Members logic

[shrutiiiyet]

Summary by CodeRabbit

• New Features

  • Introduced comprehensive member management APIs for creation, approval, updates, and fetching achievements, projects, and interviews.
  • Added member profile photo upload support with file size limits and public URL handling.
  • Implemented admin verification for membership approval processes.
  • Added middleware for handling Supabase file uploads in member routes.

• Improvements

  • Renamed and added environment variables for improved configuration flexibility.
  • Switched Supabase integration to use a service role key.
  • Enhanced file upload handling with size restrictions.

• Chores

  • Added UUID-related dependencies.
  • Updated example environment configuration for clarity and new variables.

[coderabbitai]

Walkthrough

This update introduces comprehensive member management features, including new controllers, services, and routes for handling members, achievements, projects, and profile photo uploads. It also refines Supabase integration by switching to service role keys, updates environment and Prisma configurations, and manages database schema changes related to the member password field.

Changes

File(s)	Change Summary
.env.example, prisma/schema.prisma, src/config/index.ts, src/app.ts	Updated environment variable names; switched Supabase key usage; adjusted Prisma datasource config.
package.json	Added uuid, @types/uuid, and ts-node to dependencies; formatted scripts section.
prisma/migrations/.../migration.sql (2 files)	Added and then dropped the password column in the Member table.
src/controllers/member.controller.ts, src/controllers/supabase.controller.ts	Added new controllers for member operations and Supabase file upload middleware.
src/db/client.ts	Simplified PrismaClient export to single-line declaration and export.
src/routes/index.ts	Uncommented and re-enabled members and projects routers with upload and Supabase middleware.
src/routes/members.ts	Added a new router with detailed member-related API endpoints and documentation.
src/services/member.service.ts, src/services/upload.service.ts	Implemented member service functions and image upload to Supabase storage.
src/utils/apiError.ts	Minor code style change in error handler (explicit message key in response object).

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant ExpressRouter
    participant MemberController
    participant MemberService
    participant PrismaClient
    participant SupabaseClient
    participant UploadService

    Client->>ExpressRouter: POST /members (with profile photo)
    ExpressRouter->>MemberController: createAMember / uploadProfilePicture
    MemberController->>MemberService: createMember(...)
    MemberService->>PrismaClient: Create Member & Account
    MemberService-->>MemberController: Member created
    MemberController->>UploadService: uploadImage(...)
    UploadService->>SupabaseClient: Upload image to storage
    SupabaseClient-->>UploadService: Public image URL
    UploadService-->>MemberController: Image URL
    MemberController->>PrismaClient: Update Member profilePhoto
    MemberController-->>ExpressRouter: JSON response
    ExpressRouter-->>Client: Success/Error JSON

Loading

Suggested reviewers

• Harish-Naruto
• i-am-that-guy

Poem

🐇
New members join, their stories unfold,
With photos and projects, their journeys retold.
Supabase keys now guarded with care,
Prisma and routes, a fresh breath of air.
Uploads and errors, all handled with cheer—
The warren grows stronger, with every new peer!

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 17

🔭 Outside diff range comments (2)

prisma/migrations/20250715212622_added_password_field/migration.sql (1)

1-9: Redundant migration — adds a column only to be removed in the very next migration

This migration adds password as NOT NULL, immediately followed by 20250716075628_ which drops it.
Running both sequentially in production will cause unnecessary downtime and, worse, fail if the table already contains rows because the NOT NULL addition can’t succeed.

Consider squashing or deleting both migrations (or the second one) before shipping to keep the history clean and avoid deploy failures.

src/app.ts (1)

22-22: Validate ALLOWED_ORIGINS split operation.

The code assumes ALLOWED_ORIGINS is a comma-separated string, but there's no validation if the environment variable is undefined or malformed.

-  origin: config.ALLOWED_ORIGINS.split(','),
+  origin: config.ALLOWED_ORIGINS ? config.ALLOWED_ORIGINS.split(',') : ['*'],

This prevents runtime errors if the environment variable is not set.

