pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 06:11:11 -05:00
Code Issues Packages Projects Releases Wiki Activity

Improve error handling and stability across the application

Browse Source 
Refactor error handling in `useEntityVersions` and `useSearch` hooks, enhance `NotificationService` with better error extraction and logging, and implement critical fallback mechanisms in the `detect-location` function's rate limit cleanup. Update CORS configuration in `upload-image` function for stricter origin checks and better security.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: f4df1950-6410-48d0-b2de-f4096732504b
Replit-Commit-Checkpoint-Type: intermediate_checkpoint
This commit is contained in:
pac7
2025-10-08 20:23:01 +00:00
parent 26aeb46c8a
commit b580db3fb0
6 changed files with 294 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.replit
View File

@@ -33,3 +33,7 @@ outputType = "webview"
[[ports]]
localPort = 5000
externalPort = 80
[[ports]]
localPort = 33153
externalPort = 3000

45
src/hooks/useEntityVersions.ts
View File

@@ -46,14 +46,21 @@ export function useEntityVersions(entityType: string, entityId: string) {
// Use a request counter to track the latest fetch and prevent race conditions
const requestCounterRef = useRef(0);
// Request counter for fetchFieldHistory
const fieldHistoryRequestCounterRef = useRef(0);
const fetchVersions = useCallback(async () => {
try {
if (!isMountedRef.current) return;
// Increment counter and capture the current request ID
// Increment counter and capture the current request ID BEFORE try block
const currentRequestId = ++requestCounterRef.current;
try {
// Only set loading if this is still the latest request
if (isMountedRef.current && currentRequestId === requestCounterRef.current) {
setLoading(true);
}
const { data, error } = await supabase
.from('entity_versions')
@@ -64,8 +71,8 @@ export function useEntityVersions(entityType: string, entityId: string) {
if (error) throw error;
// Only continue if this is still the latest request
if (currentRequestId !== requestCounterRef.current) return;
// Only continue if this is still the latest request and component is mounted
if (!isMountedRef.current || currentRequestId !== requestCounterRef.current) return;
// Safety check: verify data is an array before processing
if (!Array.isArray(data)) {
@@ -84,8 +91,8 @@ export function useEntityVersions(entityType: string, entityId: string) {
.select('user_id, username, avatar_url')
.in('user_id', userIds);
// Check again if this is still the latest request
if (currentRequestId !== requestCounterRef.current) return;
// Check again if this is still the latest request and component is mounted
if (!isMountedRef.current || currentRequestId !== requestCounterRef.current) return;
// Safety check: verify profiles array exists before filtering
const profilesArray = Array.isArray(profiles) ? profiles : [];
@@ -109,8 +116,10 @@ export function useEntityVersions(entityType: string, entityId: string) {
}
} catch (error: any) {
console.error('Error fetching versions:', error);
if (isMountedRef.current) {
// Safe error message access with fallback
// Use the captured currentRequestId (DO NOT re-read requestCounterRef.current)
// Only update state if component is mounted and this is still the latest request
if (isMountedRef.current && currentRequestId === requestCounterRef.current) {
const errorMessage = error?.message || 'Failed to load version history';
toast.error(errorMessage);
setLoading(false);
@@ -119,6 +128,11 @@ export function useEntityVersions(entityType: string, entityId: string) {
}, [entityType, entityId]);
const fetchFieldHistory = async (versionId: string) => {
if (!isMountedRef.current) return;
// Increment counter and capture the current request ID BEFORE try block
const currentRequestId = ++fieldHistoryRequestCounterRef.current;
try {
const { data, error } = await supabase
.from('entity_field_history')
@@ -128,14 +142,17 @@ export function useEntityVersions(entityType: string, entityId: string) {
if (error) throw error;
if (isMountedRef.current) {
// Safety check: ensure data is an array
// Only update state if component is mounted and this is still the latest request
if (isMountedRef.current && currentRequestId === fieldHistoryRequestCounterRef.current) {
const fieldChanges = Array.isArray(data) ? data as FieldChange[] : [];
setFieldHistory(fieldChanges);
}
} catch (error: any) {
console.error('Error fetching field history:', error);
if (isMountedRef.current) {
// Use the captured currentRequestId (DO NOT re-read fieldHistoryRequestCounterRef.current)
// Only show error if component is mounted and this is still the latest request
if (isMountedRef.current && currentRequestId === fieldHistoryRequestCounterRef.current) {
const errorMessage = error?.message || 'Failed to load field history';
toast.error(errorMessage);
}
@@ -164,6 +181,8 @@ export function useEntityVersions(entityType: string, entityId: string) {
const rollbackToVersion = async (targetVersionId: string, reason: string) => {
try {
if (!isMountedRef.current) return null;
const { data: userData } = await supabase.auth.getUser();
if (!userData.user) throw new Error('Not authenticated');
@@ -194,6 +213,8 @@ export function useEntityVersions(entityType: string, entityId: string) {
const createVersion = async (versionData: any, changeReason?: string, submissionId?: string) => {
try {
if (!isMountedRef.current) return null;
const { data: userData } = await supabase.auth.getUser();
if (!userData.user) throw new Error('Not authenticated');
@@ -273,7 +294,7 @@ export function useEntityVersions(entityType: string, entityId: string) {
channelRef.current = null;
}
};
}, [entityType, entityId]);
}, [entityType, entityId, fetchVersions]);
// Set mounted ref on mount and cleanup on unmount
useEffect(() => {

