trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions
380 commits 1 branch 0 tags 2 MiB
Commit graph

7 commits

Author SHA1 Message Date
Marko Djordjevic
5f727d84c6 Scope all Drizzle queries by user_id from authenticated session 
Every data API route now filters SELECT, INSERT, UPDATE, and DELETE
queries by the authenticated user's ID, ensuring full multi-tenant
data isolation. Candle queries are scoped via chart_id ownership.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 13:08:09 +01:00
Marko Djordjevic
9901d0f3f1 Add getAuthUser() auth guard to all data API routes (task 7.1) 
Add 401 Unauthorized check at the top of every handler in:
- /api/upload (POST)
- /api/candles (GET)
- /api/charts (GET) and /api/charts/[id] (GET, DELETE)
- /api/annotations (GET, POST, DELETE) and /api/annotations/[id] (PATCH, DELETE)
- /api/annotation-types (GET, POST, DELETE) and /api/annotation-types/[id] (PATCH)
- /api/span-annotations (GET, POST, DELETE), /[id] (PATCH, DELETE), /export (GET)
- /api/span-label-types (GET, POST) and /[id] (PATCH, DELETE)
- /api/export (GET) and /api/export/spans (GET)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-20 10:26:09 +01:00
Marko Djordjevic
15adf09b73 fix: add parseInt(value, 10) with isNaN() guards to all integer query param parsing 
- Add radix 10 to all parseInt() calls parsing integer query/path parameters
- Add isNaN() guards returning HTTP 400 with descriptive error messages
- Updated routes: annotations, candles, export, export/spans, annotation-types/[id], span-annotations, span-annotations/[id], span-label-types/[id]
- Ensures strict integer parsing and prevents invalid parameter values from reaching database queries
 2026-02-18 11:19:26 +01:00
Marko Djordjevic
aace19b7f4 fix: replace error.message with generic "Internal server error" in all API catch blocks 
Prevents leaking internal error details to clients across 7 route files:
health, candles, annotations, annotations/[id], upload, export, span-annotations/export.
Server-side console.error logging preserved for debugging.

Closes task 4.6.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-18 11:16:02 +01:00
Marko Djordjevic
04a8303f4f fix: convert timestamp columns to Unix epoch seconds in candles and annotations API 2026-02-17 19:40:48 +01:00
Marko Djordjevic
90e1e179cc feat: scope candles/annotations/export APIs by chartId query param 
- GET /api/candles accepts ?chartId= with fallback to most recent chart
- GET /api/annotations accepts ?chartId= with fallback to most recent chart
- POST /api/annotations now requires chart_id in request body
- GET /api/export accepts ?chartId= to scope exported annotations
- DELETE /api/annotations supports optional chartId scoping
 2026-02-13 00:14:22 +01:00
Marko Djordjevic
096a80b229 feat: implement backend API endpoints 
- CSV upload with papaparse (handles date strings and Unix timestamps)
- Annotations CRUD (GET, POST, DELETE)
- Candles GET endpoint
- Export annotations as CSV
 2026-02-12 10:24:03 +01:00