looks good to me

typed-sigterm · typed-sigterm · commit 8c60bafd0df7 · 2025-04-20T00:19:35.000+08:00
[skip netlify]
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -6,9 +6,6 @@ on:
   push:
     branches: [main]
 
-permissions:
-  contents: read
-
 env:
   SUPABASE_DATABASE_URL: ${{ secrets.SUPABASE_DATABASE_URL }}
 
@@ -30,4 +27,7 @@ jobs:
       - uses: autofix-ci/action@2891949f3779a1cafafae1523058501de3d4e944 # v1.3.1
         if: always()
         with:
-          commit-message: 'style: autofix'
+          commit-message: |
+            style: autofix
+
+            [skip netlify]
diff --git a/app/layouts/default.vue b/app/layouts/default.vue
@@ -11,6 +11,7 @@ const links: [NavigationMenuItem[], NavigationMenuItem[] ] = [[{
 }], [{
   label: 'New Topic',
   icon: 'i-lucide-plus',
+  onSelect: async () => navigateTo(`/topic/${await createTopic()}`),
 }/* , {  label: 'Feedback',  icon: 'i-lucide-message-circle',  to: 'https://github.com/nuxt-ui-pro/dashboard',  target: '_blank',} */]];
 
 const groups = computed(() => [{
diff --git a/app/utils/topics.ts b/app/utils/topics.ts
@@ -0,0 +1,15 @@
+import type { SupabaseClient } from "@supabase/supabase-js"
+
+export async function createTopic(supa: SupabaseClient) {
+  const { data } = await supa
+    .from('topics')
+    .insert({
+      title: 'New Topic',
+      description: '',
+    })
+    .select('id')
+    .single()
+    .throwOnError()
+
+  return data.id;
+}
diff --git a/server/api/request-tasks.post.ts b/server/api/request-tasks.post.ts
@@ -2,24 +2,49 @@ import { serverSupabaseClient, serverSupabaseUser } from '#supabase/server';
 import { z } from 'zod';
 
 const Body = z.object({
-  id: z.string(),
+  id: z.string().uuid(),
 });
 
 export default defineEventHandler(async (ev) => {
   const body = await readValidatedBody(ev, Body.parse);
-  // const user = await serverSupabaseUser(ev);
+  const user = requiresLogin(await serverSupabaseUser(ev));
   const supa = await serverSupabaseClient(ev);
 
-  const taskOwner = await supa
-    .from('tasks')
-    .select('*')
+  // Verify ownership
+  const owner = await supa
+    .from('topics')
+    .select('owner')
     .eq('id', body.id)
-    .single();
+    .limit(1)
+    .throwOnError();
+  if (owner.data[0]?.owner !== user.id)
+    throw createError({ status: 404, message: 'Task not found' });
 
-  if (taskOwner.error) {
-    console.error('Error querying task owner:', taskOwner.error);
-    throw createError({ status: 500, message: 'Failed to query task owner' });
+  // Query timeline_nodes for the given topic
+  const timelineResponse = await supa
+    .from('timeline_nodes')
+    .select('*')
+    .eq('topic_id', body.id);
+  if (timelineResponse.error) {
+    console.error('Error querying timeline_nodes:', timelineResponse.error);
+    throw createError({ status: 500, message: 'Failed to query timeline_nodes' });
   }
-
-  // todo
+  
+  // Query tasks for the given topic
+  const tasksResponse = await supa
+    .from('tasks')
+    .select('*')
+    .eq('topic_id', body.id)
+    .throwOnError();
+  
+  // Concatenate timeline_nodes and tasks info
+  const timelineText = timelineResponse.data
+    .map((node: any) => `${node.title}: ${node.description}`)
+    .join('\n');
+  const tasksText = tasksResponse.data
+    .map((task: any) => `${task.title}: ${task.description} (Status: ${task.status})`)
+    .join('\n');
+  const contentForDeepseek = timelineText + '\n' + tasksText;
+  
+  return contentForDeepseek;
 });
diff --git a/server/utils/auth.ts b/server/utils/auth.ts
@@ -0,0 +1,12 @@
+import type { User } from '@supabase/supabase-js';
+
+export function requiresLogin(user: User | null) {
+  if (!user) {
+    throw createError({
+      statusCode: 401,
+      statusMessage: 'Unauthorized',
+      message: 'You must be logged in to access this resource.',
+    });
+  }
+  return user;
+}
diff --git a/supabase/migrations/20250419160500_prevent-owner-change.sql b/supabase/migrations/20250419160500_prevent-owner-change.sql
@@ -0,0 +1,40 @@
+ALTER TABLE public.topics
+  ALTER COLUMN owner SET DEFAULT auth.uid();
+
+DROP POLICY allow_owner ON public.topics;
+CREATE POLICY allow_owner ON public.topics
+  FOR ALL
+  USING (owner = auth.uid())
+  WITH CHECK (owner = auth.uid());
+
+DROP POLICY allow_owner ON public.timeline_nodes;
+CREATE POLICY allow_owner ON public.timeline_nodes
+  FOR ALL
+  USING (EXISTS (
+    SELECT 1
+    FROM public.topics
+    WHERE public.topics.id = public.timeline_nodes.topic_id
+      AND public.topics.owner = auth.uid()
+  ))
+  WITH CHECK (EXISTS (
+    SELECT 1
+    FROM public.topics
+    WHERE public.topics.id = public.timeline_nodes.topic_id
+      AND public.topics.owner = auth.uid()
+  ));
+
+DROP POLICY allow_owner ON public.tasks;
+CREATE POLICY allow_owner ON public.tasks
+  FOR ALL
+  USING (EXISTS (
+    SELECT 1
+    FROM public.topics
+    WHERE public.topics.id = public.tasks.topic_id
+      AND public.topics.owner = auth.uid()
+  ))
+  WITH CHECK (EXISTS (
+    SELECT 1
+    FROM public.topics
+    WHERE public.topics.id = public.tasks.topic_id
+      AND public.topics.owner = auth.uid()
+  ));
