The public user activity endpoint accepts invalid pagination values directly from query params.\n\nCurrent behavior:\n- GET /api/users/:username/activity?limit=0 computes
ange(offset, offset - 1), e.g. .range(0, -1).\n- GET /api/users/:username/activity?offset=-5 sends a negative start index to Supabase.\n- Negative or non-positive values are also returned in the pagination metadata.\n\nExpected behavior:\n- limit should default to 20 unless it is a positive integer, and still be capped at 50.\n- offset should default to 0 unless it is a non-negative integer.\n- The Supabase .range() call should always receive a valid non-negative range.
The public user activity endpoint accepts invalid pagination values directly from query params.\n\nCurrent behavior:\n- GET /api/users/:username/activity?limit=0 computes
ange(offset, offset - 1), e.g. .range(0, -1).\n- GET /api/users/:username/activity?offset=-5 sends a negative start index to Supabase.\n- Negative or non-positive values are also returned in the pagination metadata.\n\nExpected behavior:\n- limit should default to 20 unless it is a positive integer, and still be capped at 50.\n- offset should default to 0 unless it is a non-negative integer.\n- The Supabase .range() call should always receive a valid non-negative range.