Files
Momento/memento-note/app/api/admin/sync-labels/route.ts
Sepehr Ramezani 1c659ce42f fix: comprehensive security, consistency, and dead code cleanup
Security:
- Add auth + file type/size validation to upload API
- Add admin auth to /api/admin/ endpoints
- Add SSRF protection to scrape action
- Whitelist fields in PUT /api/notes/[id] to prevent mass assignment
- Protect /lab, /agents, /chat, /canvas, /notebooks routes in middleware

AI provider fixes:
- Add deepseek/openrouter to factory ProviderType (was silently falling back to ollama)
- Fix title-suggestion.service.ts to use factory instead of hardcoded OpenAI
- Fix getAIProvider→getChatProvider in memory-echo, notebook-summary, agent-executor
- Fix getAIProvider→getTagsProvider in notebook-suggestion, title-suggestions, transform-markdown

Functional bugs:
- Fix ALLOW_REGISTRATION AND→OR logic
- Fix note-editor.tsx passing stale props to useAutoTagging instead of local state
- Fix stale Note.embedding type (migrated to NoteEmbedding table)
- Remove hardcoded SQLite path from prisma.ts

Frontend:
- Add AbortController to useAutoTagging and useTitleSuggestions hooks
- Add error rollback to optimistic UI in note-inline-editor
- Remove stale closure over notebookId/language in useAutoTagging

Cleanup:
- Rename docker-compose from keepnotes→memento
- Remove unused unstable_cache import from config.ts
- Remove dead useUndoRedo hook
- Fix TagSuggestion type (add isNewLabel, reasoning)
- Remove dead AIConfig/AIProviderType types
- Fix ghost-tags unused isEmpty var and as any cast
- Fix note-editor titleSuggestions typed as any[]

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-04-21 22:22:02 +02:00

62 lines
1.6 KiB
TypeScript

import { NextResponse } from 'next/server';
import prisma from '@/lib/prisma';
import { auth } from '@/auth';
export const dynamic = 'force-dynamic';
export async function GET() {
try {
const session = await auth()
if (!session?.user?.id || (session.user as any).role !== 'ADMIN') {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
// 1. Get all notes
const notes = await prisma.note.findMany({
select: { labels: true }
});
// 2. Extract all unique labels from JSON
const uniqueLabels = new Set<string>();
notes.forEach((note: any) => {
if (note.labels) {
try {
if (Array.isArray(note.labels)) {
(note.labels as string[]).forEach((l: string) => uniqueLabels.add(l));
}
} catch (e) {
// ignore error
}
}
});
// 3. Get existing labels in DB
const existingDbLabels = await prisma.label.findMany();
const existingNames = new Set(existingDbLabels.map((l: any) => l.name));
// 4. Create missing labels
const created = [];
for (const name of uniqueLabels) {
if (!existingNames.has(name)) {
const newLabel = await prisma.label.create({
data: {
name,
color: 'gray' // Default color
}
});
created.push(newLabel);
}
}
return NextResponse.json({
success: true,
foundInNotes: uniqueLabels.size,
alreadyInDb: existingNames.size,
created: created.length,
createdLabels: created
});
} catch (error) {
return NextResponse.json({ error: String(error) }, { status: 500 });
}
}