The public user reviews endpoint accepts invalid pagination values directly from query params.\n\nCurrent behavior:\n- GET /api/users/:username/reviews?limit=0 computes .range(offset, offset - 1), e.g. .range(0, -1).\n- GET /api/users/:username/reviews?offset=-5 sends a negative start index to Supabase.\n- Invalid values are echoed back in pagination metadata.\n\nExpected behavior:\n- limit should default to 10 unless it is a positive integer, and still be capped at 50.\n- offset should default to 0 unless it is a non-negative integer.\n- The Supabase .range() call should always receive a valid non-negative range.
The public user reviews endpoint accepts invalid pagination values directly from query params.\n\nCurrent behavior:\n- GET /api/users/:username/reviews?limit=0 computes .range(offset, offset - 1), e.g. .range(0, -1).\n- GET /api/users/:username/reviews?offset=-5 sends a negative start index to Supabase.\n- Invalid values are echoed back in pagination metadata.\n\nExpected behavior:\n- limit should default to 10 unless it is a positive integer, and still be capped at 50.\n- offset should default to 0 unless it is a non-negative integer.\n- The Supabase .range() call should always receive a valid non-negative range.