Some checks failed
Deploy to Production / Build and Deploy (push) Failing after 39s
CRITICAL: - Add auth + admin check to 10 unprotected API routes (test-*, debug/*, config, models, fix-labels) - Add CRON_SECRET bearer auth to /api/cron/reminders (was fully open) - Add SSRF protection to getOllamaModels (blocks private/internal IPs) HIGH: - Fix getAllLabels() missing userId filter (leaked all users' labels) - Fix /api/labels OR clause leaking other users' labels - Fix IDOR in toggleAgent/getAgentActions (add ownership check) - Fix getEmbeddings() returning [] on error in all 5 providers (corrupted semantic search with NaN cosine similarity) — now throws instead Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
128 lines
3.5 KiB
TypeScript
128 lines
3.5 KiB
TypeScript
import { NextResponse } from 'next/server'
|
|
import prisma from '@/lib/prisma'
|
|
import { revalidatePath } from 'next/cache'
|
|
import { auth } from '@/auth'
|
|
|
|
function getHashColor(name: string): string {
|
|
const colors = ['red', 'blue', 'green', 'yellow', 'purple', 'pink', 'orange', 'gray']
|
|
let hash = 0
|
|
for (let i = 0; i < name.length; i++) {
|
|
hash = name.charCodeAt(i) + ((hash << 5) - hash)
|
|
}
|
|
return colors[Math.abs(hash) % colors.length]
|
|
}
|
|
|
|
export async function POST() {
|
|
const session = await auth()
|
|
if (!session?.user?.id) {
|
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
|
}
|
|
if ((session.user as any).role !== 'ADMIN') {
|
|
return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
|
|
}
|
|
|
|
try {
|
|
const result = { created: 0, deleted: 0, missing: [] as string[] }
|
|
|
|
// Get ALL users
|
|
const users = await prisma.user.findMany({
|
|
select: { id: true, email: true }
|
|
})
|
|
|
|
|
|
for (const user of users) {
|
|
const userId = user.id
|
|
|
|
// 1. Get all labels from notes
|
|
const allNotes = await prisma.note.findMany({
|
|
where: { userId },
|
|
select: { labels: true }
|
|
})
|
|
|
|
const labelsInNotes = new Set<string>()
|
|
allNotes.forEach(note => {
|
|
if (note.labels) {
|
|
try {
|
|
const parsed: string[] = Array.isArray(note.labels) ? (note.labels as string[]) : []
|
|
if (Array.isArray(parsed)) {
|
|
parsed.forEach(l => {
|
|
if (l && l.trim()) labelsInNotes.add(l.trim())
|
|
})
|
|
}
|
|
} catch (e) {}
|
|
}
|
|
})
|
|
|
|
|
|
// 2. Get existing Label records
|
|
const existingLabels = await prisma.label.findMany({
|
|
where: { userId },
|
|
select: { id: true, name: true }
|
|
})
|
|
|
|
|
|
const existingLabelMap = new Map<string, any>()
|
|
existingLabels.forEach(label => {
|
|
existingLabelMap.set(label.name.toLowerCase(), label)
|
|
})
|
|
|
|
// 3. Create missing Label records
|
|
for (const labelName of labelsInNotes) {
|
|
if (!existingLabelMap.has(labelName.toLowerCase())) {
|
|
try {
|
|
await prisma.label.create({
|
|
data: {
|
|
userId,
|
|
name: labelName,
|
|
color: getHashColor(labelName)
|
|
}
|
|
})
|
|
result.created++
|
|
} catch (e: any) {
|
|
console.error(`[FIX] ✗ Failed to create "${labelName}":`, e.message, e.code)
|
|
result.missing.push(labelName)
|
|
}
|
|
}
|
|
}
|
|
|
|
// 4. Delete orphan Label records
|
|
const usedLabelsSet = new Set<string>()
|
|
allNotes.forEach(note => {
|
|
if (note.labels) {
|
|
try {
|
|
const parsed: string[] = Array.isArray(note.labels) ? (note.labels as string[]) : []
|
|
if (Array.isArray(parsed)) {
|
|
parsed.forEach(l => usedLabelsSet.add(l.toLowerCase()))
|
|
}
|
|
} catch (e) {}
|
|
}
|
|
})
|
|
|
|
for (const label of existingLabels) {
|
|
if (!usedLabelsSet.has(label.name.toLowerCase())) {
|
|
try {
|
|
await prisma.label.delete({
|
|
where: { id: label.id }
|
|
})
|
|
result.deleted++
|
|
} catch (e) {}
|
|
}
|
|
}
|
|
}
|
|
|
|
revalidatePath('/')
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
...result,
|
|
message: `Created ${result.created} labels, deleted ${result.deleted} orphans`
|
|
})
|
|
} catch (error) {
|
|
console.error('[FIX] Error:', error)
|
|
return NextResponse.json(
|
|
{ success: false, error: String(error) },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|