♻️ Duplicate comments (2)

prisma/migrations/20250716075628_/migration.sql (1)

1-9: Dropping freshly-added password column — verify intent

This script irreversibly deletes any password data created by the prior migration.
Unless you’ve already reverted that rollout, merge-time execution will:

1. Apply ADD COLUMN "password" TEXT NOT NULL
2. Immediately DROP COLUMN "password"

Result: service interruption plus wasted migration time.

Ensure the project truly no longer relies on the column and eliminate the flip-flop sequence as noted in the previous comment.

src/app.ts (1)

15-15: Consistent with previous service role key concerns.

The service role key usage here aligns with the configuration change, but the same security concerns apply.

Refer to the security considerations raised in src/config/index.ts regarding service role key usage.

🧹 Nitpick comments (18)

src/utils/apiError.ts (1)

41-44: Prefer shorthand property assignment for conciseness

message: message can be reduced to the object-literal shorthand message, matching the surrounding style and keeping the payload terse.

   const responseBody: ErrorResponse = {
     error: true,
-    message: message
+    message
   }

src/db/client.ts (1)

1-2: Guard against multiple PrismaClient instances in serverless/hot-reload scenarios

Node’s module cache usually protects you, but in serverless environments (Vercel, Netlify functions, etc.) or under ts-node watch mode multiple instances can exhaust the Postgres connection limit.

Typical pattern:

-import { PrismaClient } from "../generated/prisma";
-export const prisma = new PrismaClient();
+import { PrismaClient } from "../generated/prisma";
+
+declare global {
+  // eslint-disable-next-line no-var
+  var prisma: PrismaClient | undefined;
+}
+
+export const prisma =
+  global.prisma ??
+  new PrismaClient({
+    log: ['query', 'info', 'warn', 'error'],
+  });
+
+if (process.env.NODE_ENV !== 'production') global.prisma = prisma;

Adopt this guard if you deploy to environments that spin up on every request.

.env.example (3)

8-8: Remove extra blank line.

Static analysis detected an unnecessary blank line that should be removed for consistency.

-
-
+

---

9-9: Fix formatting issues with PORT variable.

The PORT variable has spacing issues and trailing whitespace that should be corrected.

-PORT= 
+PORT=

---

11-12: Fix variable ordering and NODE_ENV format.

Multiple formatting issues need to be addressed:

1. Variables should be in alphabetical order
2. NODE_ENV is missing an equals sign and value
3. Missing blank line at end of file

-ALLOWED_ORIGINS=
-NODE_ENV
+ALLOWED_ORIGINS=
+NODE_ENV=
+

Consider reordering variables alphabetically: ALLOWED_ORIGINS, NODE_ENV, PORT.

src/routes/index.ts (2)

13-13: Remove commented code or add explanation.

The projects router is commented out without explanation. Either remove this line entirely or add a comment explaining why it's disabled.

-  //router.use('/projects', projectsRouter(upload, supabase))

If projects functionality is being developed, consider adding a TODO comment with context.

---

16-18: Remove unnecessary blank lines.

Multiple consecutive blank lines should be reduced to maintain consistent formatting.

-

-

-
+

src/services/upload.service.ts (2)

36-36: Review the use of upsert: true for potential unintended overwrites.

The upsert: true option will overwrite existing files at the same path. Since you're using UUID filenames, this shouldn't happen in practice, but consider if this behavior is intended.

If overwrites are not intended, consider removing the upsert option:

-      upsert: true,

---

15-54: Consider adding file size validation for better error handling.

The function doesn't validate file size, which could lead to large uploads failing at the storage level. Consider adding size validation early in the process.

export async function uploadImage(
  supabase: SupabaseClient,
  file: MulterFile,
  folder: string
): Promise<string> {
+  // Validate file size (e.g., 5MB limit)
+  const maxSize = 5 * 1024 * 1024; // 5MB
+  if (file.size > maxSize) {
+    throw new ApiError('File size exceeds 5MB limit', 400)
+  }
+
  // 1) Determine file extension

src/controllers/supabase.controller.ts (1)

11-30: Remove commented code or move to documentation.

The commented example code should be removed from the source file or moved to proper documentation to keep the codebase clean.

Consider removing the commented code blocks and creating proper documentation instead.

src/routes/members.ts (1)

3-3: Remove unused import - supabase is passed as parameter.

The supabase import from '../app' is unused since the supabase client is passed as a parameter to the membersRouter function.

