fix: security hardening + performance refactoring (code review batch 1)

- IDOR fix: deliberation vote now verifies juryMemberId === ctx.user.id - Rate limiting: tRPC middleware (100/min), AI endpoints (5/hr), auth IP-based (10/15min) - 6 compound indexes added to Prisma schema - N+1 eliminated in processRoundClose (batch updateMany/createMany) - N+1 eliminated in batchCheckRequirementsAndTransition (3 batch queries) - Service extraction: juror-reassignment.ts (578 lines) - Dead code removed: award.ts, cohort.ts, decision.ts (680 lines) - 35 bare catch blocks replaced across 16 files - Fire-and-forget async calls fixed - Notification false positive bug fixed Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 16:18:24 +01:00
parent a8b8643936
commit b85a9b9a7b
32 changed files with 1032 additions and 1355 deletions
--- a/src/server/routers/project.ts
+++ b/src/server/routers/project.ts
@@ -505,7 +505,8 @@ export const projectRouter = router({
          include: { tag: { select: { id: true, name: true, category: true, color: true } } },
          orderBy: { confidence: 'desc' },
        })
-      } catch {
+      } catch (err) {
+        console.error('Failed to fetch project tags:', err)
        // ProjectTag table may not exist yet
      }

@@ -746,12 +747,13 @@ export const projectRouter = router({
                  status: 'SENT',
                },
              })
-            } catch {
+            } catch (err) {
+              console.error('Failed to log invitation notification for project team member:', err)
              // Never fail on notification logging
            }
-          } catch {
+          } catch (err) {
            // Email sending failure should not break project creation
-            console.error(`Failed to send invite to ${member.email}`)
+            console.error(`Failed to send invite to ${member.email}:`, err)
          }
        }
      }
@@ -1568,9 +1570,9 @@ export const projectRouter = router({
          const baseUrl = process.env.NEXTAUTH_URL || 'https://portal.monaco-opc.com'
          const inviteUrl = `${baseUrl}/accept-invite?token=${token}`
          await sendInvitationEmail(email.toLowerCase(), name, inviteUrl, 'APPLICANT')
-        } catch {
+        } catch (err) {
          // Email sending failure should not block member creation
-          console.error(`Failed to send invite to ${email}`)
+          console.error(`Failed to send invite to ${email}:`, err)
        }
      }