Fix Lock In 500 error: fs_projects has no updated_at column

The PATCH handler used SQL 'updated_at = NOW()' which doesn't exist on fs_projects (all timestamps live inside the data JSONB blob). Rewrote to use the same read-merge-write pattern as other working routes: fetch current data, merge in JS, write back as data::jsonb. Made-with: Cursor
2026-03-06 10:56:21 -08:00
parent 4eff014ae6
commit 5e4cce55de
1 changed files with 24 additions and 29 deletions
--- a/app/api/projects/[projectId]/design-surfaces/route.ts
+++ b/app/api/projects/[projectId]/design-surfaces/route.ts
@@ -3,16 +3,6 @@ import { getServerSession } from 'next-auth';
 import { authOptions } from '@/lib/auth/authOptions';
 import { query } from '@/lib/db-postgres';

-async function verifyOwnership(projectId: string, email: string): Promise<boolean> {
-  const rows = await query<{ id: string }>(
-    `SELECT p.id FROM fs_projects p
-     JOIN fs_users u ON u.id = p.user_id
-     WHERE p.id = $1 AND u.data->>'email' = $2
-     LIMIT 1`,
-    [projectId, email]
-  );
-  return rows.length > 0;
-}

 /**
 * GET — returns surfaces[] and surfaceThemes{} for the project.
@@ -63,36 +53,41 @@ export async function PATCH(
    const session = await getServerSession(authOptions);
    if (!session?.user?.email) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });

-    const owned = await verifyOwnership(projectId, session.user.email);
-    if (!owned) return NextResponse.json({ error: 'Project not found' }, { status: 404 });
+    // Read current data (also verifies ownership)
+    const rows = await query<{ data: Record<string, unknown> }>(
+      `SELECT p.data FROM fs_projects p
+       JOIN fs_users u ON u.id = p.user_id
+       WHERE p.id = $1 AND u.data->>'email' = $2
+       LIMIT 1`,
+      [projectId, session.user.email]
+    );
+    if (rows.length === 0) return NextResponse.json({ error: 'Project not found' }, { status: 404 });

+    const current = rows[0].data ?? {};
    const body = await req.json() as
      | { surfaces: string[] }
      | { surface: string; theme: string };

+    let updated: Record<string, unknown>;
+
    if ('surfaces' in body) {
-      await query(
-        `UPDATE fs_projects
-         SET data = data || jsonb_build_object('surfaces', $2::jsonb),
-             updated_at = NOW()
-         WHERE id = $1`,
-        [projectId, JSON.stringify(body.surfaces)]
-      );
+      updated = { ...current, surfaces: body.surfaces, updatedAt: new Date().toISOString() };
    } else if ('surface' in body && 'theme' in body) {
-      await query(
-        `UPDATE fs_projects
-         SET data = data || jsonb_build_object(
-           'surfaceThemes',
-           COALESCE(data->'surfaceThemes', '{}'::jsonb) || jsonb_build_object($2, $3)
-         ),
-         updated_at = NOW()
-         WHERE id = $1`,
-        [projectId, body.surface, body.theme]
-      );
+      const existing = (current.surfaceThemes ?? {}) as Record<string, string>;
+      updated = {
+        ...current,
+        surfaceThemes: { ...existing, [body.surface]: body.theme },
+        updatedAt: new Date().toISOString(),
+      };
    } else {
      return NextResponse.json({ error: 'Invalid body' }, { status: 400 });
    }

+    await query(
+      `UPDATE fs_projects SET data = $1::jsonb WHERE id = $2`,
+      [JSON.stringify(updated), projectId]
+    );
+
    return NextResponse.json({ success: true });
  } catch (err) {
    console.error('[design-surfaces PATCH]', err);