remove obsolete /partitions/create endpoint

haex-space · haex-space · commit 1236d5a4bc30 · 2026-03-24T13:02:03.000+01:00
Space + partition creation is handled by POST /sync/vault-key
which inserts the space (triggering partition creation via DB trigger).
diff --git a/src/routes/sync.vaults.ts b/src/routes/sync.vaults.ts
@@ -1,9 +1,8 @@
 import { Hono } from 'hono'
 import { zValidator } from '@hono/zod-validator'
 import { db, vaultKeys, spaces, type NewVaultKey } from '../db'
-import { eq, and, sql } from 'drizzle-orm'
+import { eq, and } from 'drizzle-orm'
 import { vaultKeySchema, updateVaultNameSchema } from './sync.schemas'
-import { getPartitionQuotaAsync } from '../services/quota'
 
 const vaultRoutes = new Hono()
 
@@ -294,81 +293,5 @@ vaultRoutes.delete('/vaults', async (c) => {
   }
 })
 
-/**
- * POST /partitions/create
- * Create a new sync_changes partition with a server-generated UUID.
- * The partition is created and committed before the response is sent,
- * ensuring Supabase Realtime can see it when the client subscribes.
- *
- * Creates a space (type='vault') and a corresponding partition.
- * Respects the user's tier limit for max partitions.
- */
-vaultRoutes.post('/partitions/create', async (c) => {
-  const spaceToken = c.get('spaceToken')
-  if (spaceToken) {
-    return c.json({ error: 'Space tokens cannot create partitions' }, 403)
-  }
-  const user = c.get('user')
-
-  try {
-    // Check quota
-    const quota = await getPartitionQuotaAsync(user.userId)
-    if (!quota.canCreate) {
-      return c.json({
-        error: 'Partition limit reached',
-        tier: quota.tier,
-        maxPartitions: quota.maxPartitions,
-        usedPartitions: quota.usedPartitions,
-      }, 403)
-    }
-
-    const partitionId = crypto.randomUUID()
-    const partitionName = 'sync_changes_' + partitionId.replace(/-/g, '_')
-
-    // Insert space record (type='vault') — trigger creates partition
-    await db.insert(spaces).values({
-      id: partitionId,
-      type: 'vault',
-      ownerId: user.userId,
-    })
-
-    // Create partition + RLS + replica identity
-    // DDL statements don't support parameterized values, so we use sql.raw()
-    // partitionId is crypto.randomUUID() — safe from injection
-    await db.execute(sql`
-      CREATE TABLE IF NOT EXISTS ${sql.raw(`public."${partitionName}"`)}
-        PARTITION OF public.sync_changes FOR VALUES IN (${sql.raw(`'${partitionId}'`)})
-    `)
-    await db.execute(sql`
-      ALTER TABLE ${sql.raw(`public."${partitionName}"`)} ENABLE ROW LEVEL SECURITY
-    `)
-    await db.execute(sql`
-      CREATE POLICY "Users can only access their own sync changes"
-        ON ${sql.raw(`public."${partitionName}"`)} FOR SELECT
-        USING ((select auth.uid()) = user_id)
-    `)
-    await db.execute(sql`
-      CREATE POLICY "Users can only insert their own sync changes"
-        ON ${sql.raw(`public."${partitionName}"`)} FOR INSERT
-        WITH CHECK ((select auth.uid()) = user_id)
-    `)
-    await db.execute(sql`
-      ALTER TABLE ${sql.raw(`public."${partitionName}"`)} REPLICA IDENTITY FULL
-    `)
-    await db.execute(sql`
-      ALTER PUBLICATION supabase_realtime ADD TABLE ${sql.raw(`public."${partitionName}"`)}
-    `)
-
-    console.log(`[Partitions] Created ${partitionName} for user ${user.userId} (${quota.usedPartitions + 1}/${quota.maxPartitions})`)
-
-    return c.json({ partitionId }, 201)
-  } catch (error: any) {
-    if (error?.message?.includes('already exists')) {
-      return c.json({ error: 'Partition already exists' }, 409)
-    }
-    console.error('Create partition error:', error)
-    return c.json({ error: 'Internal server error' }, 500)
-  }
-})
 
 export default vaultRoutes