20
src/hooks/useSearch.tsx
View File

@@ -27,7 +27,7 @@ const DEFAULT_MIN_QUERY = 2;
const DEFAULT_DEBOUNCE_MS = 300;
export function useSearch(options: UseSearchOptions = {}) {
// State declarations MUST come first to maintain hook order
// All hooks declarations in stable order
const [query, setQuery] = useState('');
const [results, setResults] = useState<SearchResult[]>([]);
const [loading, setLoading] = useState(false);
@@ -35,15 +35,17 @@ export function useSearch(options: UseSearchOptions = {}) {
const [recentSearches, setRecentSearches] = useState<string[]>([]);
const [debouncedQuery, setDebouncedQuery] = useState('');
// Stabilize options using JSON stringify to prevent infinite loops from array recreation
const optionsKey = JSON.stringify({
types: options.types || DEFAULT_TYPES,
limit: options.limit || DEFAULT_LIMIT,
minQuery: options.minQuery || DEFAULT_MIN_QUERY,
debounceMs: options.debounceMs || DEFAULT_DEBOUNCE_MS
});
// Use useMemo to stabilize options, but use safe defaults to prevent undefined errors during HMR
const stableOptions = useMemo(() => {
const safeOptions = options || {};
return {
types: safeOptions.types || DEFAULT_TYPES,
limit: safeOptions.limit ?? DEFAULT_LIMIT,
minQuery: safeOptions.minQuery ?? DEFAULT_MIN_QUERY,
debounceMs: safeOptions.debounceMs ?? DEFAULT_DEBOUNCE_MS,
};
}, [options]);
const stableOptions = useMemo(() => JSON.parse(optionsKey), [optionsKey]);
const { types, limit, minQuery, debounceMs } = stableOptions;
useEffect(() => {

