address read model review feedback

dnywh · dnywh · commit a6e4e4e7a650 · 2026-05-11T11:47:52.000+10:00
diff --git a/docs/supabase-data-architecture.md b/docs/supabase-data-architecture.md
@@ -57,6 +57,8 @@ Signed-out safe listing catalogue used by map, SEO, sitemap, homepage, and publi
 
 This table intentionally includes public listing content such as description, accepted items, rejected items, type, area/country, coordinates, slug, and low-sensitivity presentation metadata.
 
+`coordinates` is the JSON shape consumed by the app. `latitude` and `longitude` are generated from that same value so map viewport queries can use normal database indexes without exposing or querying the base `listings.location` column directly.
+
 Residential listings keep their description, accepted items, and rejected items public, but owner identity and residential media are hidden:
 
 - `name` is `null` for residential rows.
diff --git a/src/app/actions.ts b/src/app/actions.ts
@@ -217,8 +217,10 @@ export const signUpAction = async (formData: FormData, request?: Request) => {
       "Error running hook URI",
       "Failed to reach hook within maximum time",
     ];
+    const errorMessage = error?.message ?? "";
+    const lowerCaseErrorMessage = errorMessage.toLowerCase();
     const isHookTimeout = hookTimeoutPatterns.some((pattern) =>
-      error?.message?.includes(pattern)
+      errorMessage.includes(pattern)
     );
     if (isHookTimeout) {
       redirectUrl.searchParams.append("error", t("generic"));
@@ -231,7 +233,7 @@ export const signUpAction = async (formData: FormData, request?: Request) => {
       "User already registered",
     ];
     const accountExists = accountExistsPatterns.some((pattern) =>
-      error?.message?.toLowerCase().includes(pattern.toLowerCase())
+      lowerCaseErrorMessage.includes(pattern.toLowerCase())
     );
     if (accountExists) {
       redirectUrl.searchParams.append("error", t("accountExists"));
diff --git a/src/features/chat/chatData.ts b/src/features/chat/chatData.ts
@@ -229,12 +229,9 @@ export async function getChatThreads(
     fetchProfileCards(supabase, profileIds),
     fetchListingContactCards(supabase, listingIds),
     threadIds.length > 0
-      ? supabase
-          .from("chat_messages")
-          .select("id, content, created_at, read_at, sender_id, thread_id")
-          .in("thread_id", threadIds)
-          .order("created_at", { ascending: false })
-          .order("id", { ascending: false })
+      ? supabase.rpc("latest_chat_messages_for_threads", {
+          thread_ids: threadIds,
+        })
       : { data: [], error: null },
   ]);
 
diff --git a/supabase/migrations/20260511014423_address_copilot_read_model_feedback.sql b/supabase/migrations/20260511014423_address_copilot_read_model_feedback.sql
@@ -0,0 +1,136 @@
+-- Follow-up hardening and performance fixes from PR review.
+
+alter table public.public_listings
+  add column latitude double precision
+    generated always as ((coordinates->>'latitude')::double precision) stored,
+  add column longitude double precision
+    generated always as ((coordinates->>'longitude')::double precision) stored;
+
+create index public_listings_longitude_latitude_idx
+  on public.public_listings (longitude, latitude);
+
+create index if not exists chat_messages_thread_id_created_at_id_idx
+  on public.chat_messages (thread_id, created_at desc, id desc);
+
+create or replace function public.listings_in_view(
+  min_lat double precision,
+  min_long double precision,
+  max_lat double precision,
+  max_long double precision
+) returns table(id bigint, slug text, type text, coordinates jsonb)
+language sql
+security invoker
+stable
+set search_path = ''
+as $$
+  select
+    public_listings.id,
+    public_listings.slug,
+    public_listings.type,
+    public_listings.coordinates
+  from public.public_listings
+  where public_listings.latitude between min_lat and max_lat
+    and public_listings.longitude between min_long and max_long
+$$;
+
+alter function public.listings_in_view(
+  double precision,
+  double precision,
+  double precision,
+  double precision
+) owner to postgres;
+
+revoke all privileges on function public.listings_in_view(
+  double precision,
+  double precision,
+  double precision,
+  double precision
+) from anon, authenticated, public;
+
+grant execute on function public.listings_in_view(
+  double precision,
+  double precision,
+  double precision,
+  double precision
+) to anon, authenticated, service_role;
+
+create or replace function public.latest_chat_messages_for_threads(thread_ids uuid[])
+returns table(
+  id uuid,
+  content text,
+  created_at timestamp with time zone,
+  read_at timestamp with time zone,
+  sender_id uuid,
+  thread_id uuid
+)
+language sql
+security invoker
+stable
+set search_path = ''
+as $$
+  select distinct on (chat_messages.thread_id)
+    chat_messages.id,
+    chat_messages.content,
+    chat_messages.created_at,
+    chat_messages.read_at,
+    chat_messages.sender_id,
+    chat_messages.thread_id
+  from public.chat_messages
+  where auth.uid() is not null
+    and chat_messages.thread_id = any(thread_ids)
+  order by chat_messages.thread_id, chat_messages.created_at desc, chat_messages.id desc
+$$;
+
+alter function public.latest_chat_messages_for_threads(uuid[]) owner to postgres;
+
+revoke all privileges on function public.latest_chat_messages_for_threads(uuid[])
+  from anon, authenticated, public;
+
+grant execute on function public.latest_chat_messages_for_threads(uuid[])
+  to authenticated, service_role;
+
+create or replace function private.enforce_chat_thread_insert()
+returns trigger
+language plpgsql
+security definer
+set search_path = ''
+as $$
+declare
+  jwt_role text;
+begin
+  jwt_role := nullif(current_setting('request.jwt.claim.role', true), '');
+
+  if jwt_role = 'service_role'
+    or ((select auth.uid()) is null and jwt_role is null)
+  then
+    return new;
+  end if;
+
+  if (select auth.uid()) is null or new.initiator_id is distinct from (select auth.uid()) then
+    raise exception 'Users can only start chat threads as themselves.'
+      using errcode = '42501';
+  end if;
+
+  if (
+    select count(*)
+    from public.chat_messages
+    where sender_id = new.initiator_id
+      and created_at >= now() - interval '1 hour'
+  ) >= 10 then
+    raise exception 'Too many messages sent recently to start a new chat thread.'
+      using errcode = '42501';
+  end if;
+
+  if (
+    select count(*)
+    from public.chat_threads
+    where initiator_id = new.initiator_id
+      and created_at >= now() - interval '1 hour'
+  ) >= 6 then
+    raise exception 'Too many chat threads started recently.'
+      using errcode = '42501';
+  end if;
+
+  return new;
+end;
+$$;
