Merge pull request #38 from ITSEC-Research/yoko-dev

feat: improve request handling with abort-aware error management and enhance user preferences UI/UX

Author: yokokho

app/api/domain-recon/credentials/route.ts

@@ -1,14 +1,21 @@
 import { NextRequest, NextResponse } from "next/server"
 import { executeQuery as executeClickHouseQuery } from "@/lib/clickhouse"
 import { validateRequest } from "@/lib/auth"
+import { throwIfAborted, getRequestSignal, handleAbortError } from "@/lib/api-helpers"
 
 export async function POST(request: NextRequest) {
+  // ✅ Check abort VERY EARLY - before validateRequest
+  throwIfAborted(request)
+  
   const user = await validateRequest(request)
   if (!user) {
     return NextResponse.json({ success: false, error: "Unauthorized" }, { status: 401 })
   }
 
   try {
+    // Check if request was aborted early
+    throwIfAborted(request)
+    
     const body = await request.json()
     const { targetDomain, filters, pagination, searchQuery, searchType = 'domain' } = body
 
@@ -27,8 +34,17 @@ export async function POST(request: NextRequest) {
     }
     console.log("🚀 API Called (Optimized):", logData)
 
+    // Get signal for passing to database queries
+    const signal = getRequestSignal(request)
+
+    // Check abort before expensive operations
+    throwIfAborted(request)
+
     // Call the new data getter function
-    const credentialsData = await getCredentialsDataOptimized(cleanDomain, filters, pagination, searchQuery, searchType, body.keywordMode)
+    const credentialsData = await getCredentialsDataOptimized(cleanDomain, filters, pagination, searchQuery, searchType, body.keywordMode, signal)
+    
+    // Check abort after operations
+    throwIfAborted(request)
 
     return NextResponse.json({
       success: true,
@@ -39,6 +55,13 @@ export async function POST(request: NextRequest) {
     })
 
   } catch (error) {
+    // Handle abort errors gracefully
+    const abortResponse = handleAbortError(error)
+    if (abortResponse) {
+      return abortResponse
+    }
+    
+    // Handle other errors
     console.error("❌ Error in credentials API:", error)
     return NextResponse.json(
       { error: "Failed to get credentials data", details: error instanceof Error ? error.message : "Unknown error" },
@@ -53,7 +76,8 @@ async function getCredentialsDataOptimized(
   pagination?: any,
   searchQuery?: string,
   searchType: 'domain' | 'keyword' = 'domain',
-  keywordMode: 'domain-only' | 'full-url' = 'full-url'
+  keywordMode: 'domain-only' | 'full-url' = 'full-url',
+  signal?: AbortSignal
 ) {
   // SECURITY: Validate and sanitize pagination parameters
   const page = Math.max(1, Math.floor(Number(pagination?.page)) || 1)
@@ -192,7 +216,7 @@ async function getCredentialsDataOptimized(
     `
   }
 
-  const countResult = (await executeClickHouseQuery(countQuery, params)) as any[]
+  const countResult = (await executeClickHouseQuery(countQuery, params, signal)) as any[]
   const total = countResult[0]?.total || 0
 
   // ==========================================
@@ -237,7 +261,7 @@ async function getCredentialsDataOptimized(
 
   console.log("📊 Data Query Executing with PREWHERE...")
 
-  const data = (await executeClickHouseQuery(dataQuery, params)) as any[]
+  const data = (await executeClickHouseQuery(dataQuery, params, signal)) as any[]
 
   return {
     data: data.map((row: any) => ({

app/api/domain-recon/overview/route.ts

@@ -1,6 +1,7 @@
 import { NextRequest, NextResponse } from "next/server"
 import { executeQuery as executeClickHouseQuery } from "@/lib/clickhouse"
 import { validateRequest } from "@/lib/auth"
+import { throwIfAborted, getRequestSignal, handleAbortError } from "@/lib/api-helpers"
 
 /**
  * Build WHERE clause for domain matching (ClickHouse version)
@@ -56,19 +57,28 @@ function buildKeywordWhereClause(keyword: string, mode: 'domain-only' | 'full-ur
 }
 
 export async function POST(request: NextRequest) {
+  // ✅ Check abort VERY EARLY - before validateRequest
+  throwIfAborted(request)
+  
   const user = await validateRequest(request)
   if (!user) {
     return NextResponse.json({ success: false, error: "Unauthorized" }, { status: 401 })
   }
 
   try {
+    // Check if request was aborted early
+    throwIfAborted(request)
+    
     const body = await request.json()
     const { targetDomain, timelineGranularity, searchType = 'domain', type } = body
 
     if (!targetDomain || typeof targetDomain !== 'string') {
       return NextResponse.json({ error: "targetDomain is required" }, { status: 400 })
     }
 
+    // Get signal for passing to database queries
+    const signal = getRequestSignal(request)
+
     let whereClause = ''
     let params: Record<string, string> = {}
 
