mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity

fix(api,web): resolve RLS context SQL error, workspace guard crash, and projects response unwrapping
All checks were successful
ci/woodpecker/push/api Pipeline was successful
Details
ci/woodpecker/push/web Pipeline was successful
Details

Browse Source 
Three runtime bugs found during production site testing:

1. PrismaService.setWorkspaceContext used SET LOCAL with Prisma tagged templates,
   which produces parameterized SQL ($1) that PostgreSQL rejects in SET statements.
   Changed to set_config() which safely accepts parameterized values — matching
   the pattern already used in RlsContextInterceptor.

2. WorkspaceGuard.extractWorkspaceId accessed request.body.workspaceId without
   null-checking body, causing TypeError on GET requests where body is undefined.
   Added runtime type guard with explicit cast.

3. fetchProjects() cast the API response as Project[] but the backend returns
   { data: Project[], meta: {...} } paginated wrapper. Added response.data
   unwrapping to match the actual API contract.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-26 22:04:02 -06:00
parent 21bf7e050f
commit 07f507585f
3 changed files with 13 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
apps/web/src/lib/api/projects.ts
View File

@@ -65,7 +65,8 @@ export interface UpdateProjectDto {
* Fetch all projects for a workspace
*/
export async function fetchProjects(workspaceId?: string): Promise<Project[]> {
return apiGet<Project[]>("/api/projects", workspaceId);
const response = await apiGet<{ data: Project[]; meta?: unknown }>("/api/projects", workspaceId);
return response.data;
}
/**