fix(gigs): cap page query values

[Jorel97]

Fixes #346.

This caps huge /api/gigs?page=... values before they are validated and used to build the Supabase range offset. Normal pages are unchanged, while oversized pages now use a safe MAX_GIG_PAGE value and return matching pagination metadata.

I also added regression coverage for an oversized page value and the resulting .range(...) bounds.

Verification: local dependency install is unavailable in this workspace, so I validated the targeted source/test change and will follow the PR checks.

[greptile-apps]

Greptile Summary

This PR fixes oversized page and limit query values for GET /api/gigs by capping them upstream via Math.min before schema validation, replacing 400 errors with silently-capped-but-valid responses. It also removes the now-redundant clampedLimit local variable and adds two targeted regression tests.

• route.ts: Introduces MAX_GIG_PAGE = 100_000 and MAX_GIG_LIMIT = 50 constants and applies Math.min to both page and limit before gigFiltersSchema.safeParse, then drops the clampedLimit intermediate that was already superseded by upstream caps and schema constraints.
• route.test.ts: Adds test cases verifying that a page=999999999 request is capped to 100000 with the correct Supabase range bounds, and that a limit=999999999 request is capped to 50 with correct totalPages metadata.

Confidence Score: 5/5

Safe to merge — the capping logic is correct, schema validation still provides the min/max guardrails, and the removed clampedLimit was fully redundant given upstream caps plus Zod constraints.

The upstream Math.min caps for both page and limit are correctly implemented and consistent with schema constraints. Removing clampedLimit is safe because gigFiltersSchema enforces min(1) and max(50) on limit, so invalid values still result in a 400. The two new tests verify the correct Supabase range bounds and pagination metadata for oversized inputs. No current defects were found in the changed paths.

No files require special attention beyond the minor constant-duplication note on route.ts.

Important Files Changed

Filename	Overview
src/app/api/gigs/route.ts	Adds MAX_GIG_PAGE/MAX_GIG_LIMIT constants and upstream Math.min caps; removes now-redundant clampedLimit. MAX_GIG_LIMIT = 50 duplicates the schema's max(50) constraint without reference, creating a potential drift risk.
src/app/api/gigs/route.test.ts	Adds two regression tests for oversized page and limit values; both assertions match the implementation correctly.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[GET /api/gigs request] --> B[Parse searchParams]
    B --> C["page = Math.min(Number(page) || 1, MAX_GIG_PAGE)"]
    B --> D["limit = Math.min(Number(limit) || 20, MAX_GIG_LIMIT)"]
    C --> E[gigFiltersSchema.safeParse]
    D --> E
    E -->|invalid| F[400 Bad Request]
    E -->|valid| G[Build Supabase query]
    G --> H["offset = Math.max(0, (page-1) * limit)"]
    H --> I["query.range(offset, offset + limit - 1)"]
    I --> J[Execute query]
    J --> K["Return gigs + pagination {page, limit, total, totalPages}"]

Loading

_{Reviews (2): Last reviewed commit: "fix(gigs): cap page and limit values" | Re-trigger Greptile}

[Jorel97]

Addressed the Greptile pagination note in the latest commits. The route now caps both oversized page and limit values before range construction/metadata, and the test coverage includes both huge page and huge limit inputs.