Skip to content

fix(research): validate missionId as a UUID before the query (was a raw 500)#53

Merged
RyRy79261 merged 2 commits into
mainfrom
fix/research-parse-missionid-validation
Jun 23, 2026
Merged

fix(research): validate missionId as a UUID before the query (was a raw 500)#53
RyRy79261 merged 2 commits into
mainfrom
fix/research-parse-missionid-validation

Conversation

@RyRy79261

Copy link
Copy Markdown
Owner

The bug (low, from the 2026-06-23 audit)

/api/research/parse only checked that missionId was a non-empty string, then passed it to getMission. But missions.id is a uuid column, so a non-UUID value reached Postgres and threw invalid input syntax for type uuid — surfacing as an unhandled 500 on bad client input.

The fix

Validate missionId with z.string().uuid() at the boundary and return 400 for a malformed/missing id (the well-formed-but-nonexistent case still 404s downstream, unchanged).

Test

research-parse-route.test.ts drives the route's reject path directly — auth + rate-limit mocked, vendors stubbed to crash if reached (they aren't: the check precedes transcription and the DB query). Asserts a non-UUID and a missing missionId both return 400. No DB required, so it runs in the plain verify job too.

Verification

  • 2/2 route tests pass; typecheck + lint clean
  • CodeRabbit CLI: no findings

https://claude.ai/code/session_01HgjBcWAo4VLxXMf22NPBZx

…aw 500)

/api/research/parse only checked that missionId was a non-empty string, then
passed it to getMission — but missions.id is a uuid column, so a non-UUID value
reached Postgres and threw "invalid input syntax for type uuid", surfacing as an
unhandled 500. Validate it as a UUID at the boundary and return 400 instead.

Test: research-parse-route.test.ts drives the route's reject path (auth +
rate-limit mocked, vendors stubbed to crash if reached — they aren't, since the
check precedes transcription/the DB). Asserts a non-UUID and a missing missionId
both 400. No DB needed.

Verified: 2/2 route tests pass; typecheck + lint clean; CodeRabbit CLI no findings.

Claude-Session: https://claude.ai/code/session_01HgjBcWAo4VLxXMf22NPBZx
@vercel

vercel Bot commented Jun 23, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
ops-board-web Ready Ready Preview, Comment Jun 23, 2026 8:32am

@coderabbitai

coderabbitai Bot commented Jun 23, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@RyRy79261, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 35 minutes and 5 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses rolling per-developer review limits. Reviews become available again as older review attempts age out of the rolling limit window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 542ce81e-69fa-43b6-a582-a839a6fb5051

📥 Commits

Reviewing files that changed from the base of the PR and between 6e268b3 and 79fe024.

📒 Files selected for processing (2)
  • apps/web/app/api/research/parse/route.ts
  • apps/web/lib/__tests__/research-parse-route.test.ts
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/research-parse-missionid-validation

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@RyRy79261 RyRy79261 merged commit da4cf14 into main Jun 23, 2026
14 checks passed
@RyRy79261 RyRy79261 deleted the fix/research-parse-missionid-validation branch June 23, 2026 10:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant