Skip to content

fix: clamp pagination parameters#1131

Closed
Jah-yee wants to merge 1 commit intof:mainfrom
Jah-yee:fix/pagination-clamp-v2
Closed

fix: clamp pagination parameters#1131
Jah-yee wants to merge 1 commit intof:mainfrom
Jah-yee:fix/pagination-clamp-v2

Conversation

@Jah-yee
Copy link
Copy Markdown

@Jah-yee Jah-yee commented Apr 3, 2026
edited by coderabbitai bot
Loading

Good day

感谢你们的奉献希望能提供帮助。如果我解决得有问题或有待商妥的地方,请在下面留言,我会来处理。

Warmly
RoomWithRoof

Summary by CodeRabbit

  • Bug Fixes
    • Enhanced pagination parameter handling with improved validation, enforcing a maximum of 100 items per page and standardizing default pagination values.

fix: clamp pagination parameters for public API endpoint
4848c6b 
- Add parsePaginationParams function that validates and clamps page/perPage
- page defaults to 1 if invalid or non-positive
- perPage defaults to 24 if invalid, clamped to max 100
- prevents oversized database reads from malformed requests

Closes f#1129
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Apr 3, 2026
edited
Loading

📝 Walkthrough

Walkthrough

A helper function parsePaginationParams() was added to extract and validate pagination query parameters from the GET handler in the prompts route. The function enforces defaults (page=1, perPage=24) and clamps the items-per-page limit to a maximum of 100.

Changes

Cohort / File(s) Summary
Pagination Validation Refactoring
src/app/api/prompts/route.ts		 Extracted pagination parameter parsing into a dedicated helper function with built-in defaults and upper-bound validation for the perPage parameter.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A helper hops in, clean and neat,
Pagination parameters now sweet,
Defaults set, limits in place,
No more raw parsing—what a grace!
Query strings parsed with care and might! ✨

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'fix: clamp pagination parameters' directly and specifically describes the main change: adding pagination parameter clamping logic to prevent oversized database reads.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
src/app/api/prompts/route.ts (1)

318-321: Use explicit radix 10 with parseInt to avoid unexpected parsing.

parseInt without a radix can interpret strings with 0x prefix as hexadecimal (e.g., parseInt("0x10") returns 16). While the impact here is minimal since values are still validated and clamped, explicitly specifying radix 10 ensures consistent behavior.

♻️ Proposed fix 
   if (rawPage !== null) {
-    const parsed = parseInt(rawPage);
+    const parsed = parseInt(rawPage, 10);
     if (!Number.isNaN(parsed) && parsed > 0) {
       page = parsed;
     }
   }
   ...
   if (rawPerPage !== null) {
-    const parsed = parseInt(rawPerPage);
+    const parsed = parseInt(rawPerPage, 10);
     if (!Number.isNaN(parsed) && parsed > 0) {
       perPage = Math.min(parsed, MAX_PER_PAGE);
     }
   }

Also applies to: 328-331

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@src/app/api/prompts/route.ts` around lines 318 - 321, The parseInt calls
reading pagination params (e.g., parseInt(rawPage) used to set page and the
similar parseInt(rawLimit) used to set limit) should specify an explicit radix
to avoid unexpected octal/hex parsing; change to parseInt(rawPage, 10) and
parseInt(rawLimit, 10) while keeping the existing Number.isNaN checks and
clamping logic in the same functions/blocks that assign to page and limit.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@src/app/api/prompts/route.ts`:
- Around line 318-321: The parseInt calls reading pagination params (e.g.,
parseInt(rawPage) used to set page and the similar parseInt(rawLimit) used to
set limit) should specify an explicit radix to avoid unexpected octal/hex
parsing; change to parseInt(rawPage, 10) and parseInt(rawLimit, 10) while
keeping the existing Number.isNaN checks and clamping logic in the same
functions/blocks that assign to page and limit.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: cbcd4000-3123-47b5-bfb3-b70a9a0d1514

📥 Commits

Reviewing files that changed from the base of the PR and between 4ab7cf1 and 4848c6b.

📒 Files selected for processing (1)
  • src/app/api/prompts/route.ts

@f f closed this Apr 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Jah-yee @f