextResponse.json({ error: "missing id" }, { status: 400 });
|
|
}
|
|
// Validate rev/deletedAt as finite values (see push route rationale): reject
|
|
// bad input with 400 rather than letting NaN/Infinity reach the PostgREST
|
|
// filter or toISOString().
|
|
if (typeof body.rev !== "number" || !Number.isFinite(body.rev) || body.rev <= 0) {
|
|
return NextResponse.json({ error: "invalid rev" }, { status: 400 });
|
|
}
|
|
if (typeof body.deletedAt !== "number" || !Number.isFinite(body.deletedAt)) {
|
|
return NextResponse.json({ error: "invalid deletedAt" }, { status: 400 });
|
|
}
|
|
|
|
const ok = await cloudSoftDeleteStory(id, body.rev, body.deletedAt);
|
|
return NextResponse.json({ ok });
|
|
}
|