bc83af8e00
Hardened db.ts — added statement_timeout: 30000, idle_in_transaction_session_timeout: 10000, created transaction() helper (BEGIN/COMMIT/ROLLBACK). Multi-step API routes wrapped in transactions — Events POST, Conversations POST use atomic blocks. Fixed leads pagination — status filter pushed into SQL WHERE (no client-side filtering after LIMIT/OFFSET), added SELECT COUNT(*) for total. Rewrote dashboard — SQL aggregations (COUNT + GROUP BY + date_trunc) replace loading all leads into memory. Optimized conversations GET — merged duplicate correlated subqueries into single LEFT JOIN LATERAL. Created migration 021_performance_indexes.sql — 8 missing indexes + set_session_user_context() function caching current_user_hierarchy_level() as session variable (avoids per-query RLS join). Fixed build error — duplicate const other in conversations route. Also fixed a TypeScript never error in dashboard breakdown map. Verified — npx tsc --noEmit clean, npm test (13 pass, 7 integration skip gracefully), npx next build succeeds.
49 lines
1.3 KiB
TypeScript
49 lines
1.3 KiB
TypeScript
import { NextRequest, NextResponse } from "next/server"
|
|
import { getSessionUser } from "@/lib/auth"
|
|
import { query } from "@/lib/db"
|
|
|
|
export async function GET(request: NextRequest) {
|
|
const sessionUser = await getSessionUser()
|
|
if (!sessionUser) {
|
|
return NextResponse.json({ error: "Unauthorized" }, { status: 401 })
|
|
}
|
|
|
|
if (sessionUser.role !== "super_admin" && sessionUser.role !== "admin") {
|
|
return NextResponse.json({ error: "Forbidden" }, { status: 403 })
|
|
}
|
|
|
|
const phone = request.nextUrl.searchParams.get("phone")
|
|
if (!phone) {
|
|
return NextResponse.json({ error: "Phone parameter required" }, { status: 400 })
|
|
}
|
|
|
|
try {
|
|
const result = await query(
|
|
`SELECT id, username, first_name, last_name, phone, avatar_url
|
|
FROM users
|
|
WHERE phone = $1 AND deleted_at IS NULL
|
|
LIMIT 1`,
|
|
[phone],
|
|
)
|
|
|
|
if (result.rows.length === 0) {
|
|
return NextResponse.json({ found: false })
|
|
}
|
|
|
|
const user = result.rows[0]
|
|
return NextResponse.json({
|
|
found: true,
|
|
user: {
|
|
id: user.id,
|
|
username: user.username,
|
|
firstName: user.first_name,
|
|
lastName: user.last_name,
|
|
phone: user.phone,
|
|
avatar: user.avatar_url,
|
|
},
|
|
})
|
|
} catch {
|
|
return NextResponse.json({ error: "Lookup failed" }, { status: 500 })
|
|
}
|
|
}
|