Fix period editing and harden app with Next.js security upgrade

2026-04-20 00:02:46 +02:00
parent 5a8b0871a0
commit f947908f0e
14 changed files with 2595 additions and 51 deletions
--- a/src/app/api/expenses/[id]/paid/route.ts
+++ b/src/app/api/expenses/[id]/paid/route.ts
@@ -6,12 +6,13 @@ import prisma from "@/lib/prisma";
 import { getCurrentViewer } from "@/lib/session";

 type Context = {
-  params: {
+  params: Promise<{
    id: string;
-  };
+  }>;
 };

 export async function POST(_: Request, { params }: Context) {
+  const { id } = await params;
  const viewer = await getCurrentViewer();

  if (!viewer) {
@@ -23,7 +24,7 @@ export async function POST(_: Request, { params }: Context) {
  }

  const expense = await prisma.expense.findUnique({
-    where: { id: params.id }
+    where: { id }
  });

  if (!expense) {
@@ -35,7 +36,7 @@ export async function POST(_: Request, { params }: Context) {
  }

  const updatedExpense = await prisma.expense.update({
-    where: { id: params.id },
+    where: { id },
    data: {
      paidAt: expense.paidAt ?? new Date()
    }