-import { supabase } from '../app';

src/controllers/member.controller.ts (4)

5-5: Remove unused import - supabase is passed as parameter.

The supabase import from '../app' is unused in the uploadProfilePicture function since it's passed as a parameter.

-import { supabase } from '../app';

---

48-48: Fix typo in success message.

There's a typo in "succesfully" - should be "successfully".

-  res.status(200).json({success: true, message:"Updated member details succesfully"});
+  res.status(200).json({success: true, message:"Updated member details successfully"});

---

108-108: Fix typo in success message.

There's a typo in "succesfully" - should be "successfully".

-    res.status(200).json({success: true, message: "Image uploaded succesfully"});
+    res.status(200).json({success: true, message: "Image uploaded successfully"});

---

65-65: Remove debug console.log statement.

Console.log statements should not be present in production code.

    const update = await memberService.approveRequest(isApproved, adminId, memberId);
-    console.log(update);
    res.status(200).json({success :true, update, message: "Approve Request Checked"});

src/services/member.service.ts (3)

77-77: Remove unused destructuring of name field.

The name field is destructured but never used in the function.

-    const { name, ...rest } = payload
+    const { ...rest } = payload

Or if name needs special handling:

-    const { name, ...rest } = payload
+    const { name, ...rest } = payload
+    
+    if (name !== undefined) {
+        // Add name validation/processing logic here
+    }

---

107-107: Remove debug console.log statement.

Console.log statements should not be present in production code.

    const admin = await checkAdmin(adminId);
-    console.log(admin);

---

88-90: Improve undefined filtering logic.

The current filtering logic could be more explicit and type-safe.

-    const dataToUpdate = Object.fromEntries(
-        Object.entries(rest).filter(([_, v]) => v !== undefined)
-    );
+    const dataToUpdate = Object.fromEntries(
+        Object.entries(rest).filter(([_, value]) => value !== undefined && value !== null)
+    );

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3e8c0d7 and 223a285.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (15)

• .env.example (1 hunks)
• package.json (2 hunks)
• prisma/migrations/20250715212622_added_password_field/migration.sql (1 hunks)
• prisma/migrations/20250716075628_/migration.sql (1 hunks)
• prisma/schema.prisma (1 hunks)
• src/app.ts (2 hunks)
• src/config/index.ts (1 hunks)
• src/controllers/member.controller.ts (1 hunks)
• src/controllers/supabase.controller.ts (1 hunks)
• src/db/client.ts (1 hunks)
• src/routes/index.ts (1 hunks)
• src/routes/members.ts (1 hunks)
• src/services/member.service.ts (1 hunks)
• src/services/upload.service.ts (1 hunks)
• src/utils/apiError.ts (1 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (5)

src/services/upload.service.ts (2)

src/app.ts (1)

• supabase (13-16)

src/utils/apiError.ts (1)

• ApiError (7-18)

src/routes/members.ts (2)

src/app.ts (1)

• supabase (13-16)

src/controllers/supabase.controller.ts (1)

• injectSupabase (5-9)

src/controllers/supabase.controller.ts (2)

src/app.ts (1)

• supabase (13-16)

src/controllers/member.controller.ts (1)

• uploadProfilePicture (99-109)

src/services/member.service.ts (2)

src/db/client.ts (1)

• prisma (2-2)

src/utils/apiError.ts (1)

• ApiError (7-18)

src/controllers/member.controller.ts (4)

src/utils/apiError.ts (1)

• ApiError (7-18)

src/services/member.service.ts (1)

• unapprovedMembers (98-102)

src/app.ts (1)

• supabase (13-16)

src/services/upload.service.ts (1)

• uploadImage (15-54)

🪛 dotenv-linter (3.3.0)

.env.example

[warning] 8-8: [ExtraBlankLine] Extra blank line detected

---

[warning] 9-9: [SpaceCharacter] The line has spaces around equal sign

---

[warning] 9-9: [TrailingWhitespace] Trailing whitespace detected

---

[warning] 11-11: [UnorderedKey] The ALLOWED_ORIGINS key should go before the PORT key

---

[warning] 12-12: [EndingBlankLine] No blank line at the end of the file

---

[warning] 12-12: [KeyWithoutValue] The NODE_ENV key should be with a value or have an equal sign

---

[warning] 12-12: [UnorderedKey] The NODE_ENV key should go before the PORT key

🔇 Additional comments (3)

prisma/schema.prisma (1)

12-16: Double-check environment variable alignment

url still reads from DATABASE_URL while directUrl now references SUPABASE_URL.
If the intention is to deprecate DATABASE_URL, update both fields (or keep them in sync) to avoid the ORM using two different connection strings.

package.json (1)

45-46: UUID dependencies look appropriate for file upload functionality.

