Refactor: Fix type safety and auth

2025-12-24 11:51:12 -05:00 · 2025-10-16 12:54:47 +00:00
parent e79eaf76ba
commit e340f1c489
5 changed files with 162 additions and 42 deletions
--- a/src/lib/entitySubmissionHelpers.ts
+++ b/src/lib/entitySubmissionHelpers.ts
@@ -134,6 +134,20 @@ export interface CompanyFormData {
  card_image_id?: string;
 }

+export interface RideModelFormData {
+  name: string;
+  slug: string;
+  manufacturer_id: string;
+  category: string;
+  ride_type?: string;
+  description?: string;
+  images?: ImageAssignments;
+  banner_image_url?: string;
+  banner_image_id?: string;
+  card_image_url?: string;
+  card_image_id?: string;
+}
+
 // Import timeline types
 import type { TimelineEventFormData, TimelineSubmissionData, EntityType } from '@/types/timeline';

@@ -463,6 +477,77 @@ export async function submitRideUpdate(
  return { submitted: true, submissionId: submissionData.id };
 }

+/**
+ * ⚠️ CRITICAL SECURITY PATTERN ⚠️
+ * 
+ * Submits a new ride model for creation through the moderation queue.
+ * This is the ONLY correct way to create ride models.
+ * 
+ * DO NOT use direct database inserts:
+ * ❌ await supabase.from('ride_models').insert(data)  // BYPASSES MODERATION!
+ * ✅ await submitRideModelCreation(data, userId)      // CORRECT
+ * 
+ * Flow: User Submit → Moderation Queue → Approval → Versioning → Live
+ * 
+ * @param data - The ride model form data to submit
+ * @param userId - The ID of the user submitting the ride model
+ * @returns Object containing submitted boolean and submissionId
+ */
+export async function submitRideModelCreation(
+  data: RideModelFormData,
+  userId: string
+): Promise<{ submitted: boolean; submissionId: string }> {
+  // Upload any pending local images first
+  let processedImages = data.images;
+  if (data.images?.uploaded && data.images.uploaded.length > 0) {
+    try {
+      const uploadedImages = await uploadPendingImages(data.images.uploaded);
+      processedImages = {
+        ...data.images,
+        uploaded: uploadedImages
+      };
+    } catch (error) {
+      console.error('Failed to upload images for ride model creation:', error);
+      throw new Error('Failed to upload images. Please check your connection and try again.');
+    }
+  }
+
+  // Create the main submission record
+  const { data: submissionData, error: submissionError } = await supabase
+    .from('content_submissions')
+    .insert({
+      user_id: userId,
+      submission_type: 'ride_model',
+      content: {
+        action: 'create'
+      },
+      status: 'pending'
+    })
+    .select()
+    .single();
+
+  if (submissionError) throw submissionError;
+
+  // Create the submission item with actual ride model data
+  const { error: itemError } = await supabase
+    .from('submission_items')
+    .insert({
+      submission_id: submissionData.id,
+      item_type: 'ride_model',
+      action_type: 'create',
+      item_data: {
+        ...data,
+        images: processedImages as unknown as Json
+      },
+      status: 'pending',
+      order_index: 0
+    });
+
+  if (itemError) throw itemError;
+
+  return { submitted: true, submissionId: submissionData.id };
+}
+
 /**
 * ⚠️ CRITICAL SECURITY PATTERN ⚠️
 *