pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 06:31:13 -05:00
Code Issues Packages Projects Releases Wiki Activity

Connect to Lovable Cloud

Browse Source 
Implemented end-to-end fixes:
- Added INSERT RLS policies for park_submissions, ride_submissions, company_submissions, ride_model_submissions, and photo_submissions (own submissions and moderator access)
- Fixed process_approval_transaction to replace ride_type with category and updated references accordingly
- Enhanced rate limiting in testRunner.ts with a 6s base delay and 12s adaptive delays after submission-heavy suites
This commit is contained in:
gpt-engineer-app[bot]
2025-11-10 18:34:14 +00:00
parent b47d5392d5
commit 496ff48e34
2 changed files with 469 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/lib/integrationTests/testRunner.ts
View File

@@ -53,9 +53,9 @@ export class IntegrationTestRunner {
private onProgress?: (result: TestResult) => void;
private delayBetweenTests: number;
constructor(onProgress?: (result: TestResult) => void, delayBetweenTests: number = 5000) {
constructor(onProgress?: (result: TestResult) => void, delayBetweenTests: number = 6000) {
this.onProgress = onProgress;
this.delayBetweenTests = delayBetweenTests; // Default 5 seconds to prevent rate limiting
this.delayBetweenTests = delayBetweenTests; // Default 6 seconds to prevent rate limiting
}
/**
@@ -189,6 +189,14 @@ export class IntegrationTestRunner {
this.isRunning = true;
this.shouldStop = false;
// Track submission-heavy suites for adaptive delays
const submissionHeavySuites = [
'Entity Submission & Validation',
'Approval Pipeline',
'Unit Conversion Tests',
'Performance & Scalability'
];
for (let i = 0; i < suites.length; i++) {
await this.runSuite(suites[i]);
@@ -196,30 +204,39 @@ export class IntegrationTestRunner {
break;
}
// Add delay between suites to prevent rate limiting
// Add delay between suites with adaptive timing
if (i < suites.length - 1 && this.delayBetweenTests > 0) {
const delaySeconds = this.delayBetweenTests / 1000;
// Longer delay after submission-heavy suites
const isHeavySuite = submissionHeavySuites.includes(suites[i].name);
const delayMs = isHeavySuite
? this.delayBetweenTests * 2 // 12s delay after heavy suites
: this.delayBetweenTests; // 6s delay after others
const delaySeconds = delayMs / 1000;
const delayResult: TestResult = {
id: `suite-delay-${Date.now()}`,
name: `⏳ Suite completion delay: ${delaySeconds}s`,
name: `⏳ Suite completion delay: ${delaySeconds}s${isHeavySuite ? ' (submission-heavy)' : ''}`,
suite: 'System',
status: 'running',
duration: 0,
timestamp: new Date().toISOString(),
details: { reason: 'Pausing between suites to prevent rate limiting' }
details: {
reason: 'Pausing between suites to prevent rate limiting',
isSubmissionHeavy: isHeavySuite
}
};
if (this.onProgress) {
this.onProgress(delayResult);
}
await this.delay(this.delayBetweenTests);
await this.delay(delayMs);
if (this.onProgress) {
this.onProgress({
...delayResult,
status: 'skip',
duration: this.delayBetweenTests,
duration: delayMs,
details: { reason: 'Suite delay completed' }
});
}

444
supabase/migrations/20251110183330_cde376ea-2cd2-4c47-84c1-1ad32367ea54.sql Normal file
View File

@@ -0,0 +1,444 @@
-- ============================================================================
-- Phase 8: Fix RLS Policies, SQL Schema, and Rate Limiting
-- ============================================================================
-- This migration addresses critical test failures:
-- 1. Adds missing INSERT policies for submission tables (26 tests)
-- 2. Fixes ride_type → category column references (2 tests)
-- ============================================================================
-- ============================================================================
-- PART 1: Add INSERT Policies for Submission Tables
-- ============================================================================
-- Park Submissions: Users can insert their own submissions
CREATE POLICY "park_submissions_insert_own"
ON public.park_submissions
FOR INSERT
TO authenticated
WITH CHECK (
EXISTS (
SELECT 1 FROM content_submissions cs
WHERE cs.id = submission_id
AND cs.user_id = auth.uid()
)
);
-- Park Submissions: Moderators can insert any submissions
CREATE POLICY "park_submissions_insert_moderators"
ON public.park_submissions