110
src/lib/notificationService.ts
View File

@@ -38,6 +38,16 @@ class NotificationService {
this.isNovuEnabled = !!import.meta.env.VITE_NOVU_APPLICATION_IDENTIFIER;
}
private extractErrorMessage(error: unknown): string {
if (error instanceof Error) {
return error.message;
}
if (error && typeof error === 'object' && 'message' in error && typeof error.message === 'string') {
return error.message;
}
return 'An unexpected error occurred';
}
/**
* Create or update a Novu subscriber
*/
@@ -52,9 +62,17 @@ class NotificationService {
body: subscriberData,
});
if (error) throw error;
if (error) {
console.error('Edge function error creating Novu subscriber:', error);
throw error;
}
if (!data || !data.subscriberId) {
const errorMsg = 'Invalid response from create-novu-subscriber function';
console.error(errorMsg, { data });
return { success: false, error: errorMsg };
}
// Update local database with Novu subscriber ID
const { error: dbError } = await supabase
.from('user_notification_preferences')
.upsert({
@@ -62,12 +80,16 @@ class NotificationService {
novu_subscriber_id: data.subscriberId,
});
if (dbError) throw dbError;
if (dbError) {
console.error('Database error storing subscriber preferences:', dbError);
throw dbError;
}
console.log('Novu subscriber created successfully:', data.subscriberId);
return { success: true };
} catch (error: any) {
} catch (error: unknown) {
console.error('Error creating Novu subscriber:', error);
return { success: false, error: error instanceof Error ? error.message : 'An unexpected error occurred' };
return { success: false, error: this.extractErrorMessage(error) };
}
}
@@ -85,13 +107,16 @@ class NotificationService {
body: subscriberData,
});
if (error) throw error;
if (error) {
console.error('Edge function error updating Novu subscriber:', error);
throw error;
}
console.log('Novu subscriber updated successfully');
console.log('Novu subscriber updated successfully:', subscriberData.subscriberId);
return { success: true };
} catch (error: any) {
} catch (error: unknown) {
console.error('Error updating Novu subscriber:', error);
return { success: false, error: error instanceof Error ? error.message : 'An unexpected error occurred' };
return { success: false, error: this.extractErrorMessage(error) };
}
}
@@ -103,7 +128,6 @@ class NotificationService {
preferences: NotificationPreferences
): Promise<{ success: boolean; error?: string }> {
if (!this.isNovuEnabled) {
// Save to local database only
try {
const { error } = await supabase
.from('user_notification_preferences')
@@ -114,10 +138,16 @@ class NotificationService {
frequency_settings: preferences.frequencySettings,
});
if (error) throw error;
if (error) {
console.error('Database error saving preferences (Novu disabled):', error);
throw error;
}
console.log('Preferences saved to local database:', userId);
return { success: true };
} catch (error: any) {
return { success: false, error: error.message };
} catch (error: unknown) {
console.error('Error saving preferences to local database:', error);
return { success: false, error: this.extractErrorMessage(error) };
}
}
@@ -129,9 +159,11 @@ class NotificationService {
},
});
if (error) throw error;
if (error) {
console.error('Edge function error updating Novu preferences:', error);
throw error;
}
// Also update local database
const { error: dbError } = await supabase
.from('user_notification_preferences')
.upsert({
@@ -141,12 +173,16 @@ class NotificationService {
frequency_settings: preferences.frequencySettings,
});
if (dbError) throw dbError;
if (dbError) {
console.error('Database error saving preferences locally:', dbError);
throw dbError;
}
console.log('Preferences updated successfully:', userId);
return { success: true };
} catch (error: any) {
} catch (error: unknown) {
console.error('Error updating preferences:', error);
return { success: false, error: error.message };
return { success: false, error: this.extractErrorMessage(error) };
}
}
@@ -164,9 +200,17 @@ class NotificationService {
body: payload,
});
if (error) throw error;
if (error) {
console.error('Edge function error triggering notification:', error);
throw error;
}
if (!data || !data.transactionId) {
const errorMsg = 'Invalid response from trigger-notification function';
console.error(errorMsg, { data });
return { success: false, error: errorMsg };
}
// Log notification in local database
await this.logNotification({
userId: payload.subscriberId,
workflowId: payload.workflowId,
@@ -174,10 +218,11 @@ class NotificationService {
payload: payload.payload,
});
console.log('Notification triggered successfully:', data.transactionId);
return { success: true, transactionId: data.transactionId };
} catch (error: any) {
} catch (error: unknown) {
console.error('Error triggering notification:', error);
return { success: false, error: error.message };
return { success: false, error: this.extractErrorMessage(error) };
}
}
@@ -192,10 +237,13 @@ class NotificationService {
.eq('user_id', userId)
.single();
if (error && error.code !== 'PGRST116') throw error;
if (error && error.code !== 'PGRST116') {
console.error('Database error fetching preferences:', error);
throw error;
}
if (!data) {
// Return default preferences
console.log('No preferences found for user, returning defaults:', userId);
return {
channelPreferences: {
in_app: true,
@@ -216,8 +264,8 @@ class NotificationService {
workflowPreferences: data.workflow_preferences as any,
frequencySettings: data.frequency_settings as any,
};
} catch (error: any) {
console.error('Error fetching preferences:', error);
} catch (error: unknown) {
console.error('Error fetching notification preferences for user:', userId, error);
return null;
}
}
@@ -233,10 +281,14 @@ class NotificationService {
.eq('is_active', true)
.order('category', { ascending: true });
if (error) throw error;
if (error) {
console.error('Database error fetching notification templates:', error);
throw error;
}
return data || [];
} catch (error: any) {
console.error('Error fetching templates:', error);
} catch (error: unknown) {
console.error('Error fetching notification templates:', error);
return [];
}
}

