pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-20 16:11:12 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Filter database fields in edge function

Browse Source
This commit is contained in:
gpt-engineer-app[bot]
2025-10-02 17:19:15 +00:00
parent 9f062711db
commit d4d7da977a
1 changed files with 56 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
supabase/functions/process-selective-approval/index.ts
View File

@@ -12,6 +12,37 @@ interface ApprovalRequest {
submissionId: string; submissionId: string;
} }
// Allowed database fields for each entity type
const RIDE_FIELDS = [
'name', 'slug', 'description', 'park_id', 'ride_model_id',
'manufacturer_id', 'designer_id', 'category', 'status',
'opening_date', 'closing_date', 'height_requirement', 'age_requirement',
'capacity_per_hour', 'duration_seconds', 'max_speed_kmh',
'max_height_meters', 'length_meters', 'inversions',
'ride_sub_type', 'coaster_type', 'seating_type', 'intensity_level',
'drop_height_meters', 'max_g_force', 'image_url',
'banner_image_url', 'banner_image_id', 'card_image_url', 'card_image_id'
];
const PARK_FIELDS = [
'name', 'slug', 'description', 'park_type', 'status',
'opening_date', 'closing_date', 'location_id', 'operator_id',
'property_owner_id', 'website_url', 'phone', 'email',
'banner_image_url', 'banner_image_id', 'card_image_url', 'card_image_id'
];
const COMPANY_FIELDS = [
'name', 'slug', 'description', 'company_type', 'person_type',
'founded_year', 'headquarters_location', 'website_url', 'logo_url',
'banner_image_url', 'banner_image_id', 'card_image_url', 'card_image_id'
];
const RIDE_MODEL_FIELDS = [
'name', 'slug', 'description', 'category', 'ride_type',
'manufacturer_id', 'banner_image_url', 'banner_image_id',
'card_image_url', 'card_image_id'
];
serve(async (req) => { serve(async (req) => {
if (req.method === 'OPTIONS') { if (req.method === 'OPTIONS') {
return new Response(null, { headers: corsHeaders }); return new Response(null, { headers: corsHeaders });
@@ -209,6 +240,16 @@ function sanitizeDateFields(data: any): any {
return sanitized; return sanitized;
} }
function filterDatabaseFields(data: any, allowedFields: string[]): any {
const filtered: any = {};
for (const field of allowedFields) {
if (field in data && data[field] !== undefined) {
filtered[field] = data[field];
}
}
return filtered;
}
async function createPark(supabase: any, data: any): Promise<string> { async function createPark(supabase: any, data: any): Promise<string> {
// Transform images object if present // Transform images object if present
if (data.images) { if (data.images) {
@@ -239,9 +280,10 @@ async function createPark(supabase: any, data: any): Promise<string> {
delete data.park_id; // Remove ID from update data delete data.park_id; // Remove ID from update data
const sanitizedData = sanitizeDateFields(data); const sanitizedData = sanitizeDateFields(data);
const filteredData = filterDatabaseFields(sanitizedData, PARK_FIELDS);
const { error } = await supabase const { error } = await supabase
.from('parks') .from('parks')
.update(sanitizedData) .update(filteredData)
.eq('id', parkId); .eq('id', parkId);
if (error) throw new Error(`Failed to update park: ${error.message}`); if (error) throw new Error(`Failed to update park: ${error.message}`);
@@ -249,9 +291,10 @@ async function createPark(supabase: any, data: any): Promise<string> {
} else { } else {
console.log('Creating new park'); console.log('Creating new park');
const sanitizedData = sanitizeDateFields(data); const sanitizedData = sanitizeDateFields(data);
const filteredData = filterDatabaseFields(sanitizedData, PARK_FIELDS);
const { data: park, error } = await supabase const { data: park, error } = await supabase
.from('parks') .from('parks')
.insert(sanitizedData) .insert(filteredData)
.select('id') .select('id')
.single(); .single();
@@ -290,9 +333,10 @@ async function createRide(supabase: any, data: any): Promise<string> {
delete data.ride_id; // Remove ID from update data delete data.ride_id; // Remove ID from update data
const sanitizedData = sanitizeDateFields(data); const sanitizedData = sanitizeDateFields(data);
const filteredData = filterDatabaseFields(sanitizedData, RIDE_FIELDS);
const { error } = await supabase const { error } = await supabase
.from('rides') .from('rides')
.update(sanitizedData) .update(filteredData)
.eq('id', rideId); .eq('id', rideId);
if (error) throw new Error(`Failed to update ride: ${error.message}`); if (error) throw new Error(`Failed to update ride: ${error.message}`);
@@ -313,9 +357,10 @@ async function createRide(supabase: any, data: any): Promise<string> {
} else { } else {
console.log('Creating new ride'); console.log('Creating new ride');
const sanitizedData = sanitizeDateFields(data); const sanitizedData = sanitizeDateFields(data);
const filteredData = filterDatabaseFields(sanitizedData, RIDE_FIELDS);
const { data: ride, error } = await supabase const { data: ride, error } = await supabase
.from('rides') .from('rides')
.insert(sanitizedData) .insert(filteredData)
.select('id') .select('id')
.single(); .single();
@@ -368,10 +413,11 @@ async function createCompany(supabase: any, data: any, companyType: string): Pro
const updateData = sanitizeDateFields({ ...data, company_type: companyType }); const updateData = sanitizeDateFields({ ...data, company_type: companyType });
delete updateData.company_id; delete updateData.company_id;
delete updateData.id; // Remove ID from update data delete updateData.id; // Remove ID from update data
const filteredData = filterDatabaseFields(updateData, COMPANY_FIELDS);
const { error } = await supabase const { error } = await supabase
.from('companies') .from('companies')
.update(updateData) .update(filteredData)
.eq('id', companyId); .eq('id', companyId);
if (error) throw new Error(`Failed to update company: ${error.message}`); if (error) throw new Error(`Failed to update company: ${error.message}`);
@@ -379,9 +425,10 @@ async function createCompany(supabase: any, data: any, companyType: string): Pro
} else { } else {
console.log('Creating new company'); console.log('Creating new company');
const companyData = sanitizeDateFields({ ...data, company_type: companyType }); const companyData = sanitizeDateFields({ ...data, company_type: companyType });
const filteredData = filterDatabaseFields(companyData, COMPANY_FIELDS);
const { data: company, error } = await supabase const { data: company, error } = await supabase
.from('companies') .from('companies')
.insert(companyData) .insert(filteredData)
.select('id') .select('id')
.single(); .single();
@@ -391,9 +438,11 @@ async function createCompany(supabase: any, data: any, companyType: string): Pro
} }
async function createRideModel(supabase: any, data: any): Promise<string> { async function createRideModel(supabase: any, data: any): Promise<string> {
const sanitizedData = sanitizeDateFields(data);
const filteredData = filterDatabaseFields(sanitizedData, RIDE_MODEL_FIELDS);
const { data: model, error } = await supabase const { data: model, error } = await supabase
.from('ride_models') .from('ride_models')
.insert(data) .insert(filteredData)
.select('id') .select('id')
.single(); .single();