Skip to content

Fix version restore endpoint by passing fileId through route and client API#32

Merged
alokkksharmaa merged 5 commits into
mainfrom
copilot/fix-restore-version-endpoint
Jun 13, 2026
Merged

Fix version restore endpoint by passing fileId through route and client API#32
alokkksharmaa merged 5 commits into
mainfrom
copilot/fix-restore-version-endpoint

Conversation

Copilot AI commented Jun 5, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Version restore was failing before controller execution because verifyFileAccess only accepts id|fileId, while restore exposed only :versionId. This change aligns restore routing with access middleware so restore requests authorize correctly and reach restoreVersion.

  • API contract alignment (backend)

    • Updated restore route from:
      • POST /api/files/restore/:versionId
    • To:
      • POST /api/files/restore/:fileId/:versionId
    • Kept existing access/role middleware chain; now verifyFileAccess can resolve the target file.

  • Client integration update (frontend)

    • Updated restoreVersion API helper signature to accept (fileId, versionId).
    • Updated VersionHistory restore action to pass current fileId with selected versionId.

  • Documentation sync

    • Updated README endpoint table and version-history flow diagram to reflect the new restore route shape.

  • Restore endpoint hardening

    • Added route-level rate limiting on restore to mitigate repeated restore abuse patterns.
// backend/routes/fileRoutes.js
router.post(
  '/restore/:fileId/:versionId',
  restoreVersionRateLimit,
  verifyFileAccess,
  checkRole('editor'),
  restoreVersion
);

// frontend/src/services/fileApi.js
export const restoreVersion = async (fileId, versionId) =>
  (await api.post(`/api/files/restore/${fileId}/${versionId}`)).data;

Copilot AI linked an issue Jun 5, 2026 that may be closed by this pull request
POST /api/files/restore/:versionId always returns 400 due to wrong route param in verifyFileAccess middleware #31
Closed
Copilot AI changed the title [WIP] Fix POST /api/files/restore/:versionId to correctly extract file ID Fix version restore endpoint by passing fileId through route and client API Jun 5, 2026
Copilot AI requested a review from alokkksharmaa June 5, 2026 09:53
@alokkksharmaa

alokkksharmaa commented Jun 13, 2026

Copy link
Copy Markdown
Owner

@copilot resolve the merge conflicts in this pull request

alokkksharmaa
alokkksharmaa approved these changes Jun 13, 2026
View reviewed changes

@alokkksharmaa alokkksharmaa left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approve

@alokkksharmaa

alokkksharmaa commented Jun 13, 2026
edited
Loading

Copy link
Copy Markdown
Owner

..

@alokkksharmaa alokkksharmaa mentioned this pull request Jun 13, 2026
Closed

Copilot AI commented Jun 13, 2026

Copy link
Copy Markdown
Contributor Author

@copilot resolve the merge conflicts in this pull request

Resolved and finalized the merge conflicts in commit abdd27c.

Copilot AI requested a review from alokkksharmaa June 13, 2026 18:26
@alokkksharmaa alokkksharmaa marked this pull request as ready for review June 13, 2026 18:39
Copilot AI review requested due to automatic review settings June 13, 2026 18:39
@alokkksharmaa alokkksharmaa merged commit 80b4db3 into main Jun 13, 2026
Copilot AI reviewed Jun 13, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the documented restore-version API shape and adds a route-level rate limit to the backend restore endpoint, along with the required backend dependency updates.

Changes:

  • Updated README and controller comment to reflect POST /api/files/restore/:fileId/:versionId.
  • Added express-rate-limit-based throttling middleware to the restore route.
  • Added express-rate-limit (and transitive ip-address) to backend dependencies/lockfile.

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
Readme.md Syncs API reference + flow diagram to the restore route shape with fileId and versionId.
backend/routes/fileRoutes.js Adds route-level rate limiting middleware on restore requests.
backend/package.json Adds express-rate-limit dependency.
backend/package-lock.json Locks express-rate-limit and transitive dependency versions.
backend/controllers/versionController.js Updates the route header comment for restore to include :fileId/:versionId.
Files not reviewed (1)
  • backend/package-lock.json: Generated file

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread backend/routes/fileRoutes.js
router.post('/:fileId/version', verifyFileAccess, checkRole('editor'), saveVersion);
router.get('/:fileId/history', verifyFileAccess, getHistory);
router.post('/restore/:fileId/:versionId', verifyFileAccess, checkRole('editor'), restoreVersion);
router.post('/restore/:fileId/:versionId', restoreVersionRateLimit, verifyFileAccess, checkRole('editor'), restoreVersion);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@alokkksharmaa alokkksharmaa Awaiting requested review from alokkksharmaa

Assignees

@alokkksharmaa alokkksharmaa

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

POST /api/files/restore/:versionId always returns 400 due to wrong route param in verifyFileAccess middleware

3 participants

@alokkksharmaa