fix(search): clamp pagination bounds

[Jorel97]

Summary

• normalize search page and limit query params to finite integer bounds
• prevent fractional or overflow page values from reaching Supabase range calls
• add regression coverage for fractional and huge page inputs

Fixes #324.

Testing

• Not run locally: this workspace has Node but no npm/pnpm/npx/corepack available to install or invoke Vitest.

[greptile-apps]

Greptile Summary

This PR introduces a parsePaginationParam helper to normalize page and limit query parameters, replacing the old arithmetic chain that allowed infinite or fractional values to propagate into Supabase .range() calls. Two regression tests are added covering the previously-unguarded fractional-page and enormous-page cases.

• src/app/api/search/route.ts: New parsePaginationParam function applies Number() coercion → Number.isFinite guard → Math.trunc → Math.max/min clamping, capping page at 100 000 and limit at 50.
• src/app/api/search/route.test.ts: Two new test cases verify that page=\"2.9\" truncates to 2 and that page=\"1e308\" caps to 100 000, with the corresponding .range() arguments confirmed.

Confidence Score: 5/5

Safe to merge — the change is narrowly scoped to input parsing and all reachable edge cases are handled correctly.

The parsePaginationParam helper correctly handles every relevant input class: null/empty/whitespace fall back to the default, fractional values are truncated, negatives are clamped to the minimum, huge-but-finite values (e.g. 1e308) are clamped to the maximum, and non-finite values (Infinity, NaN) fall back to the default via the isFinite guard. Offset arithmetic is unchanged and the two new tests verify the expected .range() arguments precisely.

No files require special attention.

Important Files Changed

Filename	Overview
src/app/api/search/route.ts	Adds parsePaginationParam helper; correctly handles null, empty, whitespace, fractional, negative, huge-finite, Infinity, and NaN inputs via isFinite guard + trunc + clamp.
src/app/api/search/route.test.ts	Adds two regression tests for fractional and huge-page inputs; expected range values are arithmetically correct. The Infinity string path (non-finite → default) is not explicitly tested but the route handles it correctly.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["GET /api/search\n?page=X & limit=Y"] --> B["parsePaginationParam(X, 1, 1, 100_000)"]
    B --> C{"value null\nor blank?"}
    C -- yes --> D["parsed = Number(defaultValue)"]
    C -- no --> E["parsed = Number(value)"]
    D --> F{"Number.isFinite\n(parsed)?"}
    E --> F
    F -- no --> G["finiteValue = defaultValue"]
    F -- yes --> H["finiteValue = parsed"]
    G --> I["Math.trunc(finiteValue)"]
    H --> I
    I --> J["Math.max(result, min)"]
    J --> K["Math.min(result, max)"]
    K --> L["page in [1, 100_000]\nlimit in [1, 50]"]
    L --> M["offset = (page - 1) x limit"]
    M --> N["supabase .range(offset, offset + limit - 1)"]

Loading

_{Reviews (1): Last reviewed commit: "fix(search): clamp pagination bounds" | Re-trigger Greptile}