feat: implement GET /submissions/mine and GET /submissions/:id endpoints (#27, #28)#101
feat: implement GET /submissions/mine and GET /submissions/:id endpoints (#27, #28)#101chengfei-gh wants to merge 1 commit into
Conversation
Closes devasignhq#27 Closes devasignhq#28 Implements two new authenticated API endpoints: ## GET /api/submissions/mine - Returns paginated list of authenticated user's submissions - Includes bounty title, status, PR URL, and creation date - Supports cursor-style limit/offset pagination ## GET /api/submissions/:id - Returns full submission details including review status - Includes rejection reason (if any) and associated dispute info - Enforces ownership: only the submission creator can view details ## Files added/changed: - packages/api/src/routes/submissions.ts (new route module) - packages/api/src/__tests__/submissions.test.ts (comprehensive tests) - packages/api/src/app.ts (register submissions route) Solana Wallet: CZkLs4m55JBffoowGUtyfqb5GrymUVxgr9kMTrXKfbJV
Merge Score: 88/100🟢 The PR successfully implements the required submission endpoints with excellent test coverage and proper authorization checks. A few minor improvements are suggested: handling potential NaN values in pagination parameters, optimizing database queries by running them concurrently, and ensuring consistency with user ID properties. Code Suggestions (4)Medium Priority (1)
Reasoning: If a user provides a non-numeric string for Suggested Code: const query = c.req.query();
const parsedLimit = parseInt(query.limit || '10', 10);
const parsedOffset = parseInt(query.offset || '0', 10);
const limit = isNaN(parsedLimit) ? 10 : Math.min(parsedLimit, 100);
const offset = isNaN(parsedOffset) ? 0 : Math.max(parsedOffset, 0);Low Priority (3)
Reasoning: The queries for Suggested Code: // Fetch associated bounty info and disputes concurrently
const [bounty, relatedDisputes] = await Promise.all([
db.query.bounties.findFirst({
where: eq(bounties.id, submission.bountyId),
}),
db.query.disputes.findMany({
where: eq(disputes.submissionId, id),
orderBy: [desc(disputes.createdAt)],
})
]);
Reasoning: In other routes (e.g., Suggested Code: .where(eq(submissions.developerId, user.id || user.sub))
Reasoning: Keeping imports clean improves code readability and maintainability. Suggested Code: import { eq, desc } from 'drizzle-orm';📊 Review Metadata
|
There was a problem hiding this comment.
The diff implements both endpoints (GET /api/submissions/mine and GET /api/submissions/:id) in a new submissions router, registers it at /api/submissions, and adds tests covering happy paths, auth, pagination shape, 403, and 404 cases. All criteria appear met based on the diff. Minor notes: pagination limit uses parseInt without NaN guard (e.g., ?limit=abc would yield NaN), and the test file doesn't explicitly assert that the limit query parameter influences the SQL .limit() call, but the route clearly implements the limit/offset behavior with default 10 and cap 100.
There was a problem hiding this comment.
End goal
Add two authenticated submission endpoints—GET /submissions/mine returning a paginated list of the user's submissions and GET /submissions/:id returning a single submission's full details with ownership enforcement.
❌ Acceptance criteria not met
- C1 — GET /api/submissions/mine returns a paginated list of the authenticated user's submissions, each including bounty title, status, PR URL, and creation date.
- C2 — GET /api/submissions/mine supports limit and offset query parameters with defaults (limit=10) and enforces a maximum limit of 100.
- C3 — GET /api/submissions/:id returns full submission details including review status, rejection reason (if any), and associated dispute info.
- C4 — GET /api/submissions/:id enforces ownership, returning 403 when the requesting user is not the submission creator.
- C5 — GET /api/submissions/:id returns 404 when the requested submission does not exist.
- C6 — Both endpoints require authentication and reject unauthenticated requests.
- C7 — A submissions router is implemented in packages/api/src/routes/submissions.ts and registered/mounted at /api/submissions in packages/api/src/app.ts.
- C8 — Tests in packages/api/src/tests/submissions.test.ts cover happy path, pagination, auth, and 403/404 cases and pass.
📋 One prompt to fix all of this — paste into your AI coding agent
You are helping fix PR "feat: implement GET /submissions/mine and GET /submissions/:id endpoints (#27, #28)" in devasignhq/mobile-app. Automated review flagged the items below as blocking approval. Apply the changes so each one passes — don't introduce changes beyond what's listed.
## End goal
Add two authenticated submission endpoints—GET /submissions/mine returning a paginated list of the user's submissions and GET /submissions/:id returning a single submission's full details with ownership enforcement.
## Failed acceptance criteria
### 1. GET /api/submissions/mine returns a paginated list of the authenticated user's submissions, each including bounty title, status, PR URL, and creation date. (C1)
_(No specific patch was suggested for this criterion — use the criterion text and evidence above to plan the fix.)_
### 2. GET /api/submissions/mine supports limit and offset query parameters with defaults (limit=10) and enforces a maximum limit of 100. (C2)
_(No specific patch was suggested for this criterion — use the criterion text and evidence above to plan the fix.)_
### 3. GET /api/submissions/:id returns full submission details including review status, rejection reason (if any), and associated dispute info. (C3)
_(No specific patch was suggested for this criterion — use the criterion text and evidence above to plan the fix.)_
### 4. GET /api/submissions/:id enforces ownership, returning 403 when the requesting user is not the submission creator. (C4)
_(No specific patch was suggested for this criterion — use the criterion text and evidence above to plan the fix.)_
### 5. GET /api/submissions/:id returns 404 when the requested submission does not exist. (C5)
_(No specific patch was suggested for this criterion — use the criterion text and evidence above to plan the fix.)_
### 6. Both endpoints require authentication and reject unauthenticated requests. (C6)
_(No specific patch was suggested for this criterion — use the criterion text and evidence above to plan the fix.)_
### 7. A submissions router is implemented in packages/api/src/routes/submissions.ts and registered/mounted at /api/submissions in packages/api/src/app.ts. (C7)
_(No specific patch was suggested for this criterion — use the criterion text and evidence above to plan the fix.)_
### 8. Tests in packages/api/src/__tests__/submissions.test.ts cover happy path, pagination, auth, and 403/404 cases and pass. (C8)
_(No specific patch was suggested for this criterion — use the criterion text and evidence above to plan the fix.)_
## Your task
For each failed criterion and blocker above, apply the suggested fix. Use the `Relevant diff` hunks as the anchor for where to make the change. After each change, re-verify it satisfies the criterion or addresses the blocker it's tied to.
Summary
Implements two new authenticated API endpoints for the submissions system:
GET /api/submissions/mine
limitandoffsetquery parameters (default: limit=10, max=100)GET /api/submissions/:id
Implementation Details
packages/api/src/routes/submissions.ts— clean Hono router following existing patternspackages/api/src/__tests__/submissions.test.ts— comprehensive tests covering happy path, pagination, auth, 403/404 casespackages/api/src/app.tsto mount submissions router at/api/submissionsTesting
Run with:
cd packages/api && npm testCloses
Payment
Solana Wallet:
CZkLs4m55JBffoowGUtyfqb5GrymUVxgr9kMTrXKfbJV