king tut

[carteraccs]

Summary by CodeRabbit

• New Features
  • Added a new ancient-Egypt themed message to the loading screen, expanding the variety of entertaining status messages users see while waiting for content to load.
  • Introduced workspace member warning capabilities, enabling administrators to issue formal warnings to workspace members with specific, documented reasons tracked in the system.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new API endpoint for issuing workspace member warnings is introduced, along with an additional loading screen message. The endpoint validates permissions, confirms member existence, requires a non-empty reason, and persists warnings to the database using the issuer's session ID.

Changes

Cohort / File(s)	Summary
Loading Screen Enhancement components/loading.tsx	Added one new message string to the rotating status text pool for LoadingScreen.
Member Warning Endpoint pages/api/workspace/[id]/member/warn.ts	New POST-only API handler that validates permissions, parses workspaceGroupId from route parameters, requires userId and non-empty reason in request body, verifies member existence, creates a warning record, and returns appropriate HTTP status codes with stringified BigInt identifiers.

Sequence Diagram

sequenceDiagram
    participant Client
    participant API Handler
    participant Permission Check
    participant Database
    participant Session

    Client->>API Handler: POST /api/workspace/[id]/member/warn
    API Handler->>Permission Check: withPermissionCheck('warn')
    Permission Check->>Session: Verify user session
    Session-->>Permission Check: Session valid
    API Handler->>API Handler: Extract workspaceGroupId, userId, reason
    API Handler->>API Handler: Validate required fields
    API Handler->>Database: findUnique(workspaceMember)
    Database-->>API Handler: Member found/not found
    alt Member exists
        API Handler->>Database: Create warning record
        Database-->>API Handler: Warning created
        API Handler->>Client: 200 OK + warning details
    else Member not found
        API Handler->>Client: 404 Not Found
    else Missing inputs
        API Handler->>Client: 400 Bad Request
    else Non-POST method
        API Handler->>Client: 405 Method Not Allowed
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A warning whispered in the digital breeze,
New messages bloom through the loading's ease,
Members cautioned with logic so clear,
The workspace grows wiser throughout the year! 🌟

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'king tut' is vague and does not clearly convey what changes are being made; it appears to be an obscure reference rather than a meaningful description of the changeset.	Use a descriptive title that clearly explains the main change, such as 'Add ancient Egypt themed loading message and workspace member warning endpoint'.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 60 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pages/api/workspace/`[id]/member/warn.ts:
- Around line 19-26: The code calls prisma.warning.create but no Warning model
exists in the Prisma schema; add a Warning model to schema.prisma with fields
that match the create call (workspaceGroupId, userId, issuedById, reason) plus
an id and timestamps as needed, ensure types align with BigInt usage for
userId/issuedById (e.g., BigInt/BigInt? mapped appropriately), run prisma
migrate (or db push) and prisma generate so the prisma.client exposes Warning
and prisma.warning.create; update any relations (e.g., workspaceGroup and user
models) to reference Warning if appropriate.
- Around line 8-15: Validate that req.query.id is a valid integer before using
parseInt and that req.body.userId is a valid integer string before using BigInt:
ensure parseInt(req.query.id,10) yields a finite number (not NaN) and return
res.status(400) if invalid, and verify userId matches /^\d+$/ (or use
Number.isInteger after converting) before calling BigInt(userId); update the
handler around workspaceGroupId / userId extraction (symbols: req.query.id,
parseInt, workspaceGroupId, req.body.userId, BigInt,
prisma.workspaceMember.findUnique) to perform these checks and return a 400 with
a clear error message instead of allowing parseInt/BigInt to throw.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1ca28e46-b7cd-46b8-a4c4-17374aa4e9ef

📥 Commits

Reviewing files that changed from the base of the PR and between 4dd02ff and 3920083.

📒 Files selected for processing (2)

• components/loading.tsx
• pages/api/workspace/[id]/member/warn.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Show relevant conversion and guard lines:"
rg -nP --type=ts 'parseInt\(req\.query\.id as string,\s*10\)|BigInt\(userId\)|Number\.isInteger|^\s*if\s*\(!/\\\^\\d\+\\\$/\.test\(userId\)\)'

Repository: PlanetaryOrbit/orbit

Length of output: 7052

---

🏁 Script executed:

cat -n pages/api/workspace/[id]/member/warn.ts

Repository: PlanetaryOrbit/orbit

Length of output: 1486

---

🏁 Script executed:

rg -A 20 'export.*function withPermissionCheck|const withPermissionCheck' utils/permissionsManager.ts | head -50

Repository: PlanetaryOrbit/orbit

Length of output: 1506

---

🏁 Script executed:

rg -A 30 'export.*function withSessionRoute|const withSessionRoute' utils/ | head -80

Repository: PlanetaryOrbit/orbit

Length of output: 46

---

🏁 Script executed:

rg -n 'withSessionRoute' --type=ts --type=tsx

Repository: PlanetaryOrbit/orbit

Length of output: 92

---

🏁 Script executed:

rg -n 'withSessionRoute' --type=ts

Repository: PlanetaryOrbit/orbit

Length of output: 20507

---

🏁 Script executed:

cat -n lib/withSession.ts | head -80

Repository: PlanetaryOrbit/orbit

Length of output: 2644

---

🏁 Script executed:

sed -n '95,110p' pages/api/workspace/[id]/avatar/[userid]/index.ts

Repository: PlanetaryOrbit/orbit

Length of output: 705

---

🏁 Script executed:

cat -n pages/api/workspace/[id]/settings/external/test.ts | sed -n '55,65p'

Repository: PlanetaryOrbit/orbit

Length of output: 526

---

Validate numeric inputs before parseInt/BigInt conversions.

