fix(research): validate missionId as a UUID before the query (was a raw 500)#53
Conversation
…aw 500) /api/research/parse only checked that missionId was a non-empty string, then passed it to getMission — but missions.id is a uuid column, so a non-UUID value reached Postgres and threw "invalid input syntax for type uuid", surfacing as an unhandled 500. Validate it as a UUID at the boundary and return 400 instead. Test: research-parse-route.test.ts drives the route's reject path (auth + rate-limit mocked, vendors stubbed to crash if reached — they aren't, since the check precedes transcription/the DB). Asserts a non-UUID and a missing missionId both 400. No DB needed. Verified: 2/2 route tests pass; typecheck + lint clean; CodeRabbit CLI no findings. Claude-Session: https://claude.ai/code/session_01HgjBcWAo4VLxXMf22NPBZx
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Warning Review limit reached
More reviews will be available in 35 minutes and 5 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate. For paid Pro and Pro+ PR reviews, CodeRabbit uses rolling per-developer review limits. Reviews become available again as older review attempts age out of the rolling limit window. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
The bug (low, from the 2026-06-23 audit)
/api/research/parseonly checked thatmissionIdwas a non-empty string, then passed it togetMission. Butmissions.idis a uuid column, so a non-UUID value reached Postgres and threwinvalid input syntax for type uuid— surfacing as an unhandled 500 on bad client input.The fix
Validate
missionIdwithz.string().uuid()at the boundary and return 400 for a malformed/missing id (the well-formed-but-nonexistent case still 404s downstream, unchanged).Test
research-parse-route.test.tsdrives the route's reject path directly — auth + rate-limit mocked, vendors stubbed to crash if reached (they aren't: the check precedes transcription and the DB query). Asserts a non-UUID and a missingmissionIdboth return 400. No DB required, so it runs in the plainverifyjob too.Verification
https://claude.ai/code/session_01HgjBcWAo4VLxXMf22NPBZx