trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions

fix: add response.ok checks before .json() in page.tsx fetch calls

Browse source 
Guard all four fetch() calls in src/app/page.tsx against non-2xx HTTP
responses by throwing before attempting to parse the body as JSON.
Affected functions: fetchCharts, fetchAnnotations, fetchSpanAnnotations,
fetchSpanLabelTypes.

Marks task 4.11 as completed in code-review-fix/tasks.md.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marko Djordjevic 2026-02-18 11:21:21 +01:00
parent b2129ad626
commit 4436cd655f
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
openspec/changes/code-review-fix/tasks.md
View file

@ -36,7 +36,7 @@
- [x] 4.8 `[sonnet]` Wrap chart cascade delete in `db.transaction()` and add `spanAnnotations` deletion in `src/app/api/charts/[id]/route.ts` - [x] 4.8 `[sonnet]` Wrap chart cascade delete in `db.transaction()` and add `spanAnnotations` deletion in `src/app/api/charts/[id]/route.ts`
- [x] 4.9 `[haiku]` Add `parseInt(value, 10)` with `isNaN()` guard to all routes parsing integer query params - [x] 4.9 `[haiku]` Add `parseInt(value, 10)` with `isNaN()` guard to all routes parsing integer query params
- [x] 4.10 `[sonnet]` Add CSV injection protection (prefix `=+@-` cells with `'`) to all export routes - [x] 4.10 `[sonnet]` Add CSV injection protection (prefix `=+@-` cells with `'`) to all export routes
- [ ] 4.11 `[sonnet]` Add `response.ok` checks before `.json()` in `src/app/page.tsx` (lines 214, 230, 245, 257) - [x] 4.11 `[sonnet]` Add `response.ok` checks before `.json()` in `src/app/page.tsx` (lines 214, 230, 245, 257)
- [ ] 4.12 `[sonnet]` Add `response.ok` checks before `.json()` in `src/components/CandleChart.tsx` (lines 163, 178, 192) - [ ] 4.12 `[sonnet]` Add `response.ok` checks before `.json()` in `src/components/CandleChart.tsx` (lines 163, 178, 192)
## 5. ML Service Hardening (Python) ## 5. ML Service Hardening (Python)

4
src/app/page.tsx
View file

@ -211,6 +211,7 @@ export default function Home() {
const fetchCharts = useCallback(async () => { const fetchCharts = useCallback(async () => {
try { try {
const response = await fetch('/api/charts'); const response = await fetch('/api/charts');
if (!response.ok) throw new Error(`HTTP error! status: ${response.status}`);
const data = await response.json(); const data = await response.json();
setCharts(data); setCharts(data);
return data as Chart[]; return data as Chart[];
@ -228,6 +229,7 @@ export default function Home() {
} }
try { try {
const response = await fetch(`/api/annotations?chartId=${chartId}`); const response = await fetch(`/api/annotations?chartId=${chartId}`);
if (!response.ok) throw new Error(`HTTP error! status: ${response.status}`);
const data = await response.json(); const data = await response.json();
setAnnotations(data); setAnnotations(data);
} catch (error) { } catch (error) {
@ -243,6 +245,7 @@ export default function Home() {
} }
try { try {
const response = await fetch(`/api/span-annotations?chartId=${chartId}`); const response = await fetch(`/api/span-annotations?chartId=${chartId}`);
if (!response.ok) throw new Error(`HTTP error! status: ${response.status}`);
const data = await response.json(); const data = await response.json();
setSpanAnnotations(data); setSpanAnnotations(data);
} catch (error) { } catch (error) {
@ -254,6 +257,7 @@ export default function Home() {
const fetchSpanLabelTypes = useCallback(async () => { const fetchSpanLabelTypes = useCallback(async () => {
try { try {
const response = await fetch('/api/span-label-types'); const response = await fetch('/api/span-label-types');
if (!response.ok) throw new Error(`HTTP error! status: ${response.status}`);
const data = await response.json(); const data = await response.json();
setSpanLabelTypes(data); setSpanLabelTypes(data);
} catch (error) { } catch (error) {