LinumIQ/linumiq_net-web_app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(admin): eliminate GoTrue empty-body 500s under bulk load (retry-all + undici keep-alive + sequential bulk), CSV formula-injection guard

Browse Source
This commit is contained in:
Gerhard Scheikl
2026-05-31 17:30:04 +02:00
parent cbd29445bb
commit 8e8df7ae64
12 changed files with 134 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/api/admin/users/[id]/ban/route.ts
+9 -3
View File
@@ -1,6 +1,7 @@
import { type NextRequest } from 'next/server';
import { requireAdminApi } from '@/lib/auth/admin-guard';
import { getSupabaseAdmin } from '@/lib/supabase/admin';
import { withAdminRetry } from '@/lib/admin/retry';
import { logAdminAction } from '@/lib/auth/audit';
import { isUuid, parseBoolean } from '@/lib/admin/validators';
import { jsonNoStore } from '@/lib/admin/response';
@@ -44,9 +45,14 @@ export async function POST(
}
const admin = getSupabaseAdmin();
const { error } = await admin.auth.admin.updateUserById(id, {
ban_duration: banned ? BAN_DURATION : 'none',
} as { ban_duration: string });
// Retry transient empty-body / poisoned-keep-alive failures so a burst-load
// ban/unban doesn't 500. `updateUserById` is idempotent for our use
// (ban_duration set to the same value), so a retry is safe.
const { error } = await withAdminRetry(() =>
admin.auth.admin.updateUserById(id, {
ban_duration: banned ? BAN_DURATION : 'none',
} as { ban_duration: string }),
);
if (error) {
console.error('admin user.ban failed', error);
return jsonNoStore({ error: 'internal error' }, { status: 500 });