kurihada/no-whatever
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
00683e51c4cd11e4e1a61b91ba907d28a527724d
no-whatever/src/app/api/blindbox/suggest/route.ts
T
kurihada ce76980fe5 refactor(P0): JWT 认证、并发安全、错误日志三项安全加固 
- 新增 JWT httpOnly cookie 认证链路 (jose),登录/注册签发 token,
  所有用户和盲盒 API 改为从 cookie 提取 userId,不再信任客户端传值
- 新增 /api/auth/logout 端点清除认证 cookie
- GET /api/user 区分 owner/非 owner,非 owner 不暴露 email
- atomicUpdateRoom 新增 per-room 应用层互斥锁,防止 SQLite 下并发 lost update
- 修复 getRoomData 中 fire-and-forget delete 改为 await
- 37 个静默 catch 块跨 17 个文件添加 console.error 日志
- 新增 REFACTOR_PLAN.md 全景分析文档
2026-03-02 17:24:26 +08:00

36 lines
1.1 KiB
TypeScript
Raw Blame History

import { NextResponse } from "next/server";
import { prisma } from "@/lib/prisma";
import { requireMembership } from "@/lib/blindbox";
import { apiHandler, ApiError } from "@/lib/api";
import { getAuthUserId } from "@/lib/auth";
import { suggestIdeas } from "@/lib/ai";
export const GET = apiHandler(async (req) => {
const userId = await getAuthUserId(req);
const { searchParams } = new URL(req.url);
const roomId = searchParams.get("roomId");
if (!roomId) throw new ApiError("roomId 不能为空");
await requireMembership(roomId, userId);
const recentIdeas = await prisma.blindBoxIdea.findMany({
where: { roomId, status: "in_pool" },
orderBy: { createdAt: "desc" },
take: 10,
select: { content: true },
});
if (recentIdeas.length < 2) {
return NextResponse.json({ suggestions: [], source: "none" });
}
const suggestions = await suggestIdeas(recentIdeas.map((i) => i.content));
if (suggestions.length === 0) {
return NextResponse.json({ suggestions: [], source: "none" });
}
return NextResponse.json({ suggestions, source: "ai" });
});
Reference in New Issue View Git Blame Copy Permalink