Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Fix getGroups #3280

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
steven-tey merged 1 commit into from
Dec 24, 2025
Merged

Fix getGroups #3280

steven-tey merged 1 commit into from
Dec 24, 2025

Conversation

@devkiran
Copy link
Collaborator

@devkiran devkiran commented Dec 24, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Refactor
    • Internal improvements to database query handling for groups functionality.

✏️ Tip: You can customize this high-level summary in your review settings.

@vercel
Copy link
Contributor

vercel bot commented Dec 24, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
dub Ready Ready Preview Dec 24, 2025 5:18pm

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 24, 2025
edited
Loading

📝 Walkthrough

Walkthrough

The code refactors a Prisma raw SQL query construction by wrapping the template literal with Prisma.sql tag syntax. Changes from prisma.$queryRaw\...`toprisma.$queryRaw(Prisma.sql`...`)`, preserving all query logic and result mapping without functional impact.

Changes

Cohort / File(s) Summary
Prisma Query Wrapper Refactoring
apps/web/lib/api/groups/get-groups.ts		 Updated raw SQL query construction to use Prisma.sql tagged template wrapper for improved typing and consistency with Prisma best practices; SELECT, FROM, WHERE, LIMIT, and OFFSET clauses remain unchanged

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A query wrapped in Prisma's embrace,
Sql-tagged now in its proper place,
Same logic flows, but safer it seems,
With types aligned to our SQL dreams!

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Fix getGroups' is related to the changeset but lacks specificity about what the fix addresses.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix-get-groups
📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 078701f and 8429d7c.

📒 Files selected for processing (1)
  • apps/web/lib/api/groups/get-groups.ts
🧰 Additional context used
🧠 Learnings (2)
📓 Common learnings 
Learnt from: devkiran
Repo: dubinc/dub PR: 2735
File: apps/web/lib/api/groups/get-groups.ts:89-90
Timestamp: 2025-08-14T06:00:49.012Z
Learning: Prisma.sql template literals provide SQL injection protection through parameterized queries. Values interpolated with ${value} are properly escaped and parameterized, preventing SQL injection attacks. Wildcard behavior in LIKE search patterns is typically expected functionality, not a security vulnerability.
📚 Learning: 2025-10-28T19:17:44.390Z 
Learnt from: TWilson023
Repo: dubinc/dub PR: 2985
File: apps/web/app/(ee)/api/network/programs/[programSlug]/route.ts:32-37
Timestamp: 2025-10-28T19:17:44.390Z
Learning: In Prisma queries, the `include` clause is only used for relationships (one-to-one, one-to-many, many-to-many). Regular scalar fields, JSON fields, and other non-relational columns are automatically included in the query result and do not need to be specified in the `include` object.

Applied to files:

  • apps/web/lib/api/groups/get-groups.ts
🧬 Code graph analysis (1)
apps/web/lib/api/groups/get-groups.ts (2)
packages/prisma/index.ts (1)
  • prisma (3-9)
packages/prisma/client.ts (1)
  • Prisma (30-30)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: build
🔇 Additional comments (2)
apps/web/lib/api/groups/get-groups.ts (2)

22-79: LGTM! Proper use of Prisma.sql tagged template.

The refactoring from prisma.$queryRaw\...`toprisma.$queryRaw(Prisma.sql`...`)follows Prisma best practices and ensures proper type safety and SQL injection protection through parameterized queries. All conditional SQL fragments correctly usePrisma.sql` tagged templates.

Based on learnings, Prisma.sql template literals provide SQL injection protection through parameterized queries, and all interpolated values are properly handled.

77-77: The validation is already in place. The getGroupsQuerySchema in apps/web/lib/zod/schemas/groups.ts enforces strict enum validation for both fields:

  • sortBy is restricted to: ["createdAt", "totalPartners", "totalClicks", "totalLeads", "totalSales", "totalSaleAmount", "totalConversions", "totalCommissions"]
  • sortOrder is restricted to: ["asc", "desc"]

The use of Prisma.raw() is safe here because the schema's enum validation ensures only these predefined, safe values can reach the raw SQL, preventing SQL injection.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@devkiran devkiran requested a review from steven-tey December 24, 2025 17:16
@steven-tey steven-tey merged commit 49bf166 into main Dec 24, 2025
8 of 9 checks passed
@steven-tey steven-tey deleted the fix-get-groups branch December 24, 2025 18:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@steven-tey steven-tey steven-tey approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@devkiran @steven-tey