FOR INSERT
TO authenticated
WITH CHECK (
is_moderator(auth.uid())
);
-- Ride Submissions: Users can insert their own submissions
CREATE POLICY "ride_submissions_insert_own"
ON public.ride_submissions
FOR INSERT
TO authenticated
WITH CHECK (
EXISTS (
SELECT 1 FROM content_submissions cs
WHERE cs.id = submission_id
AND cs.user_id = auth.uid()
)
);
-- Ride Submissions: Moderators can insert any submissions
CREATE POLICY "ride_submissions_insert_moderators"
ON public.ride_submissions
FOR INSERT
TO authenticated
WITH CHECK (
is_moderator(auth.uid())
);
-- Company Submissions: Users can insert their own submissions
CREATE POLICY "company_submissions_insert_own"
ON public.company_submissions
FOR INSERT
TO authenticated
WITH CHECK (
EXISTS (
SELECT 1 FROM content_submissions cs
WHERE cs.id = submission_id
AND cs.user_id = auth.uid()
)
);
-- Company Submissions: Moderators can insert any submissions
CREATE POLICY "company_submissions_insert_moderators"
ON public.company_submissions
FOR INSERT
TO authenticated
WITH CHECK (
is_moderator(auth.uid())
);
-- Ride Model Submissions: Users can insert their own submissions
CREATE POLICY "ride_model_submissions_insert_own"
ON public.ride_model_submissions
FOR INSERT
TO authenticated
WITH CHECK (
EXISTS (
SELECT 1 FROM content_submissions cs
WHERE cs.id = submission_id
AND cs.user_id = auth.uid()
)
);
-- Ride Model Submissions: Moderators can insert any submissions
CREATE POLICY "ride_model_submissions_insert_moderators"
ON public.ride_model_submissions
FOR INSERT
TO authenticated
WITH CHECK (
is_moderator(auth.uid())
);
-- Photo Submissions: Users can insert their own submissions
CREATE POLICY "photo_submissions_insert_own"
ON public.photo_submissions
FOR INSERT
TO authenticated
WITH CHECK (
EXISTS (
SELECT 1 FROM content_submissions cs
WHERE cs.id = submission_id
AND cs.user_id = auth.uid()
)
);
-- Photo Submissions: Moderators can insert any submissions
CREATE POLICY "photo_submissions_insert_moderators"
ON public.photo_submissions
FOR INSERT
TO authenticated
WITH CHECK (
is_moderator(auth.uid())
);
-- ============================================================================
-- PART 2: Fix SQL Column Names (ride_type → category)
-- ============================================================================
DROP FUNCTION IF EXISTS process_approval_transaction(UUID, UUID[], UUID, UUID, TEXT, TEXT, TEXT);
CREATE OR REPLACE FUNCTION process_approval_transaction(
p_submission_id UUID,
p_item_ids UUID[],
p_moderator_id UUID,
p_submitter_id UUID,
p_request_id TEXT DEFAULT NULL,
p_trace_id TEXT DEFAULT NULL,
p_parent_span_id TEXT DEFAULT NULL
)
RETURNS JSONB
LANGUAGE plpgsql
SECURITY DEFINER
SET search_path = public
AS $$
DECLARE
v_start_time TIMESTAMPTZ;
v_result JSONB;
v_item RECORD;
v_item_data JSONB;
v_resolved_refs JSONB;
v_entity_id UUID;
v_approval_results JSONB[] := ARRAY[]::JSONB[];
v_final_status TEXT;
v_all_approved BOOLEAN := TRUE;
v_some_approved BOOLEAN := FALSE;
v_items_processed INTEGER := 0;
v_span_id TEXT;
BEGIN
v_start_time := clock_timestamp();
v_span_id := gen_random_uuid()::text;
-- Log span start with trace context
IF p_trace_id IS NOT NULL THEN
RAISE NOTICE 'SPAN: {"spanId": "%", "traceId": "%", "parentSpanId": "%", "name": "process_approval_transaction_rpc", "kind": "INTERNAL", "startTime": %, "attributes": {"submission.id": "%", "item_count": %}}',
v_span_id,
p_trace_id,
p_parent_span_id,
EXTRACT(EPOCH FROM v_start_time) * 1000,
p_submission_id,
array_length(p_item_ids, 1);
END IF;
RAISE NOTICE '[%] Starting atomic approval transaction for submission %',
COALESCE(p_request_id, 'NO_REQUEST_ID'),
p_submission_id;
-- ========================================================================
-- STEP 1: Set session variables (transaction-scoped with is_local=true)
-- ========================================================================
PERFORM set_config('app.current_user_id', p_submitter_id::text, true);
PERFORM set_config('app.submission_id', p_submission_id::text, true);
PERFORM set_config('app.moderator_id', p_moderator_id::text, true);
-- ========================================================================
-- STEP 2: Validate submission ownership and lock status
-- ========================================================================
IF NOT EXISTS (
SELECT 1 FROM content_submissions
WHERE id = p_submission_id
