Files
infiplot-web/app/api/stories/push/route.ts
T
Kai ki ff12b2759f feat(persistence): bidirectional local/cloud story sync (Supabase)
Connect the previously-skeleton cloudStore to the client with a full
bidirectional reconcile engine. Commercial build (AUTH_ENABLED) only; the
open-source build is byte-for-byte unchanged — all cloud paths short-circuit
when AUTH_ENABLED is false.

- cloudSync.ts: reconcile engine — decideAction (pure, LWW rev->updatedAt with
  tombstone priority) + syncOnLogin/pushOnSave/pushDeletion (best-effort,
  serialized, isAuthed-gated)
- cloudSyncClient.ts: browser fetch bridge (short-circuit + fault-tolerant)
- /api/stories/{manifest,pull,push,delete}: RLS-guarded sync endpoints
- upsert_story_if_newer RPC: optimistic concurrency (SECURITY INVOKER,
  auth.uid() injection, rev->updated_at guard, revoked from public)
- cloudStore: +manifest/pullBlobs, save->RPC {stored,won}, softDelete w/ rev
- localStore: +listAllRecordsForSync/putSyncedRecord/markRecordSynced
  (concurrency-guarded sync writes); types: +StorySyncMeta/StorySyncEnvelope
- facade + UserChip: inject pushOnSave/pushDeletion + login-triggered reconcile

Sync model: full reconcile on login + background push on save (no Realtime;
eventual consistency). Conflict resolution: last-write-wins.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-28 11:20:47 +08:00

52 lines
2.0 KiB
TypeScript

import { NextResponse } from "next/server";
import { coerceOrientation } from "@infiplot/types";
import { requireUser } from "@/lib/supabase/guard";
import { cloudSaveStory } from "@/lib/persistence/cloudStore";
import { coerceEpoch, type StorySyncEnvelope } from "@/lib/persistence/types";
export const runtime = "nodejs";
// Matches story-pack's 12 MB doc ceiling — a slim Session (voice +
// styleReferenceImage stripped) is far smaller, so this only rejects
// pathological payloads, never normal saves.
const MAX_PUSH_BYTES = 12_000_000;
// POST /api/stories/push — body StorySyncEnvelope → { stored, won }. Pure
// passthrough to the optimistic-concurrency RPC; won=false means a newer cloud
// row was preserved. requireUser 401s an unauthenticated commercial caller; on
// the open-source build cloudSaveStory short-circuits to { stored:null, won:false }.
export async function POST(req: Request) {
const auth = await requireUser();
if (auth instanceof NextResponse) return auth;
let raw: string;
try {
raw = await req.text();
} catch {
return NextResponse.json({ error: "invalid body" }, { status: 400 });
}
if (Buffer.byteLength(raw, "utf8") > MAX_PUSH_BYTES) {
return NextResponse.json({ error: "payload too large" }, { status: 413 });
}
let env: StorySyncEnvelope;
try {
env = JSON.parse(raw) as StorySyncEnvelope;
} catch {
return NextResponse.json({ error: "invalid json" }, { status: 400 });
}
if (!env?.id || typeof env.id !== "string") {
return NextResponse.json({ error: "missing id" }, { status: 400 });
}
// Defensive coercion at the trust boundary (the slim session itself is left to
// the client — it's reconstructible and never security-sensitive after slim).
const result = await cloudSaveStory({
...env,
orientation: coerceOrientation(env.orientation),
updatedAt: coerceEpoch(env.updatedAt, Date.now()),
deletedAt: env.deletedAt == null ? null : coerceEpoch(env.deletedAt, Date.now()),
});
return NextResponse.json(result);
}