Line 8 and line 14 accept unchecked numeric input. Invalid id or userId can cause BigInt to throw an unhandled exception or parseInt to return NaN, both resulting in 500 errors instead of returning a clean 400 response.

Add validation after parseInt and before BigInt conversions, following patterns already used elsewhere in the codebase:

Proposed patch

	const workspaceGroupId = parseInt(req.query.id as string, 10);
+	if (!Number.isInteger(workspaceGroupId) || workspaceGroupId <= 0) {
+		return res.status(400).json({ success: false, error: 'Invalid workspace id' });
+	}
 	const { userId, reason } = req.body as { userId?: string; reason?: string };
 
 	if (!userId || !reason?.trim()) return res.status(400).json({ success: false, error: 'userId and reason are required' });
+	if (!/^\d+$/.test(userId)) {
+		return res.status(400).json({ success: false, error: 'Invalid userId' });
+	}
 
 	const member = await prisma.workspaceMember.findUnique({

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const workspaceGroupId = parseInt(req.query.id as string, 10);
	const { userId, reason } = req.body as { userId?: string; reason?: string };
	if (!userId || !reason?.trim()) return res.status(400).json({ success: false, error: 'userId and reason are required' });
	const member = await prisma.workspaceMember.findUnique({
	where: { workspaceGroupId_userId: { workspaceGroupId, userId: BigInt(userId) } },
	});
	const workspaceGroupId = parseInt(req.query.id as string, 10);
	if (!Number.isInteger(workspaceGroupId) || workspaceGroupId <= 0) {
	return res.status(400).json({ success: false, error: 'Invalid workspace id' });
	}
	const { userId, reason } = req.body as { userId?: string; reason?: string };
	if (!userId || !reason?.trim()) return res.status(400).json({ success: false, error: 'userId and reason are required' });
	if (!/^\d+$/.test(userId)) {
	return res.status(400).json({ success: false, error: 'Invalid userId' });
	}
	const member = await prisma.workspaceMember.findUnique({
	where: { workspaceGroupId_userId: { workspaceGroupId, userId: BigInt(userId) } },
	});

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pages/api/workspace/`[id]/member/warn.ts around lines 8 - 15, Validate that
req.query.id is a valid integer before using parseInt and that req.body.userId
is a valid integer string before using BigInt: ensure parseInt(req.query.id,10)
yields a finite number (not NaN) and return res.status(400) if invalid, and
verify userId matches /^\d+$/ (or use Number.isInteger after converting) before
calling BigInt(userId); update the handler around workspaceGroupId / userId
extraction (symbols: req.query.id, parseInt, workspaceGroupId, req.body.userId,
BigInt, prisma.workspaceMember.findUnique) to perform these checks and return a
400 with a clear error message instead of allowing parseInt/BigInt to throw.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Locate Prisma schema files:"
fd -i schema.prisma

echo
echo "Check for Warning model declarations:"
rg -nP '^\s*model\s+(Warning|warning)\b' $(fd -i schema.prisma) || true

echo
echo "Find prisma.warning usage in API code:"
rg -nP --type=ts 'prisma\.warning\.'

Repository: PlanetaryOrbit/orbit

Length of output: 282

---

🏁 Script executed:

cat -n prisma/schema.prisma

Repository: PlanetaryOrbit/orbit

Length of output: 25210

---

🏁 Script executed:

sed -n '15,30p' pages/api/workspace/[id]/member/warn.ts

Repository: PlanetaryOrbit/orbit

Length of output: 510

---

Missing Warning model in Prisma schema will cause runtime failure.

The code at line 19 calls prisma.warning.create(), but no Warning model is defined in prisma/schema.prisma. This will fail at runtime because Prisma will not generate client methods for non-existent models. Add the Warning model to the schema with fields matching the create call: workspaceGroupId, userId, issuedById, and reason.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pages/api/workspace/`[id]/member/warn.ts around lines 19 - 26, The code calls
prisma.warning.create but no Warning model exists in the Prisma schema; add a
Warning model to schema.prisma with fields that match the create call
(workspaceGroupId, userId, issuedById, reason) plus an id and timestamps as
needed, ensure types align with BigInt usage for userId/issuedById (e.g.,
BigInt/BigInt? mapped appropriately), run prisma migrate (or db push) and prisma
generate so the prisma.client exposes Warning and prisma.warning.create; update
any relations (e.g., workspaceGroup and user models) to reference Warning if
appropriate.