108
supabase/functions/detect-location/index.ts
View File

@@ -17,10 +17,16 @@ const RATE_LIMIT_WINDOW = 60000; // 1 minute in milliseconds
const MAX_REQUESTS = 10; // 10 requests per minute per IP
const MAX_MAP_SIZE = 10000; // Maximum number of IPs to track
// Cleanup failure tracking to prevent silent failures
let cleanupFailureCount = 0;
const MAX_CLEANUP_FAILURES = 5; // Threshold before forcing drastic cleanup
const CLEANUP_FAILURE_RESET_INTERVAL = 300000; // Reset failure count every 5 minutes
function cleanupExpiredEntries() {
try {
const now = Date.now();
let deletedCount = 0;
const mapSizeBefore = rateLimitMap.size;
for (const [ip, data] of rateLimitMap.entries()) {
if (now > data.resetAt) {
@@ -29,14 +35,74 @@ function cleanupExpiredEntries() {
}
}
// Log cleanup activity for monitoring
if (deletedCount > 0) {
console.log(`Cleaned up ${deletedCount} expired rate limit entries`);
console.log(`[Cleanup] Removed ${deletedCount} expired entries. Map size: ${mapSizeBefore} -> ${rateLimitMap.size}`);
}
// Reset failure count on successful cleanup
if (cleanupFailureCount > 0) {
console.log(`[Cleanup] Successful cleanup after ${cleanupFailureCount} previous failures. Resetting failure count.`);
cleanupFailureCount = 0;
}
} catch (error) {
console.error('Error during cleanup:', error);
// CRITICAL: Increment failure counter and log detailed error information
cleanupFailureCount++;
const errorMessage = error instanceof Error ? error.message : String(error);
const errorStack = error instanceof Error ? error.stack : 'No stack trace available';
console.error(`[Cleanup Error] Cleanup failed (attempt ${cleanupFailureCount}/${MAX_CLEANUP_FAILURES})`);
console.error(`[Cleanup Error] Error message: ${errorMessage}`);
console.error(`[Cleanup Error] Stack trace: ${errorStack}`);
console.error(`[Cleanup Error] Current map size: ${rateLimitMap.size}`);
// FALLBACK MECHANISM: If cleanup fails repeatedly, force clear to prevent memory leak
if (cleanupFailureCount >= MAX_CLEANUP_FAILURES) {
console.error(`[Cleanup CRITICAL] Cleanup has failed ${cleanupFailureCount} times consecutively!`);
console.error(`[Cleanup CRITICAL] Forcing emergency cleanup to prevent memory leak...`);
try {
// Emergency: Clear oldest 50% of entries to prevent unbounded growth
const entriesToClear = Math.floor(rateLimitMap.size * 0.5);
const sortedEntries = Array.from(rateLimitMap.entries())
.sort((a, b) => a[1].resetAt - b[1].resetAt);
let clearedCount = 0;
for (let i = 0; i < entriesToClear && i < sortedEntries.length; i++) {
rateLimitMap.delete(sortedEntries[i][0]);
clearedCount++;
}
console.warn(`[Cleanup CRITICAL] Emergency cleanup completed. Cleared ${clearedCount} entries. Map size: ${rateLimitMap.size}`);
// Reset failure count after emergency cleanup
cleanupFailureCount = 0;
} catch (emergencyError) {
// Last resort: If even emergency cleanup fails, clear everything
console.error(`[Cleanup CRITICAL] Emergency cleanup failed! Clearing entire rate limit map.`);
console.error(`[Cleanup CRITICAL] Emergency error: ${emergencyError}`);
const originalSize = rateLimitMap.size;
rateLimitMap.clear();