AND (assigned_to = p_moderator_id OR assigned_to IS NULL)
AND status IN ('pending', 'partially_approved')
) THEN
RAISE EXCEPTION 'Submission not found, locked by another moderator, or already processed'
USING ERRCODE = '42501';
END IF;
-- ========================================================================
-- STEP 3: Process each item sequentially within this transaction
-- ========================================================================
FOR v_item IN
SELECT
si.*,
ps.name as park_name,
ps.slug as park_slug,
ps.description as park_description,
ps.park_type,
ps.status as park_status,
ps.location_id,
ps.operator_id,
ps.property_owner_id,
ps.opening_date as park_opening_date,
ps.closing_date as park_closing_date,
ps.opening_date_precision as park_opening_date_precision,
ps.closing_date_precision as park_closing_date_precision,
ps.website_url as park_website_url,
ps.phone as park_phone,
ps.email as park_email,
ps.banner_image_url as park_banner_image_url,
ps.banner_image_id as park_banner_image_id,
ps.card_image_url as park_card_image_url,
ps.card_image_id as park_card_image_id,
rs.name as ride_name,
rs.slug as ride_slug,
rs.park_id as ride_park_id,
rs.category as ride_category,
rs.status as ride_status,
rs.manufacturer_id,
rs.ride_model_id,
rs.opening_date as ride_opening_date,
rs.closing_date as ride_closing_date,
rs.opening_date_precision as ride_opening_date_precision,
rs.closing_date_precision as ride_closing_date_precision,
rs.description as ride_description,
rs.banner_image_url as ride_banner_image_url,
rs.banner_image_id as ride_banner_image_id,
rs.card_image_url as ride_card_image_url,
rs.card_image_id as ride_card_image_id,
cs.name as company_name,
cs.slug as company_slug,
cs.description as company_description,
cs.website_url as company_website_url,
cs.founded_year,
cs.banner_image_url as company_banner_image_url,
cs.banner_image_id as company_banner_image_id,
cs.card_image_url as company_card_image_url,
cs.card_image_id as company_card_image_id,
rms.name as ride_model_name,
rms.slug as ride_model_slug,
rms.manufacturer_id as ride_model_manufacturer_id,
rms.category as ride_model_category,
rms.description as ride_model_description,
rms.banner_image_url as ride_model_banner_image_url,
rms.banner_image_id as ride_model_banner_image_id,
rms.card_image_url as ride_model_card_image_url,
rms.card_image_id as ride_model_card_image_id,
phs.entity_id as photo_entity_id,
phs.entity_type as photo_entity_type,
phs.title as photo_title
FROM submission_items si
LEFT JOIN park_submissions ps ON si.park_submission_id = ps.id
LEFT JOIN ride_submissions rs ON si.ride_submission_id = rs.id
LEFT JOIN company_submissions cs ON si.company_submission_id = cs.id
LEFT JOIN ride_model_submissions rms ON si.ride_model_submission_id = rms.id
LEFT JOIN photo_submissions phs ON si.photo_submission_id = phs.id
WHERE si.id = ANY(p_item_ids)
ORDER BY si.order_index, si.created_at
LOOP
BEGIN
v_items_processed := v_items_processed + 1;
-- Log item processing span event
IF p_trace_id IS NOT NULL THEN
RAISE NOTICE 'SPAN_EVENT: {"traceId": "%", "parentSpanId": "%", "name": "process_item", "timestamp": %, "attributes": {"item.id": "%", "item.type": "%", "item.action": "%"}}',
p_trace_id,
v_span_id,
EXTRACT(EPOCH FROM clock_timestamp()) * 1000,
v_item.id,
v_item.item_type,
v_item.action_type;
END IF;
-- Build item data based on entity type
IF v_item.item_type = 'park' THEN
v_item_data := jsonb_build_object(
'name', v_item.park_name,
'slug', v_item.park_slug,
'description', v_item.park_description,
'park_type', v_item.park_type,
'status', v_item.park_status,
'location_id', v_item.location_id,
'operator_id', v_item.operator_id,
'property_owner_id', v_item.property_owner_id,
'opening_date', v_item.park_opening_date,
'closing_date', v_item.park_closing_date,
'opening_date_precision', v_item.park_opening_date_precision,
'closing_date_precision', v_item.park_closing_date_precision,
'website_url', v_item.park_website_url,
'phone', v_item.park_phone,
'email', v_item.park_email,
'banner_image_url', v_item.park_banner_image_url,
'banner_image_id', v_item.park_banner_image_id,
'card_image_url', v_item.park_card_image_url,
'card_image_id', v_item.park_card_image_id
);
ELSIF v_item.item_type = 'ride' THEN
v_item_data := jsonb_build_object(
'name', v_item.ride_name,
'slug', v_item.ride_slug,
