address auth review feedback

Author: dnywh

src/components/ListingRead/ListingRead.tsx

@@ -1,5 +1,5 @@
 "use client";
-import { Fragment, useState, memo, useEffect, useMemo } from "react";
+import { Fragment, useState, memo, useEffect, useMemo, useRef } from "react";
 import type { ReactNode } from "react";
 import type { User } from "@supabase/supabase-js";
 
@@ -102,6 +102,8 @@ const ListingRead = memo(function Listing({
         : null,
     [rawRealListing, user]
   );
+  const realListingRef = useRef(realListing);
+  realListingRef.current = realListing;
   const listingForDisplay = demoListing ?? realListing;
 
   // Load existing thread if any (only if not in demo mode). Depend on the
@@ -149,13 +151,13 @@ const ListingRead = memo(function Listing({
 
       setExistingThread({
         ...thread,
-        listing: realListing,
+        listing: realListingRef.current,
         messages: messages ?? [],
       });
     }
 
     loadExistingThread();
-  }, [listingId, listingOwnerId, userId, isDemo, supabase, realListing]);
+  }, [listingId, listingOwnerId, userId, isDemo, supabase]);
 
   const initialZoomLevel = 14;
   const listingDisplayNameCopy = useMemo(

supabase/functions/_shared/auth.ts

@@ -0,0 +1,10 @@
+export function getBearerToken(
+  authorizationHeader: string | null
+): string | null {
+  if (!authorizationHeader) {
+    return null;
+  }
+
+  const match = authorizationHeader.match(/^\s*Bearer\s+(.+?)\s*$/i);
+  return match?.[1] ?? null;
+}

supabase/functions/_shared/storage-utils.ts

@@ -1,5 +1,10 @@
 import { SupabaseClient } from "https://esm.sh/@supabase/supabase-js@2";
 
+type ListingMedia = {
+  avatar: string | null;
+  photos: string[] | null;
+};
+
 export async function deleteStorageObject(
   supabase: SupabaseClient,
   bucket: string,
@@ -26,7 +31,7 @@ export async function deleteListingMedia(
     .from("listings")
     .select("avatar, photos")
     .eq("slug", slug)
-    .maybeSingle();
+    .maybeSingle<ListingMedia>();
 
   if (fetchError) throw fetchError;
   if (!listing) return;

supabase/functions/delete-account/index.ts

@@ -1,5 +1,6 @@
 import { serve } from "https://deno.land/std@0.168.0/http/server.ts";
 import { createClient } from "https://esm.sh/@supabase/supabase-js@2";
+import { getBearerToken } from "../_shared/auth.ts";
 import { deleteListingMedia } from "../_shared/storage-utils.ts";
 
 function jsonResponse(body: Record<string, unknown>, status: number) {
@@ -32,8 +33,7 @@ serve(async (req) => {
       return jsonResponse({ error: "Method not allowed" }, 405);
     }
 
-    const authHeader = req.headers.get("Authorization");
-    const accessToken = authHeader?.replace("Bearer ", "");
+    const accessToken = getBearerToken(req.headers.get("Authorization"));
 
     if (!accessToken) {
       return jsonResponse({ error: "Missing access token" }, 401);

supabase/functions/delete-listing/index.ts

@@ -1,5 +1,6 @@
 import { serve } from "https://deno.land/std@0.168.0/http/server.ts";
 import { createClient } from "https://esm.sh/@supabase/supabase-js@2";
+import { getBearerToken } from "../_shared/auth.ts";
 import { deleteListingMedia } from "../_shared/storage-utils.ts";
 
 function jsonResponse(body: Record<string, unknown>, status: number) {
@@ -36,8 +37,7 @@ serve(async (req) => {
       return jsonResponse({ error: "Missing listing slug" }, 400);
     }
 
-    const authHeader = req.headers.get("Authorization");
-    const accessToken = authHeader?.replace("Bearer ", "");
+    const accessToken = getBearerToken(req.headers.get("Authorization"));
 
     if (!accessToken) {
       return jsonResponse({ error: "Missing access token" }, 401);