The addition of uuid and @types/uuid is well-suited for generating unique filenames in the upload functionality.

Also applies to: 52-53

src/app.ts (1)

32-35: File upload configuration is well-implemented.

The multer configuration with memory storage and 5MB limit is appropriate for profile photo uploads. The size limit prevents abuse while accommodating reasonable image sizes.

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (1)

package.json (1)

10-14: Scripts section still misses core workflows

Previous review already requested dev, build, start, lint, format, etc. You’ve added apidoc, which is great, but the essential run/build scripts are still absent, forcing contributors to guess commands. Re-add the suggested baseline scripts or explain the chosen alternative.

🧹 Nitpick comments (1)

src/routes/index.ts (1)

5-6: Consider removing excessive empty lines.

Multiple consecutive empty lines can impact code readability. Consider reducing them to single empty lines where appropriate.

-

-


+

Also applies to: 16-18

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 223a285 and 2a5cccd.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (4)

• package.json (3 hunks)
• src/app.ts (2 hunks)
• src/db/client.ts (1 hunks)
• src/routes/index.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• src/app.ts
• src/db/client.ts

🧰 Additional context used

🪛 Biome (1.9.4)

package.json

[error] 60-60: The key ts-node was already declared.

This where a duplicated key was declared again.

If a key is defined multiple times, only the last definition takes effect. Previous definitions are ignored.

(lint/suspicious/noDuplicateObjectKeys)

🪛 GitHub Actions: Run Tests

package.json

[error] 62-62: ParserError parsing package.json: Syntax errors at line 62 including unexpected token and unexpected comma near "ts-jest": "^29.4.0".

🔇 Additional comments (1)

src/routes/index.ts (1)

12-12: LGTM! Members router activation aligns with PR objectives.

The uncommenting of the members router correctly enables the member management functionality as intended by the PR objectives.

[coderabbitai]

Actionable comments posted: 3

🔭 Outside diff range comments (1)

package.json (1)

58-70: 🚨 Invalid JSON + duplicated keys break the build

– Missing comma after the newly-added "uuid" entry
– ts-jest is now inside dependencies but should stay in devDependencies
– ts-node appears twice (line 67 & line 70), violating JSON object key uniqueness

The pipeline is already failing to parse the file – fix immediately:

@@
-    "@types/uuid": "^10.0.0",
@@
-    "multer": "^2.0.1",
-    "ts-node": "^10.9.2",
-    "uuid": "^11.1.0"
-    "ts-jest": "^29.4.0",
-    "ts-node": "^10.9.2"
+    "multer": "^2.0.1",
+    "uuid": "^11.1.0",
+
+    // --- ⬇ leave **runtime** deps only below this line ---
+    // (no ts-node / ts-jest / @types/* here)
 }
+
+// move to devDependencies (below):
+//   "ts-jest": "^29.4.0",
+//   "ts-node": "^10.9.2",
+//   "@types/uuid": "^10.0.0",

Then append the three moved items into the existing "devDependencies" block (sorted alphabetically if you wish).
This restores valid JSON and aligns packages with their correct scopes.

♻️ Duplicate comments (2)

package.json (1)

67-67: ts-node duplicate was already flagged earlier

Same issue re-introduced here; please remove it from "dependencies" and keep a single entry under "devDependencies" only.

.env.example (1)

9-9: (repeat) Document service-role key security implications.
The service-role key grants superuser access; the file still lacks the required warning and handling guidance flagged in the previous review.

🧹 Nitpick comments (1)

.env.example (1)

8-8: Strip the trailing space and provide an example default for PORT.
The extra space breaks some dotenv loaders and may lead to an empty value at runtime.

