fix(bounties): clamp list pagination params

[sevencat2004]

Fixes #289

Summary

• reject non-positive or invalid bounties list limits by falling back to 50
• preserve the existing max limit of 100
• reject non-positive or invalid pages by falling back to page 1
• add route tests for invalid pagination, limit capping, valid pagination, and status filtering

Validation

• corepack pnpm test -- src/app/api/bounties/route.test.ts
• node_modules.bin\tsc.CMD -p tsconfig.json --noEmit

[greptile-apps]

Greptile Summary

This PR replaces the previous Number()-based limit/page parsing (which accepted floats, negatives, and zero) with a parsePositiveInt helper that validates the raw string with /^\d+$/ before parsing, falling back to sane defaults for any invalid input. Five route-level unit tests are added to cover the full boundary matrix.

• parsePositiveInt (route.ts): regex-guards against non-digit characters, checks <= 0 for zero, checks !Number.isFinite for overflow-to-Infinity edge cases, and applies an optional max cap — all previously-reported float/negative truncation issues are resolved.
• route.test.ts: new file with vitest tests for invalid, fractional, oversized, valid, and status-filtered requests; mock chain is wired correctly with range as the terminal async step.

Confidence Score: 5/5

Safe to merge — the pagination clamping logic is correct, all edge cases (zero, negative, floats, overflow-to-Infinity) are handled, and the tests verify the full boundary matrix.

The parsePositiveInt helper is well-structured: the regex pre-filter eliminates floats, negatives, and non-numeric strings before parseInt ever runs; the <= 0 and !isFinite checks cleanly catch zero and astronomically large inputs; and the optional max cap preserves the existing 100-row ceiling. The five new tests map directly to the cases described in the PR and exercise the route end-to-end through a correctly wired mock chain. No existing behavior for valid inputs is regressed.

No files require special attention.

Important Files Changed

Filename	Overview
src/app/api/bounties/route.ts	Extracted parsePositiveInt helper that uses a /^\d+$/ regex guard to reject floats, negatives, and zero before clamping with an optional max — correctly replacing the old Number()-based approach that silently accepted non-integer values.
src/app/api/bounties/route.test.ts	New test suite covering invalid params (0, negative), fractional params, limit capping, valid pagination, and status filtering; mock chain structure is correct with range terminal method resolving the promise.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[GET /api/bounties] --> B[Read searchParams]
    B --> C{parsePositiveInt limit}
    C --> D{"value null or not /^\\d+$/"}
    D -- yes --> E[fallback = 50]
    D -- no --> F[parseInt value]
    F --> G{"<= 0 or not finite"}
    G -- yes --> E
    G -- no --> H["min(parsed, 100)"]
    E --> I[limit = 50]
    H --> I
    B --> J{parsePositiveInt page}
    J --> K{"value null or not /^\\d+$/"}
    K -- yes --> L[fallback = 1]
    K -- no --> M[parseInt value]
    M --> N{"<= 0 or not finite"}
    N -- yes --> L
    N -- no --> O[parsed as-is]
    L --> P[page = 1]
    O --> P
    I & P --> Q["offset = (page-1) * limit"]
    Q --> R[".range(offset, offset+limit-1)"]
    R --> S[Return JSON response]

Loading

_{Reviews (2): Last reviewed commit: "fix(bounties): clamp list pagination par..." | Re-trigger Greptile}

[sevencat2004]

Submitted this PR for the ugig bounty: "I will pay for every bug fix found and PR submitted that fixes it".

The PR is ready for review:

• fixes Bounties list accepts invalid pagination ranges #289
• automated checks are passing
• Greptile marked it safe to merge with confidence 5/5

Solana wallet for bounty payout:
Dy4yMkjCfupxaURt6iTMUrxqSDEmAJPPkKF66QahxJZD