ff12b2759f
Connect the previously-skeleton cloudStore to the client with a full
bidirectional reconcile engine. Commercial build (AUTH_ENABLED) only; the
open-source build is byte-for-byte unchanged — all cloud paths short-circuit
when AUTH_ENABLED is false.
- cloudSync.ts: reconcile engine — decideAction (pure, LWW rev->updatedAt with
tombstone priority) + syncOnLogin/pushOnSave/pushDeletion (best-effort,
serialized, isAuthed-gated)
- cloudSyncClient.ts: browser fetch bridge (short-circuit + fault-tolerant)
- /api/stories/{manifest,pull,push,delete}: RLS-guarded sync endpoints
- upsert_story_if_newer RPC: optimistic concurrency (SECURITY INVOKER,
auth.uid() injection, rev->updated_at guard, revoked from public)
- cloudStore: +manifest/pullBlobs, save->RPC {stored,won}, softDelete w/ rev
- localStore: +listAllRecordsForSync/putSyncedRecord/markRecordSynced
(concurrency-guarded sync writes); types: +StorySyncMeta/StorySyncEnvelope
- facade + UserChip: inject pushOnSave/pushDeletion + login-triggered reconcile
Sync model: full reconcile on login + background push on save (no Realtime;
eventual consistency). Conflict resolution: last-write-wins.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
34 lines
1.1 KiB
TypeScript
34 lines
1.1 KiB
TypeScript
import { NextResponse } from "next/server";
|
|
import { requireUser } from "@/lib/supabase/guard";
|
|
import { cloudPullBlobs } from "@/lib/persistence/cloudStore";
|
|
|
|
export const runtime = "nodejs";
|
|
|
|
// Cap per request — reconcile chunks its pull set, so one call never asks for an
|
|
// unbounded id list (a denial-of-wallet / oversized-response guard).
|
|
const MAX_PULL_IDS = 200;
|
|
|
|
// POST /api/stories/pull — body { ids: string[] } → { blobs: StorySyncEnvelope[] }
|
|
// (full payloads, INCLUDING tombstones, for write-back into the local store).
|
|
// Pure passthrough to cloudStore; same auth/short-circuit story as manifest.
|
|
export async function POST(req: Request) {
|
|
const auth = await requireUser();
|
|
if (auth instanceof NextResponse) return auth;
|
|
|
|
let body: { ids?: unknown };
|
|
try {
|
|
body = await req.json();
|
|
} catch {
|
|
return NextResponse.json({ error: "invalid json" }, { status: 400 });
|
|
}
|
|
|
|
const ids = Array.isArray(body.ids)
|
|
? body.ids
|
|
.filter((x): x is string => typeof x === "string" && x.length > 0)
|
|
.slice(0, MAX_PULL_IDS)
|
|
: [];
|
|
|
|
const blobs = await cloudPullBlobs(ids);
|
|
return NextResponse.json({ blobs });
|
|
}
|