feat: item management #46

Merged

addison merged 50 commits from feat/item-management into main 2025-12-27 05:07:19 -05:00

Conversation 0 Commits 50 Files changed 54 +2898 -368

addison commented 2025-12-26 06:36:47 -05:00

Owner

Copy link

No description provided.

addison added 31 commits 2025-12-26 06:36:47 -05:00

feat: add item form component with image compression and validation 7a29f2906f

chore: check off item creation form task 773cf8e2a1

feat: add item editor page with auth and ownership checks e50fbf34f2

chore: check off item editor page task 6d8db2f2f0

feat: add item card component and populate vendor profiles with items 7b2913fa7d

chore: update vendor profile task progress a04f80e188

feat: add items listing and detail pages with visibility filtering 606d8924de

chore: update item listing and search task progress b004388957

feat: add items management page and delete endpoint 9da6904479

fix: use middleware auth in manage items page 45279c5daa

docs: clarify auth pattern in Astro pages to avoid redundant checks 7212a17a52

fix: use middleware auth pattern in item creation and edit pages 1cbf7181b2

refactor: improvements 554058046b

refactor: FormContainer component c67a75edde

feat(ui): add IconButton component and use for image controls 99c899ecb9

fix(items): set user_id when creating items ... 2b313e4237

The RLS policy requires user_id to match the authenticated user. The API
route was not setting user_id in the insert, causing RLS violations.

Now the API fetches the user's profile ID from auth and includes it in
the item insert.

refactor(items): use get_user_by_auth_id RPC instead of direct query b5645b78cb

fix(items): redirect to /items/manage after creating new item 4702e0c66e

refactor(items/manage): simplify to bare-bones item list ... 1cb0cb9fd0

Remove image previews, status badges, and visibility labels. Keep only:
- Item title
- Type (buy/sell)
- Edit and Delete buttons

This is the MVP version. UI refinements will come later per spec.

fix(items/manage): use proper server client for authenticated queries ... 4a3c212dcc

Use createSupabaseServerClient which properly handles auth context via
cookies and headers, similar to other authenticated pages. This fixes
items not loading on /items/manage.

refactor(items/manage): use Button component instead of hand-made buttons ... bf568040e6

- Created DeleteItemButton component for client-side delete functionality
- Replaced all inline button HTML with Button component
- Uses variant system (primary, secondary, danger) for consistent styling

refactor(items/manage): use dialog for delete confirmation ... fd0642e55a

- Created ManageItemsPage component that wraps item list with DialogProvider
- DeleteItemButton now uses showConfirmation dialog instead of browser confirm
- Dialog shows proper title, message, and uses danger variant for delete action

fix(items/edit): use proper server client for authenticated queries ... 5cb9972e52

Use createSupabaseServerClient which properly handles auth context via
cookies and headers. This fixes 404 errors when trying to edit items.

docs(agents): document patterns and best practices from item management implementation ... 2caa37d5ad

- Always use createSupabaseServerClient for authenticated Astro pages
- Never create hand-made buttons or form elements - use existing components
- Check for existing patterns before implementing (components, utilities, similar pages)
- Use correct relative import paths
- Always use RPC functions when available instead of direct queries

fix(api): use dynamic route for item DELETE and PATCH endpoints ... 844ca0bb56

Create /api/items/[id].ts to handle dynamic routes for DELETE and PATCH.
Astro only routes static files automatically. Move DELETE and PATCH handlers
to the dynamic route file.

Also update ItemForm to use /api/items/{id} for PATCH requests and simplify
payload construction.

fix(items/manage): add client directive to Button component ... 6639283c48

React components in Astro templates need a client directive.
Add client:only="react" to the Button component.

fix(delete-item): add authorization header to DELETE request ... e2966faae0

DeleteItemButton was making requests without authentication.
Get session and pass Bearer token in Authorization header,
matching the pattern used in ItemForm.

refactor: refinement 98accd55e4

fix: wording 4ce139982e

docs: revise spec 7d50d3bd09

refactor: use database categories, fix item form, improve item display ... 4bccda64dd

- Fetch categories from Supabase instead of hardcoded values
- Add getAllCategoriesServer for Astro pages, getAllCategories for browser
- Fix price validation: only required for sell items, optional for buy (requests)
- Redirect both create and edit to item detail page
- Update item type labels: 'Selling' -> 'Offering', 'Buying' -> 'Request'
- Create stub item detail page at /items/[id]
- Update CategoryBadge and CategoryFilter to handle async categories
- Simplify categories tests to cover synchronous functions only

addison added 1 commit 2025-12-26 06:42:22 -05:00

refactor: convert ManageItemCard to Astro, merge ManageItemsPage into manage page ... cb4a4e8496

- Convert ManageItemCard from React to Astro (only delete action uses React)
- Merge ManageItemsPage logic directly into /items/manage.astro page
- Render ManageItemCard grid and empty state in Astro template
- Remove React wrapper component, simplify component tree

addison added 1 commit 2025-12-26 06:43:53 -05:00

fix: revert to React ManageItemsPage with DialogProvider for context ... f849e4f88c

