fix(affiliates): clamp offers pagination

[Jorel97]

Summary

• normalize affiliate offers marketplace page and limit query params before calculating Supabase ranges
• clamp invalid, negative, fractional, and huge values to finite bounds
• add regression coverage for invalid and overflow-prone pagination inputs

Fixes #322.

Testing

• Not run locally: this workspace has Node but no npm/pnpm/npx/corepack available to install or invoke Vitest.

[greptile-apps]

Greptile Summary

This PR replaces bare parseInt pagination parsing in the affiliate offers GET route with a parsePaginationParam helper that handles NaN, Infinity, negative values, fractional inputs, and astronomically large numbers before they reach the Supabase range() call.

• parsePaginationParam converts the raw string to a Number, falls back to the default when the result is non-finite, then applies Math.trunc followed by Math.max/Math.min clamping — correctly bounding page to [1, 100_000] and limit to [1, 50].
• Two new regression tests verify the clamped range() arguments directly via a rangeSpy, and the shared offerListChain helper addresses the duplication noted in the previous review thread.

Confidence Score: 5/5

Safe to merge — the change is a targeted input-sanitisation fix with no side effects on the query path beyond bounding the range arguments.

The parsePaginationParam helper correctly handles every problematic input class (NaN, Infinity, negatives, fractions, overflow-sized floats) and the arithmetic for the Supabase range call is verified by the new regression tests. No pre-existing behaviour is changed for valid inputs.

No files require special attention.

Important Files Changed

Filename	Overview
src/app/api/affiliates/offers/route.ts	Adds parsePaginationParam helper that replaces inline parseInt with NaN-safe, trunc-then-clamp logic; page capped at 100_000, limit capped at 50 — no logic regressions found
src/app/api/affiliates/offers/route.test.ts	Extracts offerListChain helper (DRY fix from prior review) and adds two new regression tests covering invalid strings and huge numeric inputs; expected range arguments verified arithmetically correct

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["GET ?page=X & limit=Y"] --> B["parsePaginationParam(value, default, min, max)"]
    B --> C{"value null or empty?"}
    C -- Yes --> D["use defaultValue"]
    C -- No --> E["Number(value)"]
    E --> F{"isFinite?"}
    F -- No --> D
    F -- Yes --> G["Math.trunc(parsed)"]
    D --> G
    G --> H["Math.max(result, min)"]
    H --> I["Math.min(result, max)"]
    I --> J["page in [1, 100_000], limit in [1, 50]"]
    J --> K["from = (page-1) x limit, to = from + limit - 1"]
    K --> L["query.range(from, to)"]

Loading

_{Reviews (2): Last reviewed commit: "test(affiliates): share offers paginatio..." | Re-trigger Greptile}