manohar/tia
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: wrap entire invite POST handler in top-level try-catch

Browse source 
Catches errors from the circle_members SELECT query and auth
that were escaping the narrower try-catch and returning empty 500s.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Manohar Gupta 2026-05-24 01:54:11 +05:30
parent 3d7ff9adb5
commit 21f88459d7
1 changed files with 19 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
src/app/api/circles/[id]/invite/route.ts
View file

@ -8,26 +8,26 @@ export async function POST(
_req: Request,
{ params }: { params: Promise<{ id: string }> }
) {
const auth = await requireFamily();
if (!auth.success) return NextResponse.json({ error: auth.error }, { status: auth.status });
const familyId = auth.session!.familyId!;
const { id: circleId } = await params;
// Only admins can create invites
const rows = await sql.unsafe(
`SELECT role FROM circle_members WHERE circle_id = $1 AND family_id = $2`,
[circleId, familyId]
);
if (!rows[0] || rows[0].role !== "admin") {
return NextResponse.json({ error: "Only circle admins can create invites" }, { status: 403 });
}
// Cryptographically random 32-byte token (64 hex chars) — unguessable
const token = randomBytes(32).toString("hex");
const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000); // 7 days
try {
const auth = await requireFamily();
if (!auth.success) return NextResponse.json({ error: auth.error }, { status: auth.status });
const familyId = auth.session!.familyId!;
const { id: circleId } = await params;
// Only admins can create invites
const rows = await sql.unsafe(
`SELECT role FROM circle_members WHERE circle_id = $1 AND family_id = $2`,
[circleId, familyId]
);
if (!rows[0] || rows[0].role !== "admin") {
return NextResponse.json({ error: "Only circle admins can create invites" }, { status: 403 });
}
// Cryptographically random 32-byte token (64 hex chars) — unguessable
const token = randomBytes(32).toString("hex");
const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000); // 7 days
const [invite] = await sql.unsafe(
`INSERT INTO circle_invites (circle_id, token, created_by, expires_at)
VALUES ($1, $2, $3, $4)