trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions

fix: require chartId for bulk delete in annotations route (task 4.7)

Browse source 
Reject DELETE ?all=true without chartId with HTTP 400 to prevent
accidental deletion of annotations across all charts.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marko Djordjevic 2026-02-18 11:16:37 +01:00
parent aace19b7f4
commit 103bfa89cb
2 changed files with 7 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/app/api/annotations/route.ts
View file

@ -102,11 +102,13 @@ export async function DELETE(request: NextRequest) {
let result;
if (all === 'true') {
if (chartId) {
result = await db.delete(annotations).where(eq(annotations.chart_id, parseInt(chartId, 10))).returning();
} else {
result = await db.delete(annotations).returning();
if (!chartId) {
return NextResponse.json(
{ error: 'chartId is required for bulk delete' },
{ status: 400 }
);
}
result = await db.delete(annotations).where(eq(annotations.chart_id, parseInt(chartId, 10))).returning();
} else if (type) {
const types = type.split(',').map((t) => t.trim());
if (chartId) {