Feature: /dashboard/inspect/sandbox/$sandboxId#141
Conversation
…ogic - Introduced `MinimalTeam` interface to streamline team data handling. - Updated `searchSandboxInTeams` and related functions to utilize the new structure. - Improved team discovery process by fetching teams directly with `supabaseAdmin`. - Enhanced README documentation to reflect changes in team data retrieval and architecture.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
…esolver URLs for sandbox inspection
…esolve-slug-and-e2b-2977
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ef0110678b
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| */ | ||
|
|
||
| import { SUPABASE_AUTH_HEADERS } from '@/configs/api' | ||
| import { COOKIE_KEYS } from '@/configs/keys' |
There was a problem hiding this comment.
This route imports COOKIE_KEYS from @/configs/keys, but that file only defines KV/SWR keys; cookie constants are defined in src/configs/cookies.ts. Because this handler later reads COOKIE_KEYS.SELECTED_TEAM_ID, the resolver cannot load correctly and /dashboard/inspect/sandbox/:sandboxId becomes unusable in production builds.
Useful? React with 👍 / 👎.
| import { supabaseAdmin } from '@/lib/clients/supabase/admin' | ||
| import { createClient } from '@/lib/clients/supabase/server' | ||
| import { SandboxIdSchema } from '@/lib/schemas/api' | ||
| import { SandboxInfo } from '@/types/api' |
There was a problem hiding this comment.
SandboxInfo is imported from @/types/api, but this repository exposes that type from src/types/api.types.ts (other files already import @/types/api.types). Keeping this path will cause module resolution/type-check failures for the new resolver and block shipping this route.
Useful? React with 👍 / 👎.
| const teamSlug = searchResult.team.slug | ||
|
|
||
| const redirectUrl = new URL( | ||
| PROTECTED_URLS.SANDBOX_INSPECT(teamSlug, sandboxId), |
There was a problem hiding this comment.
The redirect target is built from searchResult.team.slug directly, so if a team has an empty slug (an edge case already handled elsewhere in this codebase with slug || id), this route generates /dashboard//sandboxes/.../inspect and persists an invalid team slug state. Falling back to team.id here avoids broken redirects for those users.
Useful? React with 👍 / 👎.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
src/app/dashboard/(resolvers)/inspect/sandbox/[sandboxId]/route.ts
Outdated
Show resolved
Hide resolved
src/app/dashboard/(resolvers)/inspect/sandbox/[sandboxId]/route.ts
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
src/app/dashboard/(resolvers)/inspect/sandbox/[sandboxId]/route.ts
Outdated
Show resolved
Hide resolved
ben-fornefeld
deleted the
feature-dashboardinspectsandboxid-route-to-resolve-slug-and-e2b-2977
branch
3 participants
Note
Medium Risk
Adds a new authenticated resolver endpoint that queries team membership and calls the infra API, so redirect/cookie behavior and authorization checks could impact user navigation or leak access if mis-validated.
Overview
Adds a new resolver route
GET /dashboard/inspect/sandbox/[sandboxId]that validatessandboxId, requires an authenticated Supabase user/session, fetches the user’s teams, then probes the infra API to find which team owns the sandbox (preferring the cookie-selected team) and redirects toPROTECTED_URLS.SANDBOX_INSPECTwhile updating team-selection cookies.Introduces
SandboxIdSchema(zod) for strict lowercase-alphanumeric + length validation, addsRESOLVER_URLS.INSPECT_SANDBOX, and includes a comprehensive Vitest integration suite covering validation/security cases, auth/session failures, team search/early-exit behavior, cookie updates, and error handling.Written by Cursor Bugbot for commit b815dd5. This will update automatically on new commits. Configure here.