console.warn(`[Cleanup CRITICAL] Cleared entire rate limit map (${originalSize} entries) to prevent memory leak.`);
cleanupFailureCount = 0;
}
}
}
}
// Reset cleanup failure count periodically to avoid permanent emergency state
setInterval(() => {
if (cleanupFailureCount > 0) {
console.warn(`[Cleanup] Resetting failure count (was ${cleanupFailureCount}) after timeout period.`);
cleanupFailureCount = 0;
}
}, CLEANUP_FAILURE_RESET_INTERVAL);
function checkRateLimit(ip: string): { allowed: boolean; retryAfter?: number } {
const now = Date.now();
const existing = rateLimitMap.get(ip);
@@ -59,15 +125,41 @@ function checkRateLimit(ip: string): { allowed: boolean; retryAfter?: number } {
// If still at capacity after cleanup, remove oldest entries (LRU eviction)
if (rateLimitMap.size >= MAX_MAP_SIZE) {
try {
const toDelete = Math.floor(MAX_MAP_SIZE * 0.3); // Remove 30% of entries
const sortedEntries = Array.from(rateLimitMap.entries())
.sort((a, b) => a[1].resetAt - b[1].resetAt);
let deletedCount = 0;
for (let i = 0; i < toDelete && i < sortedEntries.length; i++) {
rateLimitMap.delete(sortedEntries[i][0]);
deletedCount++;
}
console.warn(`Rate limit map reached ${MAX_MAP_SIZE} entries. Cleared ${toDelete} oldest entries.`);
console.warn(`[Rate Limit] Map reached ${MAX_MAP_SIZE} entries. Cleared ${deletedCount} oldest entries. New size: ${rateLimitMap.size}`);
} catch (evictionError) {
// CRITICAL: LRU eviction failed - log error and attempt emergency clear
console.error(`[Rate Limit CRITICAL] LRU eviction failed! Error: ${evictionError}`);
console.error(`[Rate Limit CRITICAL] Map size: ${rateLimitMap.size}`);
try {
// Emergency: Clear first 30% of entries without sorting
const targetSize = Math.floor(MAX_MAP_SIZE * 0.7);
const keysToDelete: string[] = [];
for (const [key] of rateLimitMap.entries()) {
if (rateLimitMap.size <= targetSize) break;
keysToDelete.push(key);
}
keysToDelete.forEach(key => rateLimitMap.delete(key));
console.warn(`[Rate Limit CRITICAL] Emergency eviction cleared ${keysToDelete.length} entries. New size: ${rateLimitMap.size}`);
} catch (emergencyError) {
console.error(`[Rate Limit CRITICAL] Emergency eviction also failed! Clearing entire map. Error: ${emergencyError}`);
rateLimitMap.clear();
}
}
}
}
@@ -166,7 +258,13 @@ serve(async (req) => {
);
} catch (error) {
console.error('Error detecting location:', error);
// Enhanced error logging for better visibility and debugging
const errorMessage = error instanceof Error ? error.message : String(error);
const errorStack = error instanceof Error ? error.stack : 'No stack trace available';
console.error('[Location Detection Error] Request failed');
console.error(`[Location Detection Error] Message: ${errorMessage}`);
console.error(`[Location Detection Error] Stack: ${errorStack}`);
// Return default (metric) with 500 status to indicate error occurred
// This allows proper error monitoring while still providing fallback data
@@ -179,7 +277,7 @@ serve(async (req) => {
return new Response(
JSON.stringify({
...defaultResult,
error: error instanceof Error ? error.message : 'Failed to detect location',
error: errorMessage,
fallback: true
}),
{

