diff options
| author | Fuwn <[email protected]> | 2026-02-07 05:41:07 -0800 |
|---|---|---|
| committer | Fuwn <[email protected]> | 2026-02-07 05:41:07 -0800 |
| commit | a1a405e56a0907ed44bfaba721e0ea632e051141 (patch) | |
| tree | 99621f7c1407eed732eeb5742fc7458c14ee6d48 /apps/web/app/api/v1 | |
| parent | security: remove unsafe-eval CSP, fix host header injection, harden API routes (diff) | |
| download | asa.news-a1a405e56a0907ed44bfaba721e0ea632e051141.tar.xz asa.news-a1a405e56a0907ed44bfaba721e0ea632e051141.zip | |
fix: resolve 6 pre-ship audit bugs
- Webhook entry identifier: use entry GUID instead of feed identifier
- Optimistic rollback: add previousTimeline snapshot and onError handler
to both useToggleEntryReadState and useToggleEntrySavedState
- Rate limiter memory leak: delete Map entries when window expires,
use else-if to avoid re-setting after delete
- Entries API limit param: use Number.isFinite guard instead of falsy
coercion that treats 0 as default
- PWA manifest: add PNG raster icon routes (192x192, 512x512) for
devices that don't support SVG icons
- Billing webhook: throw on DB errors and return 500 so Stripe retries
failed events instead of silently losing them
Diffstat (limited to 'apps/web/app/api/v1')
| -rw-r--r-- | apps/web/app/api/v1/entries/route.ts | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/apps/web/app/api/v1/entries/route.ts b/apps/web/app/api/v1/entries/route.ts index e782e3b..8a2de62 100644 --- a/apps/web/app/api/v1/entries/route.ts +++ b/apps/web/app/api/v1/entries/route.ts @@ -18,7 +18,8 @@ export async function GET(request: Request) { const isSaved = searchParams.get("isSaved") const cursor = searchParams.get("cursor") const limitParameter = searchParams.get("limit") - const limit = Math.min(Math.max(Number(limitParameter) || 50, 1), 100) + const parsedLimit = Number(limitParameter) + const limit = Number.isFinite(parsedLimit) && parsedLimit > 0 ? Math.min(Math.floor(parsedLimit), 100) : 50 const adminClient = createSupabaseAdminClient() |