@@ -97,17 +107,28 @@ export async function POST(request: NextRequest) {
     // ============================================
 
     if (type === 'stats') {
+      // Check abort before expensive operations
+      throwIfAborted(request)
+      
       // Fast data: Subdomains + Paths only
       const [topSubdomains, topPaths] = await Promise.all([
-        getTopSubdomains(whereClause, params, 10, searchType, body.keywordMode || 'full-url', targetDomain).catch((e) => { 
-          console.error("❌ Subdomains Error:", e)
+        getTopSubdomains(whereClause, params, 10, searchType, body.keywordMode || 'full-url', targetDomain, signal).catch((e) => { 
+          // Don't log AbortError as error
+          if (e instanceof Error && e.name !== 'AbortError') {
+            console.error("❌ Subdomains Error:", e)
+          }
           return []
         }),
-        getTopPaths(whereClause, params, 10).catch((e) => { 
-          console.error("❌ Paths Error:", e)
+        getTopPaths(whereClause, params, 10, signal).catch((e) => { 
+          if (e instanceof Error && e.name !== 'AbortError') {
+            console.error("❌ Paths Error:", e)
+          }
           return []
         }),
       ])
+      
+      // Check abort after operations
+      throwIfAborted(request)
 
       console.log("✅ Stats data retrieved:", {
         topSubdomainsCount: topSubdomains?.length || 0,
@@ -124,11 +145,19 @@ export async function POST(request: NextRequest) {
     }
 
     if (type === 'timeline') {
+      // Check abort before expensive operations
+      throwIfAborted(request)
+      
       // Slow data: Timeline only
-      const timelineData = await getTimelineData(whereClause, params, timelineGranularity || 'auto').catch((e) => { 
-        console.error("❌ Timeline Error:", e)
+      const timelineData = await getTimelineData(whereClause, params, timelineGranularity || 'auto', signal).catch((e) => { 
+        if (e instanceof Error && e.name !== 'AbortError') {
+          console.error("❌ Timeline Error:", e)
+        }
         return []
       })
+      
+      // Check abort after operations
+      throwIfAborted(request)
 
       console.log("✅ Timeline data retrieved:", {
         timelineCount: timelineData?.length || 0,
@@ -144,20 +173,32 @@ export async function POST(request: NextRequest) {
     }
 
     // Default: Return all data (backward compatible)
+    // Check abort before expensive operations
+    throwIfAborted(request)
+    
     const [timelineData, topSubdomains, topPaths] = await Promise.all([
-      getTimelineData(whereClause, params, timelineGranularity || 'auto').catch((e) => { 
-        console.error("❌ Timeline Error:", e)
+      getTimelineData(whereClause, params, timelineGranularity || 'auto', signal).catch((e) => { 
+        if (e instanceof Error && e.name !== 'AbortError') {
+          console.error("❌ Timeline Error:", e)
+        }
         return []
       }),
-      getTopSubdomains(whereClause, params, 10, searchType, body.keywordMode || 'full-url', targetDomain).catch((e) => { 
-        console.error("❌ Subdomains Error:", e)
+      getTopSubdomains(whereClause, params, 10, searchType, body.keywordMode || 'full-url', targetDomain, signal).catch((e) => { 
+        if (e instanceof Error && e.name !== 'AbortError') {
+          console.error("❌ Subdomains Error:", e)
+        }
         return []
       }),
-      getTopPaths(whereClause, params, 10).catch((e) => { 
-        console.error("❌ Paths Error:", e)
+      getTopPaths(whereClause, params, 10, signal).catch((e) => { 
+        if (e instanceof Error && e.name !== 'AbortError') {
+          console.error("❌ Paths Error:", e)
+        }
         return []
       }),
     ])
+    
+    // Check abort after operations
+    throwIfAborted(request)
 
     console.log("✅ Overview data retrieved:", {
       timelineCount: timelineData?.length || 0,
@@ -176,12 +217,19 @@ export async function POST(request: NextRequest) {
     })
 
   } catch (error) {
+    // Handle abort errors gracefully
+    const abortResponse = handleAbortError(error)
+    if (abortResponse) {
+      return abortResponse
+    }
+    
+    // Handle other errors
     console.error("❌ Error in overview API:", error)
     return NextResponse.json({ error: "Failed to get overview data" }, { status: 500 })
   }
 }
 