-PORT= 
+PORT=3000

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2a5cccd and ad6fb9d.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (3)

• .env.example (1 hunks)
• package.json (3 hunks)
• prisma/schema.prisma (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• prisma/schema.prisma

🧰 Additional context used

🪛 dotenv-linter (3.3.0)

.env.example

[warning] 8-8: [SpaceCharacter] The line has spaces around equal sign

---

[warning] 8-8: [TrailingWhitespace] Trailing whitespace detected

---

[warning] 10-10: [UnorderedKey] The ALLOWED_ORIGINS key should go before the PORT key

---

[warning] 11-11: [KeyWithoutValue] The NODE_ENV key should be with a value or have an equal sign

---

[warning] 11-11: [UnorderedKey] The NODE_ENV key should go before the PORT key

🪛 Biome (1.9.4)

package.json

[error] 67-67: The key ts-node was already declared.

This where a duplicated key was declared again.

If a key is defined multiple times, only the last definition takes effect. Previous definitions are ignored.

(lint/suspicious/noDuplicateObjectKeys)

🪛 GitHub Actions: Run Tests

package.json

[error] 69-69: ParserError parsing package.json: Expected "," but found "ts-jest"; Expected string but found ":"; Expected " =" but found "^29.4.0"; Unexpected comma at line 69.

[coderabbitai]

🛠️ Refactor suggestion

Move @types/uuid to devDependencies

Type declaration packages are not needed at runtime; shift them alongside your other @types/* devDeps to reduce production image size.

🤖 Prompt for AI Agents

In package.json at line 58, move the "@types/uuid" dependency from
"dependencies" to "devDependencies" because type declaration packages are only
needed during development and not at runtime. This change will help reduce the
production image size by excluding unnecessary packages.

[coderabbitai]

⚠️ Potential issue

NODE_ENV key is malformed (missing =).
Without an equals sign the variable is ignored, which can force the app into production defaults unexpectedly.

-NODE_ENV
+NODE_ENV=development

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	NODE_ENV
	# .env.example (around line 11)
	-NODE_ENV
	+NODE_ENV=development

🧰 Tools

🪛 dotenv-linter (3.3.0)

[warning] 11-11: [KeyWithoutValue] The NODE_ENV key should be with a value or have an equal sign

---

[warning] 11-11: [UnorderedKey] The NODE_ENV key should go before the PORT key

🤖 Prompt for AI Agents

In the .env.example file at line 11, the NODE_ENV environment variable is
missing an equals sign, making it malformed and ignored by the app. Add an
equals sign after NODE_ENV, for example, NODE_ENV=development, to properly
define the variable and avoid unintended production defaults.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Confirm downstream consumers are updated to use SUPABASE_URL.

DATABASE_URL appears to have been replaced with SUPABASE_URL. Double-check every reference in the codebase, CI workflow files, and deployment manifests to avoid broken connections.

Run:

---

🏁 Script executed:

#!/bin/bash
# Ensure no stale `DATABASE_URL` references remain.
rg -n $'DATABASE_URL' || echo "✅ No occurrences"

Length of output: 211

---

Update all remaining DATABASE_URL references to SUPABASE_URL

We ran rg -n DATABASE_URL and found these occurrences that need updating:

• README.md (line 11)
  Update the .env description to mention SUPABASE_URL instead of DATABASE_URL.

• prisma/schema.prisma (line 11)
  Change

  - url       = env("DATABASE_URL")
  + url       = env("SUPABASE_URL")

• src/config/index.ts (line 3)
  Change

  - DATABASE_URL: process.env.DATABASE_URL!,
  + SUPABASE_URL: process.env.SUPABASE_URL!,

After making these updates, please also verify any CI workflows and deployment manifests for leftover DATABASE_URL references.

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In the .env.example file at line 3 and related files, update all references from
DATABASE_URL to SUPABASE_URL. Specifically, modify README.md at line 11 to
describe SUPABASE_URL instead of DATABASE_URL, change the datasource URL in
prisma/schema.prisma at line 11 to use SUPABASE_URL, and update the import or
usage in src/config/index.ts at line 3 accordingly. Also, review CI workflows
and deployment manifests to replace any remaining DATABASE_URL references with
SUPABASE_URL to ensure consistency.