MOPC/MOPC-Portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: security hardening + performance refactoring (code review batch 1)

Browse Source 
- IDOR fix: deliberation vote now verifies juryMemberId === ctx.user.id
- Rate limiting: tRPC middleware (100/min), AI endpoints (5/hr), auth IP-based (10/15min)
- 6 compound indexes added to Prisma schema
- N+1 eliminated in processRoundClose (batch updateMany/createMany)
- N+1 eliminated in batchCheckRequirementsAndTransition (3 batch queries)
- Service extraction: juror-reassignment.ts (578 lines)
- Dead code removed: award.ts, cohort.ts, decision.ts (680 lines)
- 35 bare catch blocks replaced across 16 files
- Fire-and-forget async calls fixed
- Notification false positive bug fixed

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Matt
2026-03-07 16:18:24 +01:00
parent a8b8643936
commit b85a9b9a7b
32 changed files with 1032 additions and 1355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/server/routers/settings.ts
View File

@@ -329,7 +329,8 @@ export const settingsRouter = router({
const success = await sendTestEmail(input.testEmail)
return { success, error: success ? null : 'Failed to send test email' }
} catch (error) {
return { success: false, error: 'Email configuration error' }
const message = error instanceof Error ? error.message : 'Unknown error'
return { success: false, error: `Email configuration error: ${message}` }
}
}),
@@ -642,7 +643,8 @@ export const settingsRouter = router({
ipAddress: ctx.ip,
userAgent: ctx.userAgent,
})
} catch {
} catch (err) {
console.error('Failed to write audit log for digest settings update:', err)
// Never throw on audit failure
}
@@ -701,7 +703,8 @@ export const settingsRouter = router({
ipAddress: ctx.ip,
userAgent: ctx.userAgent,
})
} catch {
} catch (err) {
console.error('Failed to write audit log for analytics settings update:', err)
// Never throw on audit failure
}
@@ -760,7 +763,8 @@ export const settingsRouter = router({
ipAddress: ctx.ip,
userAgent: ctx.userAgent,
})
} catch {
} catch (err) {
console.error('Failed to write audit log for audit settings update:', err)
// Never throw on audit failure
}