pop
/
vibed
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
quotesdb
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a7b2d6fd4e'
${ noResults }
vibed/quotesdb/.nbd/tickets/5d9f5a.md

53 lines
2.1 KiB
Markdown
Raw Blame History

+++
title = "Implement POST /api/quotes/:id — partial update, verify X-Auth-Code header, update updated_at"
priority = 5
status = "todo"
ticket_type = "task"
dependencies = ["a5049d", "d792e2", "175382"]
+++
<context>
The `quotesdb` API is built with Axum + Tokio, targeting Cloudflare Workers via `workers-rs`. It serves JSON at `/api/*` endpoints and persists data to Cloudflare D1 (production) or a local SQLite file via Turso (development). Source lives in `src/bin/api/`.
Shared types and utilities are in `src/lib.rs` — code placed there must compile for both the host target and `wasm32-unknown-unknown`.
`POST /api/quotes/:id` performs a partial update of a quote. The caller must provide the correct auth code via the `X-Auth-Code` request header. Only fields present in the request body are updated; absent fields are left unchanged. Optional fields (`source`, `date`) can be explicitly set to `null` to clear them.
</context>
<goal>
Implement the `POST /api/quotes/:id` handler:
1. Extract `:id` from the path
2. Verify the `X-Auth-Code` header matches the stored `auth_code` — return 403 on mismatch
3. Apply a partial UPDATE to the `quotes` row (only update supplied fields)
4. Update `updated_at` timestamp
5. If `tags` is present in the body, replace all tags for the quote
6. Return 200 with the updated quote
</goal>
<constraints>
- Return 404 if the quote ID does not exist.
- Return 403 (not 401) on auth code mismatch; do not reveal whether the ID exists to unauthenticated callers.
- Setting a field to `null` in the request body should clear it (for `source` and `date`).
- `updated_at` must be set to `CURRENT_TIMESTAMP` on every update.
</constraints>
<skills>
Use `superpowers:test-driven-development` — write tests for: valid auth 200, wrong auth 403, not found 404, partial update, null-to-clear.
Use `superpowers:verification-before-completion` before closing.
</skills>
<validation>
Run in order from the `quotesdb/` directory:
```sh
cargo fmt
cargo check
cargo clippy
cargo test
```
</validation>
<commit>
`feat(quotesdb): implement POST /api/quotes/:id — partial update with auth verification`
</commit>
Reference in New Issue View Git Blame Copy Permalink