fix: security hardening + performance refactoring (code review batch 1)

- IDOR fix: deliberation vote now verifies juryMemberId === ctx.user.id - Rate limiting: tRPC middleware (100/min), AI endpoints (5/hr), auth IP-based (10/15min) - 6 compound indexes added to Prisma schema - N+1 eliminated in processRoundClose (batch updateMany/createMany) - N+1 eliminated in batchCheckRequirementsAndTransition (3 batch queries) - Service extraction: juror-reassignment.ts (578 lines) - Dead code removed: award.ts, cohort.ts, decision.ts (680 lines) - 35 bare catch blocks replaced across 16 files - Fire-and-forget async calls fixed - Notification false positive bug fixed Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 16:18:24 +01:00
parent a8b8643936
commit b85a9b9a7b
32 changed files with 1032 additions and 1355 deletions
--- a/src/server/routers/webhook.ts
+++ b/src/server/routers/webhook.ts
@@ -1,4 +1,5 @@
 import { z } from 'zod'
+import { TRPCError } from '@trpc/server'
 import { router, superAdminProcedure } from '../trpc'
 import { logAudit } from '@/server/utils/audit'
 import {
@@ -108,7 +109,9 @@ export const webhookRouter = router({
          entityId: webhook.id,
          detailsJson: { name: input.name, url: input.url, events: input.events },
        })
-      } catch {}
+      } catch (err) {
+        console.error('[Webhook] Audit log failed:', err)
+      }

      return webhook
    }),
@@ -152,7 +155,9 @@ export const webhookRouter = router({
          entityId: id,
          detailsJson: { updatedFields: Object.keys(data) },
        })
-      } catch {}
+      } catch (err) {
+        console.error('[Webhook] Audit log failed:', err)
+      }

      return webhook
    }),
@@ -176,7 +181,9 @@ export const webhookRouter = router({
          entityType: 'Webhook',
          entityId: input.id,
        })
-      } catch {}
+      } catch (err) {
+        console.error('[Webhook] Audit log failed:', err)
+      }

      return { success: true }
    }),
@@ -192,7 +199,7 @@ export const webhookRouter = router({
      })

      if (!webhook) {
-        throw new Error('Webhook not found')
+        throw new TRPCError({ code: 'NOT_FOUND', message: 'Webhook not found' })
      }

      const testPayload = {
@@ -231,7 +238,9 @@ export const webhookRouter = router({
          entityId: input.id,
          detailsJson: { deliveryStatus: result?.status },
        })
-      } catch {}
+      } catch (err) {
+        console.error('[Webhook] Audit log failed:', err)
+      }

      return result
    }),
@@ -292,7 +301,9 @@ export const webhookRouter = router({
          entityType: 'Webhook',
          entityId: input.id,
        })
-      } catch {}
+      } catch (err) {
+        console.error('[Webhook] Audit log failed:', err)
+      }

      return webhook
    }),