mark/vibn-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

design-surfaces: explicit ::text cast on every query param

Browse Source 
Add ::text cast to all $1/$2 parameters so PostgreSQL never needs
to infer types. Split SELECT and UPDATE into separate try/catch blocks
with distinct error labels so logs show exactly which query fails.

Made-with: Cursor
This commit is contained in:
Mark Henderson
2026-03-06 11:29:57 -08:00
parent 53b098ce6a
commit 24812df89b
1 changed files with 26 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
app/api/projects/[projectId]/design-surfaces/route.ts
View File

@@ -3,7 +3,6 @@ import { getServerSession } from 'next-auth';
import { authOptions } from '@/lib/auth/authOptions'; import { authOptions } from '@/lib/auth/authOptions';
import { query } from '@/lib/db-postgres'; import { query } from '@/lib/db-postgres';
/** /**
* GET — returns surfaces[] and surfaceThemes{} for the project. * GET — returns surfaces[] and surfaceThemes{} for the project.
*/ */
@@ -19,7 +18,7 @@ export async function GET(
const rows = await query<{ data: Record<string, unknown> }>( const rows = await query<{ data: Record<string, unknown> }>(
`SELECT p.data FROM fs_projects p `SELECT p.data FROM fs_projects p
JOIN fs_users u ON u.id = p.user_id JOIN fs_users u ON u.id = p.user_id
WHERE p.id = $1 AND u.data->>'email' = $2 WHERE p.id = $1::text AND u.data->>'email' = $2::text
LIMIT 1`, LIMIT 1`,
[projectId, session.user.email] [projectId, session.user.email]
); );
@@ -53,14 +52,21 @@ export async function PATCH(
const session = await getServerSession(authOptions); const session = await getServerSession(authOptions);
if (!session?.user?.email) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); if (!session?.user?.email) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
// Read current data (also verifies ownership) // Step 1: read current data — explicit ::text casts on every param
const rows = await query<{ data: Record<string, unknown> }>( let rows: { data: Record<string, unknown> }[];
try {
rows = await query<{ data: Record<string, unknown> }>(
`SELECT p.data FROM fs_projects p `SELECT p.data FROM fs_projects p
JOIN fs_users u ON u.id = p.user_id JOIN fs_users u ON u.id = p.user_id
WHERE p.id = $1 AND u.data->>'email' = $2 WHERE p.id = $1::text AND u.data->>'email' = $2::text
LIMIT 1`, LIMIT 1`,
[projectId, session.user.email] [projectId, session.user.email]
); );
} catch (selErr) {
console.error('[design-surfaces PATCH] SELECT failed:', selErr);
return NextResponse.json({ error: 'Internal error (select)' }, { status: 500 });
}
if (rows.length === 0) return NextResponse.json({ error: 'Project not found' }, { status: 404 }); if (rows.length === 0) return NextResponse.json({ error: 'Project not found' }, { status: 404 });
const current = rows[0].data ?? {}; const current = rows[0].data ?? {};
@@ -83,12 +89,16 @@ export async function PATCH(
return NextResponse.json({ error: 'Invalid body' }, { status: 400 }); return NextResponse.json({ error: 'Invalid body' }, { status: 400 });
} }
// Put projectId as $1 (matches known-working pattern in other routes) // Step 2: write back — explicit ::text cast on id param, ::jsonb on data param
// and cast id::text to avoid "could not determine data type of parameter" (42P18) try {
await query( await query(
`UPDATE fs_projects SET data = $2::jsonb WHERE id::text = $1`, `UPDATE fs_projects SET data = $1::jsonb WHERE id = $2::text`,
[projectId, JSON.stringify(updated)] [JSON.stringify(updated), projectId]
); );
} catch (updErr) {
console.error('[design-surfaces PATCH] UPDATE failed:', updErr);
return NextResponse.json({ error: 'Internal error (update)' }, { status: 500 });
}
return NextResponse.json({ success: true }); return NextResponse.json({ success: true });
} catch (err) { } catch (err) {