Fix period editing and harden app with Next.js security upgrade

2026-04-20 00:02:46 +02:00
parent 5a8b0871a0
commit f947908f0e
14 changed files with 2595 additions and 51 deletions
--- a/src/app/api/budgets/[id]/route.ts
+++ b/src/app/api/budgets/[id]/route.ts
@@ -26,12 +26,13 @@ const updateBudgetSchema = z
  });

 type Context = {
-  params: {
+  params: Promise<{
    id: string;
-  };
+  }>;
 };

 export async function PATCH(request: Request, { params }: Context) {
+  const { id } = await params;
  const viewer = await getCurrentViewer();

  if (!viewer) {
@@ -43,7 +44,7 @@ export async function PATCH(request: Request, { params }: Context) {
  }

  const budget = await prisma.budget.findUnique({
-    where: { id: params.id }
+    where: { id }
  });

  if (!budget) {
@@ -61,7 +62,7 @@ export async function PATCH(request: Request, { params }: Context) {
    const previousBudget = budget;
    const nextReleasedAmount = parsed.data.releasedAmount ?? Number(previousBudget.releasedAmount);
    const updatedBudget = await prisma.budget.update({
-      where: { id: params.id },
+      where: { id },
      data: {
        name: parsed.data.name,
        totalBudget: parsed.data.totalBudget,
@@ -106,6 +107,7 @@ export async function PATCH(request: Request, { params }: Context) {
 }

 export async function DELETE(_: Request, { params }: Context) {
+  const { id } = await params;
  const viewer = await getCurrentViewer();

  if (!viewer) {
@@ -117,7 +119,7 @@ export async function DELETE(_: Request, { params }: Context) {
  }

  const budget = await prisma.budget.findUnique({
-    where: { id: params.id },
+    where: { id },
    include: {
      _count: {
        select: {
@@ -139,7 +141,7 @@ export async function DELETE(_: Request, { params }: Context) {
  }

  await prisma.budget.delete({
-    where: { id: params.id }
+    where: { id }
  });

  await createAuditLog(prisma, {