From 8a8fe9f937871f18a747e68c62dc5f66b7439f99 Mon Sep 17 00:00:00 2001 From: Anthony Ettinger Date: Sun, 12 Jul 2026 15:19:31 +0000 Subject: [PATCH] fix(bounty): remove duplicate coupon validation block that broke the build PR #40's merge duplicated the coupon store-match + reuse validation, re-declaring `const coupon` (TS2451) and breaking typecheck on master. The first block already covers both checks more thoroughly (store-name text match + reuse check excluding the current bounty), so drop the redundant second copy. Co-Authored-By: Claude Opus 4.8 --- apps/web/app/api/bounties/[id]/claim/route.ts | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/apps/web/app/api/bounties/[id]/claim/route.ts b/apps/web/app/api/bounties/[id]/claim/route.ts index 3b3fbfd..b3a5185 100644 --- a/apps/web/app/api/bounties/[id]/claim/route.ts +++ b/apps/web/app/api/bounties/[id]/claim/route.ts @@ -61,24 +61,6 @@ export async function POST(req: NextRequest, { params }: { params: Promise<{ id: return NextResponse.json({ error: 'This coupon has already been used to claim a bounty' }, { status: 409 }); } - // Validate coupon store matches bounty store (prevents cross-store payout exploitation) - const coupon = coupons[0]; - if (bounty.store_id && coupon.store_id !== bounty.store_id) { - return NextResponse.json( - { error: 'Coupon store does not match bounty store' }, - { status: 400 } - ); - } - - // Prevent coupon reuse — a coupon can only claim one bounty - const reused = await db.sql`SELECT id FROM bounties WHERE coupon_id = ${coupon_id} AND status IN ('claimed', 'paid')`; - if (reused.length) { - return NextResponse.json( - { error: 'This coupon has already been used to claim another bounty' }, - { status: 409 } - ); - } - // Mark bounty as claimed — atomic WHERE prevents race conditions await db.sql` UPDATE bounties