Fix composite submission protections

Implement Phase 4 by adding `recordSubmissionAttempt` and `withRetry` logic to the ban check for composite submissions. This ensures better error handling and prevents bypass of ban checks due to transient network issues.
2025-12-20 09:11:12 -05:00 · 2025-11-07 20:24:00 +00:00
parent c52e538932
commit 26e2253c70
1 changed files with 18 additions and 17 deletions
--- a/src/lib/entitySubmissionHelpers.ts
+++ b/src/lib/entitySubmissionHelpers.ts
@@ -252,9 +252,12 @@ async function submitCompositeCreation(
  dependencies: CompositeSubmissionDependency[],
  userId: string
 ): Promise<{ submitted: boolean; submissionId: string }> {
+  const { withRetry } = await import('./retryHelpers');
+  
  try {
    // Phase 3: Rate limiting check
    checkRateLimitOrThrow(userId, 'composite_creation');
+    recordSubmissionAttempt(userId);
    
    breadcrumb.userAction('Start composite submission', 'submitCompositeCreation', {
      primaryType: primaryEntity.type,
@@ -262,24 +265,23 @@ async function submitCompositeCreation(
      userId
    });

-    // Check if user is banned
+    // Check if user is banned with retry logic
    breadcrumb.apiCall('profiles', 'SELECT');
-    try {
-      const { data: profile, error } = await supabase
-        .from('profiles')
-        .select('banned')
-        .eq('user_id', userId)
-        .single();
+    const profile = await withRetry(
+      async () => {
+        const { data, error } = await supabase
+          .from('profiles')
+          .select('banned')
+          .eq('user_id', userId)
+          .single();
+        if (error) throw error;
+        return data;
+      },
+      { maxAttempts: 2 }
+    );

-      if (error) {
-        throw new Error(`Failed to check user status: ${error.message}`);
-      }
-
-      if (profile?.banned) {
-        throw new Error('Account suspended. Contact support for assistance.');
-      }
-    } catch (error) {
-      throw error instanceof Error ? error : new Error(`User check failed: ${String(error)}`);
+    if (profile?.banned) {
+      throw new Error('Account suspended. Contact support for assistance.');
    }

    // Upload all pending images for all entities
@@ -526,7 +528,6 @@ async function submitCompositeCreation(

    // Use RPC to create submission with items atomically with retry logic
    breadcrumb.apiCall('create_submission_with_items', 'RPC');
-    const { withRetry } = await import('./retryHelpers');
    const { toast } = await import('@/hooks/use-toast');
    
    const result = await withRetry(