- Revert ManageItemCard to React component
- Recreate ManageItemsPage as React component wrapping everything in DialogProvider
- Dialog context (useDialog) must be in same React tree as DeleteItemButton
- Fix 'useDialog must be used within DialogProvider' error

addison added 1 commit 2025-12-26 17:28:15 -05:00

fix(search): escape SQL LIKE special characters in search query 73846c356c

addison added 2 commits 2025-12-26 17:38:09 -05:00

fix(validation): use database to validate categories instead of hardcoded list b4874661d8

fix(search): use parameterized RPC function for safe item search ... 934d9b39a4

- Add search_items() RPC function with proper parameter binding
- Replace manual PostgREST query building with RPC call
- Separate image fetching from search
- Add TypeScript types for search results
- Fix form DOM element type errors
- Use onkeyup instead of deprecated onkeypress

addison added 1 commit 2025-12-26 17:38:56 -05:00

fix(validation): add title/description length validation to API routes fccf56edb3

addison added 1 commit 2025-12-26 17:51:21 -05:00

fix(items): clean up storage files on deletion and use event listeners ... 610620103a

- Delete item images from storage before deleting item record
- Extract path from storage URL and remove files via API
- Continue with item deletion if storage cleanup fails
- Replace inline event handlers with addEventListener for proper ESLint detection

addison added 1 commit 2025-12-26 18:25:09 -05:00

fix: address REVIEW.md issues #7-15 for item management ... c6d05825d8

- Issue #7: Add user-facing error state and loading indicator to DeleteItemButton
- Issue #4: Add database trigger to enforce 5 image limit per item
- Issue #10: Replace createServerClient with createSupabaseServerClient in items.astro
- Issue #8: Extract ItemWithImage type to shared src/lib/types.ts
- Issue #9: Remove unused id prop from ItemCard.astro
- Issue #11: Verified ManageItemCard properly uses id prop
- Issue #12: Improve ItemForm abort controller to properly handle image upload cleanup
- Issue #13: Fix image preview race condition using fileIndex instead of array length
- Issue #14: Remove 'use client' directive from ItemForm.tsx (not needed in Astro)
- Issue #15: Add server-side validation for image URLs in API route

addison added 7 commits 2025-12-27 04:43:38 -05:00

docs: update REVIEW.md - all 15 issues resolved ... a5eba39334

Mark all items as FIXED and provide implementation details for each issue.
Update security summary to reflect completed fixes.
Add implementation summary organized by issue category.

fix: store relative image paths and construct URLs dynamically ... 61fc6a9256

- Update /api/items/images to extract and store relative paths instead of full URLs
- Add getPublicImageUrl() helper to construct public URLs from relative paths
- Update items.astro and v/[vendor_id].astro to convert paths to URLs when rendering
- Allows seed data and API to use relative paths for environment-agnostic storage

fix: convert relative image paths to full URLs in manage items page 073b19d2e4

feat: use signed URLs for item images instead of public URLs a4aa82156f

fix: use signed URLs in item edit page image preview 5f8d11f1f3

fix: pass cookieHeader to signed URL functions for RLS auth context ... d3405cfab1

- Update getItemImageSignedUrls() to accept and use cookieHeader parameter
- Pass cookieHeader in manage.astro and [id]/edit.astro when generating signed URLs
- Update ManageItemsPage to accept imageUrl directly instead of item_image array
- Remove imageUrl extraction logic from component, now handled server-side
- Remove unused getItemImageUrlForDisplay() function
- Update AGENTS.md with guidance on server-side functions requiring auth context
- Remove debug console.log from index.astro
- Add supabase/snippets/ to .gitignore

Amp-Thread-ID: https://ampcode.com/threads/T-019b5f1e-8284-7261-a286-a8ecaf86bf68
Co-authored-by: Amp <amp@ampcode.com>

refactor: use ItemWithImage type in manage page ... 4ea7e2b93d

- Import ItemWithImage from lib/types instead of defining ItemData
- Use consistent image_url property naming
- Remove unused getItemImageSignedUrl wrapper function
- Simplify ManageItemsPage component prop typing

addison added 1 commit 2025-12-27 04:55:10 -05:00

refactor(categories): unify client pattern and remove unused functions ... 6d90e59544

- Create getAllCategoriesWithClient() to work with any Supabase client instance
- Replace getAllCategoriesServer() with direct calls to getAllCategoriesWithClient(supabase)
- Create isValidCategoryIdWithClient() to reuse getAllCategoriesWithClient()
- Remove getCategoryById, getCategoryName, formatCategoryFilters, and CategoryId type
- Update CategoryBadge to use getAllCategories() with find()
- Fix 'Invalid category' error in POST /api/items by using isValidCategoryIdWithClient()
- Remove categories.test.ts (tested only unused formatCategoryFilters)

This consolidates category validation logic and eliminates duplicate query code across server and client contexts.

addison added 1 commit 2025-12-27 04:59:25 -05:00

fix(api): use isValidCategoryIdWithClient in PATCH /api/items/[id] 1b9ea33be1

addison added 2 commits 2025-12-27 05:07:06 -05:00

docs: updates 45c468af94

refactor: clean up f8be6a7db2

addison merged commit 55e760c80e into main 2025-12-27 05:07:19 -05:00

addison referenced this pull request from a commit 2025-12-27 05:07:19 -05:00

feat: item management (#46)

addison deleted branch feat/item-management 2025-12-27 05:07:19 -05:00

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

kwila/market!46

No description provided.