mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(api): fix RLS context, DTO validation, and error handling

Browse Source 
- Wrap SET LOCAL in transactions for proper connection pooling
- Make workspaceId optional in query DTOs (derived from guards)
- Replace Error throws with UnauthorizedException in activity controller
- Update workspace guard to remove RLS context setting
- Document that services should use withUserContext/withUserTransaction
This commit is contained in:
Jason Woltje
2026-01-29 20:14:27 -06:00
parent 95833fb4ea
commit 26a0df835f
9 changed files with 63 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
apps/api/src/activity/activity.controller.ts
View File

@@ -1,4 +1,12 @@
import { Controller, Get, Query, Param, UseGuards, Request } from "@nestjs/common";
import {
Controller,
Get,
Query,
Param,
UseGuards,
Request,
UnauthorizedException
} from "@nestjs/common";
import { ActivityService } from "./activity.service";
import { EntityType } from "@prisma/client";
import type { QueryActivityLogDto } from "./dto";
@@ -34,7 +42,7 @@ export class ActivityController {
async findOne(@Param("id") id: string, @Request() req: any) {
const workspaceId = req.user?.workspaceId;
if (!workspaceId) {
throw new Error("User workspaceId not found");
throw new UnauthorizedException("User workspaceId not found");
}
return this.activityService.findOne(id, workspaceId);
}
@@ -52,7 +60,7 @@ export class ActivityController {
) {
const workspaceId = req.user?.workspaceId;
if (!workspaceId) {
throw new Error("User workspaceId not found");
throw new UnauthorizedException("User workspaceId not found");
}
return this.activityService.getAuditTrail(workspaceId, entityType, entityId);
}