-async function getTimelineData(whereClause: string, params: Record<string, string>, granularity: string) {
+async function getTimelineData(whereClause: string, params: Record<string, string>, granularity: string, signal?: AbortSignal) {
   // OPTIMIZED DATE PARSING STRATEGY (POST-NORMALIZATION)
   // After normalization, log_date is already in standard YYYY-MM-DD format
   // Query becomes very simple and fast - directly toDate() without complex parsing
@@ -209,7 +257,8 @@ async function getTimelineData(whereClause: string, params: Record<string, strin
     LEFT JOIN devices d ON c.device_id = d.device_id
     LEFT JOIN systeminformation si ON d.device_id = si.device_id
     ${whereClause}`,
-    params
+    params,
+    signal
   )) as any[]
 
   const range = dateRangeResult[0]
@@ -254,7 +303,7 @@ async function getTimelineData(whereClause: string, params: Record<string, strin
   }
 
   console.log("📅 Executing timeline query with granularity:", actualGranularity)
-  const result = (await executeClickHouseQuery(query, params)) as any[]
+  const result = (await executeClickHouseQuery(query, params, signal)) as any[]
 
   console.log("📊 Timeline query result:", result.length, "entries")
 
@@ -270,7 +319,8 @@ async function getTopSubdomains(
   limit: number,
   searchType: string,
   keywordMode: string,
-  keyword: string
+  keyword: string,
+  signal?: AbortSignal
 ) {
   // SECURITY: Validate limit parameter
   const safeLimit = Math.min(1000, Math.max(1, Math.floor(Number(limit)) || 10))
@@ -296,7 +346,7 @@ async function getTopSubdomains(
     FROM credentials c ${whereClause} GROUP BY full_hostname ORDER BY credential_count DESC LIMIT {queryLimit:UInt32}`
   }
 
-  const result = (await executeClickHouseQuery(query, queryParams)) as any[]
+  const result = (await executeClickHouseQuery(query, queryParams, signal)) as any[]
 
   // IMPORTANT: Cast count() to Number (ClickHouse returns String)
   return result.map((row: any) => ({
@@ -305,7 +355,7 @@ async function getTopSubdomains(
   }))
 }
 
-async function getTopPaths(whereClause: string, params: Record<string, string>, limit: number) {
+async function getTopPaths(whereClause: string, params: Record<string, string>, limit: number, signal?: AbortSignal) {
   // SECURITY: Validate limit parameter
   const safeLimit = Math.min(1000, Math.max(1, Math.floor(Number(limit)) || 10))
 
@@ -320,7 +370,8 @@ async function getTopPaths(whereClause: string, params: Record<string, string>,
     GROUP BY path
     ORDER BY credential_count DESC
     LIMIT {queryLimit:UInt32}`,
-    { ...params, queryLimit: safeLimit }
+    { ...params, queryLimit: safeLimit },
+    signal
   )) as any[]
 
   // IMPORTANT: Cast count() to Number (ClickHouse returns String)

app/api/domain-recon/passwords/route.ts

@@ -1,6 +1,7 @@
 import { NextRequest, NextResponse } from "next/server"
 import { executeQuery as executeClickHouseQuery } from "@/lib/clickhouse"
 import { validateRequest } from "@/lib/auth"
+import { throwIfAborted, getRequestSignal, handleAbortError } from "@/lib/api-helpers"
 
 /**
  * Build WHERE clause for domain matching that supports subdomains (ClickHouse version)
@@ -58,19 +59,28 @@ function buildKeywordWhereClause(keyword: string, mode: 'domain-only' | 'full-ur
 }
 
 export async function POST(request: NextRequest) {
+  // ✅ Check abort VERY EARLY - before validateRequest
+  throwIfAborted(request)
+  
   const user = await validateRequest(request)
   if (!user) {
     return NextResponse.json({ success: false, error: "Unauthorized" }, { status: 401 })
   }
 
   try {
+    // Check if request was aborted early
+    throwIfAborted(request)
+    
     const body = await request.json()
     const { targetDomain, searchType = 'domain', keywordMode } = body
 
     if (!targetDomain || typeof targetDomain !== 'string') {
       return NextResponse.json({ error: "targetDomain is required" }, { status: 400 })
     }
 
+    // Get signal for passing to database queries
+    const signal = getRequestSignal(request)
+
     let whereClause: string
     let params: Record<string, string>
 
@@ -92,6 +102,9 @@ export async function POST(request: NextRequest) {
       params = result.params
     }
 
+    // Check abort before expensive operations
+    throwIfAborted(request)
+
     console.log("🔑 Getting top passwords (optimized query)...")
 
     // OPTIMIZED QUERY (ClickHouse):
@@ -113,8 +126,12 @@ export async function POST(request: NextRequest) {
       GROUP BY c.password
       ORDER BY total_count DESC, c.password ASC
       LIMIT 10`,
-      params
+      params,
+      signal
     )) as any[]
+    
+    // Check abort after operations
+    throwIfAborted(request)
 
     console.log("🔑 Top passwords query result:", result.length, "items")
 
@@ -128,6 +145,13 @@ export async function POST(request: NextRequest) {
       topPasswords: topPasswords || [],
     })
   } catch (error) {
+    // Handle abort errors gracefully
+    const abortResponse = handleAbortError(error)
+    if (abortResponse) {
+      return abortResponse
+    }
+    
+    // Handle other errors
     console.error("❌ Error in passwords API:", error)
     return NextResponse.json(
       {