Fix: Implement pipeline error handling

Implement comprehensive error handling and robustness measures across the entire pipeline as per the detailed plan. This includes database-level security, client-side validation, scheduled maintenance, and fallback mechanisms for edge function failures.
2025-12-20 10:11:13 -05:00 · 2025-11-07 04:50:17 +00:00
parent 03aab90c90
commit a74b8d6e74
9 changed files with 513 additions and 64 deletions
--- a/supabase/config.toml
+++ b/supabase/config.toml
@@ -74,3 +74,6 @@ verify_jwt = false

 [functions.cleanup-old-versions]
 verify_jwt = false
+
+[functions.scheduled-maintenance]
+verify_jwt = false
--- a/supabase/functions/scheduled-maintenance/index.ts
+++ b/supabase/functions/scheduled-maintenance/index.ts
@@ -0,0 +1,77 @@
+import { serve } from 'https://deno.land/std@0.168.0/http/server.ts';
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2.57.4';
+import { edgeLogger } from '../_shared/logger.ts';
+
+const corsHeaders = {
+  'Access-Control-Allow-Origin': '*',
+  'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
+};
+
+serve(async (req: Request) => {
+  if (req.method === 'OPTIONS') {
+    return new Response(null, { headers: corsHeaders });
+  }
+
+  const requestId = crypto.randomUUID();
+
+  try {
+    edgeLogger.info('Starting scheduled maintenance', { requestId });
+
+    const supabase = createClient(
+      Deno.env.get('SUPABASE_URL')!,
+      Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
+    );
+
+    // Run system maintenance (orphaned image cleanup)
+    const { data, error } = await supabase.rpc('run_system_maintenance');
+    
+    if (error) {
+      edgeLogger.error('Maintenance failed', { requestId, error: error.message });
+      return new Response(
+        JSON.stringify({ 
+          success: false, 
+          error: error.message,
+          requestId 
+        }), 
+        { 
+          status: 500,
+          headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+        }
+      );
+    }
+
+    edgeLogger.info('Maintenance completed successfully', { 
+      requestId, 
+      result: data 
+    });
+
+    return new Response(
+      JSON.stringify({ 
+        success: true, 
+        result: data,
+        requestId 
+      }), 
+      { 
+        status: 200,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+      }
+    );
+  } catch (error) {
+    edgeLogger.error('Maintenance exception', { 
+      requestId, 
+      error: error instanceof Error ? error.message : String(error) 
+    });
+    
+    return new Response(
+      JSON.stringify({ 
+        success: false, 
+        error: 'Internal server error',
+        requestId 
+      }), 
+      { 
+        status: 500,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' }
+      }
+    );
+  }
+});
--- a/supabase/migrations/20251107044746_d2d30465-685b-432a-a6ca-b2b8e46935b9.sql
+++ b/supabase/migrations/20251107044746_d2d30465-685b-432a-a6ca-b2b8e46935b9.sql
@@ -0,0 +1,18 @@
+-- Phase 1: Critical Security Fixes for Sacred Pipeline
+-- Fix 1.1: Attach ban prevention trigger to content_submissions
+CREATE TRIGGER prevent_banned_submissions
+  BEFORE INSERT ON content_submissions
+  FOR EACH ROW
+  EXECUTE FUNCTION prevent_banned_user_submissions();
+
+-- Fix 1.2: Add RLS policy to prevent banned users from submitting
+CREATE POLICY "Banned users cannot submit"
+ON content_submissions
+FOR INSERT
+TO authenticated
+WITH CHECK (
+  NOT EXISTS (
+    SELECT 1 FROM profiles
+    WHERE user_id = auth.uid() AND banned = true
+  )
+);