fix(cache): address code review issues

- Add authentication to /api/cache/entries (GET and DELETE)
- Add authentication to /api/cache (GET and DELETE)
- Validate trendHours: clamp to 1-720 range
- Fix estimatedCostSaved bug: use calculated value instead of hardcoded 0
This commit is contained in:
oyi77
2026-03-31 04:03:54 +07:00
parent f99c90dc85
commit 5437d691b5
3 changed files with 21 additions and 2 deletions
+9
View File
@@ -1,5 +1,6 @@
import { NextRequest, NextResponse } from "next/server";
import { getDbInstance } from "@/lib/db/core";
import { isAuthenticated } from "@/shared/utils/apiAuth";
interface CacheEntry {
id: string;
@@ -12,6 +13,10 @@ interface CacheEntry {
}
export async function GET(req: NextRequest) {
if (!(await isAuthenticated(req))) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
try {
const { searchParams } = new URL(req.url);
const page = Math.max(1, parseInt(searchParams.get("page") || "1", 10));
@@ -71,6 +76,10 @@ export async function GET(req: NextRequest) {
}
export async function DELETE(req: NextRequest) {
if (!(await isAuthenticated(req))) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
try {
const { searchParams } = new URL(req.url);
const signature = searchParams.get("signature");
+11 -1
View File
@@ -9,15 +9,21 @@ import {
} from "@/lib/semanticCache";
import { getIdempotencyStats } from "@/lib/idempotencyLayer";
import { getCacheMetrics, getCacheTrend } from "@/lib/db/settings";
import { isAuthenticated } from "@/shared/utils/apiAuth";
function errorMessage(error: unknown): string {
return error instanceof Error ? error.message : String(error);
}
export async function GET(req: NextRequest) {
if (!(await isAuthenticated(req))) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
try {
const { searchParams } = new URL(req.url);
const trendHours = parseInt(searchParams.get("trendHours") || "24", 10);
const rawHours = parseInt(searchParams.get("trendHours") || "24", 10);
const trendHours = Math.min(720, Math.max(1, Number.isNaN(rawHours) ? 24 : rawHours));
const cacheStats = getCacheStats();
const idempotencyStats = getIdempotencyStats();
@@ -36,6 +42,10 @@ export async function GET(req: NextRequest) {
}
export async function DELETE(req: NextRequest) {
if (!(await isAuthenticated(req))) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
try {
const { searchParams } = new URL(req.url);
const model = searchParams.get("model");
+1 -1
View File
@@ -630,7 +630,7 @@ export async function getCacheMetrics() {
totalCachedTokens: totalsRow?.totalCachedTokens || 0,
totalCacheCreationTokens: totalsRow?.totalCacheCreationTokens || 0,
tokensSaved,
estimatedCostSaved: 0, // Would need pricing data to calculate
estimatedCostSaved,
byProvider,
byStrategy,
lastUpdated: new Date().toISOString(),