54
supabase/functions/upload-image/index.ts
View File

@@ -2,7 +2,12 @@ import { serve } from "https://deno.land/std@0.168.0/http/server.ts"
import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
// Environment-aware CORS configuration
const getAllowedOrigin = (requestOrigin: string | null): string => {
const getAllowedOrigin = (requestOrigin: string | null): string | null => {
// If no origin header, it's not a CORS request (same-origin or server-to-server)
if (!requestOrigin) {
return null;
}
const environment = Deno.env.get('ENVIRONMENT') || 'development';
// Production allowlist - configure via ALLOWED_ORIGINS environment variable
@@ -10,9 +15,8 @@ const getAllowedOrigin = (requestOrigin: string | null): string => {
const allowedOriginsEnv = Deno.env.get('ALLOWED_ORIGINS') || '';
const allowedOrigins = allowedOriginsEnv.split(',').filter(origin => origin.trim());
// In development, allow localhost and Replit domains
// In development, only allow localhost and Replit domains - nothing else
if (environment === 'development') {
if (requestOrigin) {
if (
requestOrigin.includes('localhost') ||
requestOrigin.includes('127.0.0.1') ||
@@ -21,25 +25,34 @@ const getAllowedOrigin = (requestOrigin: string | null): string => {
) {
return requestOrigin;
}
}
return '*';
// Origin not allowed in development - log and deny
console.warn(`[CORS] Origin not allowed in development mode: ${requestOrigin}`);
return null;
}
// In production, only allow specific domains from environment variable
if (requestOrigin && allowedOrigins.includes(requestOrigin)) {
if (allowedOrigins.includes(requestOrigin)) {
return requestOrigin;
}
// Default to first allowed origin for production, or deny if none configured
return allowedOrigins.length > 0 ? allowedOrigins[0] : requestOrigin || '*';
// Origin not allowed in production - log and deny
console.warn(`[CORS] Origin not allowed in production mode: ${requestOrigin}`);
return null;
};
const getCorsHeaders = (requestOrigin: string | null) => ({
'Access-Control-Allow-Origin': getAllowedOrigin(requestOrigin),
const getCorsHeaders = (allowedOrigin: string | null): Record<string, string> => {
// If no allowed origin, return empty headers (no CORS access)
if (!allowedOrigin) {
return {};
}
return {
'Access-Control-Allow-Origin': allowedOrigin,
'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
'Access-Control-Allow-Methods': 'GET, POST, DELETE, OPTIONS',
'Access-Control-Allow-Credentials': 'true',
});
};
};
// Helper to create authenticated Supabase client
const createAuthenticatedSupabaseClient = (authHeader: string) => {
@@ -57,7 +70,24 @@ const createAuthenticatedSupabaseClient = (authHeader: string) => {
serve(async (req) => {
const requestOrigin = req.headers.get('origin');
const corsHeaders = getCorsHeaders(requestOrigin);
const allowedOrigin = getAllowedOrigin(requestOrigin);
// Check if this is a CORS request with a disallowed origin
if (requestOrigin && !allowedOrigin) {
console.error(`[CORS] Request rejected for disallowed origin: ${requestOrigin}`);
return new Response(
JSON.stringify({
error: 'Origin not allowed',
message: 'The origin of this request is not allowed to access this resource'
}),
{
status: 403,
headers: { 'Content-Type': 'application/json' }
}
);
}
const corsHeaders = getCorsHeaders(allowedOrigin);
// Handle CORS preflight requests
if (req.method === 'OPTIONS') {