search: enforce bounded result limits and add api.cleanapp.io v3/v4 compatibility routes

borisolver · borisolver · commit a58af0a85d46 · 2026-02-12T09:50:33.000+01:00
diff --git a/platform_blueprint/deploy/prod/nginx_conf_d/apicleanapp.conf b/platform_blueprint/deploy/prod/nginx_conf_d/apicleanapp.conf
@@ -33,6 +33,24 @@ server {
         location = /create_or_update_area { proxy_pass http://127.0.0.1:8079; proxy_set_header Host $host; proxy_read_timeout 60; proxy_redirect http:// https://; }
         location = /get_reports_by_lat_lon { proxy_pass http://127.0.0.1:8079; proxy_set_header Host $host; proxy_read_timeout 60; proxy_redirect http:// https://; }
 
+        # Compatibility routes for older frontend bundles hitting api.cleanapp.io
+        location /api/v3/ {
+                proxy_pass http://127.0.0.1:9081;
+                proxy_http_version 1.1;
+                proxy_set_header Host $host;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection "upgrade";
+                proxy_read_timeout 86400;
+        }
+
+        location /api/v4/ {
+                proxy_pass http://127.0.0.1:9097;
+                proxy_http_version 1.1;
+                proxy_set_header Host $host;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection "upgrade";
+                proxy_read_timeout 86400;
+        }
 
 
 
diff --git a/report-listener/.version b/report-listener/.version
@@ -1 +1 @@
-BUILD_VERSION=1.0.113
+BUILD_VERSION=1.0.114
diff --git a/report-listener/database/database.go b/report-listener/database/database.go
@@ -654,7 +654,7 @@ func (d *Database) GetLastNAnalyzedReports(ctx context.Context, limit int, class
 // If full_data is true, returns reports with analysis. If false, returns only reports.
 // Only returns reports that are not resolved and are not privately owned
 // If classification is empty, returns both physical and digital reports
-func (d *Database) SearchReports(ctx context.Context, searchQuery string, classification string, full_data bool) (interface{}, error) {
+func (d *Database) SearchReports(ctx context.Context, searchQuery string, classification string, full_data bool, limit int) (interface{}, error) {
 	// OPTIMIZED 2-PHASE SEARCH:
 	// Phase 1: Fast FULLTEXT-only query to get seq IDs (no expensive JOINs)
 	// Phase 2: Fetch report details only for matching IDs
@@ -679,18 +679,18 @@ func (d *Database) SearchReports(ctx context.Context, searchQuery string, classi
 				WHERE is_valid = TRUE
 				AND classification = ?
 				AND brand_name LIKE ?
-				LIMIT 200
+				LIMIT ?
 			`
-			fastArgs = []interface{}{classification, prefixTerm}
+			fastArgs = []interface{}{classification, prefixTerm, limit}
 		} else {
 			fastQuery = `
 				SELECT DISTINCT seq
 				FROM report_analysis
 				WHERE is_valid = TRUE
 				AND brand_name LIKE ?
-				LIMIT 200
+				LIMIT ?
 			`
-			fastArgs = []interface{}{prefixTerm}
+			fastArgs = []interface{}{prefixTerm, limit}
 		}
 
 		fastRows, err := d.db.QueryContext(ctx, fastQuery, fastArgs...)
@@ -729,18 +729,18 @@ func (d *Database) SearchReports(ctx context.Context, searchQuery string, classi
 				WHERE is_valid = TRUE 
 				AND classification = ?
 				AND MATCH(title, description, brand_name, brand_display_name, summary) AGAINST (? IN BOOLEAN MODE)
-				LIMIT 200
+				LIMIT ?
 			`
-			seqArgs = []interface{}{classification, searchQuery}
+			seqArgs = []interface{}{classification, searchQuery, limit}
 		} else {
 			seqQuery = `
 				SELECT DISTINCT seq 
 				FROM report_analysis 
 				WHERE is_valid = TRUE 
 				AND MATCH(title, description, brand_name, brand_display_name, summary) AGAINST (? IN BOOLEAN MODE)
-				LIMIT 200
+				LIMIT ?
 			`
-			seqArgs = []interface{}{searchQuery}
+			seqArgs = []interface{}{searchQuery, limit}
 		}
 
 		// Phase 1 fallback: FULLTEXT search for seq IDs
diff --git a/report-listener/handlers/handlers.go b/report-listener/handlers/handlers.go
@@ -629,6 +629,20 @@ func (h *Handlers) GetSearchReports(c *gin.Context) {
 		return
 	}
 
+	// Get the max result limit. Keep default low for predictable latency.
+	limit := 50
+	if nStr := strings.TrimSpace(c.Query("n")); nStr != "" {
+		parsedN, err := strconv.Atoi(nStr)
+		if err != nil || parsedN <= 0 {
+			c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid 'n' parameter. Must be a positive integer."})
+			return
+		}
+		if parsedN > 200 {
+			parsedN = 200
+		}
+		limit = parsedN
+	}
+
 	// Transform search query: replace "-" with "+" and add "+" before each word for boolean mode
 	// First, replace any minus signs with plus signs
 	searchQuery = strings.ReplaceAll(searchQuery, "-", "+")
@@ -654,7 +668,7 @@ func (h *Handlers) GetSearchReports(c *gin.Context) {
 	}
 
 	// Get the reports from the database
-	reportsInterface, err := h.db.SearchReports(c.Request.Context(), transformedQuery, classification, fullData)
+	reportsInterface, err := h.db.SearchReports(c.Request.Context(), transformedQuery, classification, fullData, limit)
 	if err != nil {
 		log.Printf("Failed to search reports: %v", err)
 		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to retrieve reports"})

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-BUILD_VERSION=1.0.113`
	`1`	`+BUILD_VERSION=1.0.114`