Files
infiplot-web/app/api/stories/delete/route.ts
T
Kai ki 6ba5307c6c fix(persistence): address PR #117 review feedback
Adopt 8 PR-agent (Qodo) findings; 4 declined (concurrency already guarded by
the putSyncedRecord/markRecordSynced guards + RPC optimistic concurrency;
SQL-injection / won-equality / microtask-race are false positives — see PR reply).

- markRecordSynced: guard on updatedAt too — softDeleteStory doesn't bump rev,
  so a same-rev newer local tombstone must not be marked synced by an older
  push's ack (symmetric with putSyncedRecord's guard)
- recordToEnvelope: fallback timestamps to 0 not Date.now() (a corrupt record
  should lose LWW, not win as "now")
- push/delete routes: validate rev/updatedAt as finite -> 400 (was silent 200);
  push: Content-Length pre-check before buffering the body
- pushDeletion: idbGet a single record instead of a full-store scan
- manifest: Cache-Control private,no-store + client fetch cache:no-store
- cloudSyncClient: Array.isArray narrowing on items/blobs
- RPC: `if found` instead of `v_row.id is not null` after RETURNING INTO

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-28 11:52:09 +08:00

39 lines
1.6 KiB
TypeScript

import { NextResponse } from "next/server";
import { requireUser } from "@/lib/supabase/guard";
import { cloudSoftDeleteStory } from "@/lib/persistence/cloudStore";
export const runtime = "nodejs";
// POST /api/stories/delete — body { id, rev, deletedAt } → { ok }. Propagates a
// soft-delete (tombstone) under the same optimistic-concurrency guard as push.
// requireUser 401s an unauthenticated commercial caller; on the open-source
// build cloudSoftDeleteStory short-circuits to false.
export async function POST(req: Request) {
const auth = await requireUser();
if (auth instanceof NextResponse) return auth;
let body: { id?: unknown; rev?: unknown; deletedAt?: unknown };
try {
body = await req.json();
} catch {
return NextResponse.json({ error: "invalid json" }, { status: 400 });
}
const id = typeof body.id === "string" ? body.id : "";
if (!id) {
return NextResponse.json({ error: "missing id" }, { status: 400 });
}
// Validate rev/deletedAt as finite values (see push route rationale): reject
// bad input with 400 rather than letting NaN/Infinity reach the PostgREST
// filter or toISOString().
if (typeof body.rev !== "number" || !Number.isFinite(body.rev) || body.rev <= 0) {
return NextResponse.json({ error: "invalid rev" }, { status: 400 });
}
if (typeof body.deletedAt !== "number" || !Number.isFinite(body.deletedAt)) {
return NextResponse.json({ error: "invalid deletedAt" }, { status: 400 });
}
const ok = await cloudSoftDeleteStory(id, body.rev, body.deletedAt);
return NextResponse.json({ ok });
}