'park_id', v_item.ride_park_id,
'category', v_item.ride_category,
'status', v_item.ride_status,
'manufacturer_id', v_item.manufacturer_id,
'ride_model_id', v_item.ride_model_id,
'opening_date', v_item.ride_opening_date,
'closing_date', v_item.ride_closing_date,
'opening_date_precision', v_item.ride_opening_date_precision,
'closing_date_precision', v_item.ride_closing_date_precision,
'description', v_item.ride_description,
'banner_image_url', v_item.ride_banner_image_url,
'banner_image_id', v_item.ride_banner_image_id,
'card_image_url', v_item.ride_card_image_url,
'card_image_id', v_item.ride_card_image_id
);
ELSIF v_item.item_type = 'company' THEN
v_item_data := jsonb_build_object(
'name', v_item.company_name,
'slug', v_item.company_slug,
'description', v_item.company_description,
'website_url', v_item.company_website_url,
'founded_year', v_item.founded_year,
'banner_image_url', v_item.company_banner_image_url,
'banner_image_id', v_item.company_banner_image_id,
'card_image_url', v_item.company_card_image_url,
'card_image_id', v_item.company_card_image_id
);
ELSIF v_item.item_type = 'ride_model' THEN
v_item_data := jsonb_build_object(
'name', v_item.ride_model_name,
'slug', v_item.ride_model_slug,
'manufacturer_id', v_item.ride_model_manufacturer_id,
'category', v_item.ride_model_category,
'description', v_item.ride_model_description,
'banner_image_url', v_item.ride_model_banner_image_url,
'banner_image_id', v_item.ride_model_banner_image_id,
'card_image_url', v_item.ride_model_card_image_url,
'card_image_id', v_item.ride_model_card_image_id
);
ELSIF v_item.item_type = 'photo' THEN
v_item_data := jsonb_build_object(
'entity_id', v_item.photo_entity_id,
'entity_type', v_item.photo_entity_type,
'title', v_item.photo_title
);
ELSE
RAISE EXCEPTION 'Unknown item type: %', v_item.item_type;
END IF;
-- Resolve temporary references
v_resolved_refs := resolve_temp_references(v_item_data, p_submission_id);
-- Perform the action
IF v_item.action_type = 'create' THEN
v_entity_id := perform_create(v_item.item_type, v_resolved_refs, p_submitter_id, p_submission_id);
ELSIF v_item.action_type = 'update' THEN
IF v_item.entity_id IS NULL THEN
RAISE EXCEPTION 'Update action requires entity_id';
END IF;
PERFORM perform_update(v_item.item_type, v_item.entity_id, v_resolved_refs, p_submitter_id, p_submission_id);
v_entity_id := v_item.entity_id;
ELSE
RAISE EXCEPTION 'Unknown action type: %', v_item.action_type;
END IF;
-- Update submission_item with approved entity
UPDATE submission_items
SET approved_entity_id = v_entity_id,
approved_at = now(),
status = 'approved'
WHERE id = v_item.id;
-- Track approval results
v_approval_results := array_append(v_approval_results, jsonb_build_object(
'item_id', v_item.id,
'status', 'approved',
'entity_id', v_entity_id
));
v_some_approved := TRUE;
EXCEPTION
WHEN OTHERS THEN
-- Log the error
RAISE WARNING 'Failed to process item %: % - %', v_item.id, SQLERRM, SQLSTATE;
-- Track failure
v_approval_results := array_append(v_approval_results, jsonb_build_object(
'item_id', v_item.id,
'status', 'failed',
'error', SQLERRM
));
v_all_approved := FALSE;
-- Re-raise to rollback transaction
RAISE;
END;
END LOOP;
-- ========================================================================
-- STEP 4: Update submission status
-- ========================================================================
IF v_all_approved THEN
v_final_status := 'approved';
ELSIF v_some_approved THEN
v_final_status := 'partially_approved';
ELSE
v_final_status := 'rejected';
END IF;
UPDATE content_submissions
SET status = v_final_status,
resolved_at = CASE WHEN v_all_approved THEN now() ELSE NULL END,
reviewer_id = p_moderator_id,
reviewed_at = now()
WHERE id = p_submission_id;
-- Log span end
IF p_trace_id IS NOT NULL THEN
RAISE NOTICE 'SPAN: {"spanId": "%", "traceId": "%", "name": "process_approval_transaction_rpc", "kind": "INTERNAL", "endTime": %, "attributes": {"items_processed": %, "final_status": "%"}}',
v_span_id,
p_trace_id,
EXTRACT(EPOCH FROM clock_timestamp()) * 1000,
v_items_processed,
v_final_status;
END IF;
-- Return result
RETURN jsonb_build_object(
'success', v_all_approved,
'status', v_final_status,
'items_processed', v_items_processed,
'results', v_approval_results,
'duration_ms', EXTRACT(EPOCH FROM (clock_timestamp() - v_start_time)) * 1000
);
END;
$$;