fix: address code review issues (security, performance, quality)

Security: - Add JSON.parse error handling (return 400 instead of 500) - Add rate limiting fallback when KV unavailable (in-memory Map) - Add AI prompt injection protection (sanitizeForAIPrompt) Performance: - Optimize VPS benchmark matching (O(1) Map lookup vs O(n*m) loop) - Reduce AI candidates from 50 to 15 (saves ~60% API cost) - Centralize magic numbers in LIMITS config Code Quality: - Remove dead code (unused queryVPSBenchmarks function) - Extract duplicated region SQL to DEFAULT_REGION_FILTER_SQL - Replace hardcoded provider IDs with name-based filtering - Move magic numbers to config.ts LIMITS object Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-25 18:08:06 +09:00
parent b682abc45d
commit 7dfd3659ec
4 changed files with 99 additions and 48 deletions
--- a/src/handlers/recommend.ts
+++ b/src/handlers/recommend.ts
@@ -26,7 +26,8 @@ import {
  isValidBenchmarkData,
  isValidVPSBenchmark,
  isValidTechSpec,
-  isValidAIRecommendation
+  isValidAIRecommendation,
+  DEFAULT_REGION_FILTER_SQL
 } from '../utils';

 export async function handleRecommend(
@@ -430,22 +431,7 @@ async function queryCandidateServers(
    query += ` AND (${regionConditions.join(' OR ')})`;
  } else {
    // No region specified → default to Seoul/Tokyo/Osaka/Singapore
-    query += ` AND (
-      -- Korea (Seoul)
-      r.region_code IN ('icn', 'ap-northeast-2') OR
-      LOWER(r.region_name) LIKE '%seoul%' OR
-      -- Japan (Tokyo, Osaka)
-      r.region_code IN ('nrt', 'itm', 'ap-northeast-1', 'ap-northeast-3') OR
-      LOWER(r.region_code) LIKE '%tyo%' OR
-      LOWER(r.region_code) LIKE '%osa%' OR
-      LOWER(r.region_name) LIKE '%tokyo%' OR
-      LOWER(r.region_name) LIKE '%osaka%' OR
-      -- Singapore
-      r.region_code IN ('sgp', 'ap-southeast-1') OR
-      LOWER(r.region_code) LIKE '%sin%' OR
-      LOWER(r.region_code) LIKE '%sgp%' OR
-      LOWER(r.region_name) LIKE '%singapore%'
-    )`;
+    query += ` AND ${DEFAULT_REGION_FILTER_SQL}`;
  }

  // Filter by provider if specified
@@ -936,6 +922,14 @@ ${languageInstruction}`;
  const benchmarkSummary = formatBenchmarkSummary(benchmarkData);
  const vpsBenchmarkSummary = formatVPSBenchmarkSummary(vpsBenchmarks);

+  // Pre-filter candidates to reduce AI prompt size and cost
+  // Sort by price and limit to top 15 most affordable options
+  const topCandidates = candidates
+    .sort((a, b) => a.monthly_price - b.monthly_price)
+    .slice(0, 15);
+
+  console.log(`[AI] Filtered ${candidates.length} candidates to ${topCandidates.length} for AI analysis`);
+
  const userPrompt = `Analyze these server options and recommend the top 3 best matches.

 ## User Requirements
@@ -956,7 +950,7 @@ ${vpsBenchmarkSummary || 'No similar VPS benchmark data available.'}
 ${benchmarkSummary || 'No relevant CPU benchmark data available.'}

 ## Available Servers (IMPORTANT: Use the server_id value, NOT the list number!)
-${candidates.map((s) => `
+${topCandidates.map((s) => `
 [server_id=${s.id}] ${s.provider_name} - ${s.instance_name}${s.instance_family ? ` (${s.instance_family})` : ''}
   Instance: ${s.instance_id}
   vCPU: ${s.vcpu} | Memory: ${s.memory_gb} GB | Storage: ${s.storage_gb} GB
--- a/src/handlers/servers.ts
+++ b/src/handlers/servers.ts
@@ -3,7 +3,7 @@
 */

 import type { Env } from '../types';
-import { jsonResponse, isValidServer } from '../utils';
+import { jsonResponse, isValidServer, DEFAULT_REGION_FILTER_SQL } from '../utils';

 /**
 * GET /api/servers - Server list with filtering
@@ -49,23 +49,8 @@ export async function handleGetServers(
      JOIN providers p ON it.provider_id = p.id
      JOIN pricing pr ON pr.instance_type_id = it.id
      JOIN regions r ON pr.region_id = r.id
-      WHERE p.id IN (1, 2)  -- Linode, Vultr only
-        AND (
-          -- Korea (Seoul)
-          r.region_code IN ('icn', 'ap-northeast-2') OR
-          LOWER(r.region_name) LIKE '%seoul%' OR
-          -- Japan (Tokyo, Osaka)
-          r.region_code IN ('nrt', 'itm', 'ap-northeast-1', 'ap-northeast-3') OR
-          LOWER(r.region_code) LIKE '%tyo%' OR
-          LOWER(r.region_code) LIKE '%osa%' OR
-          LOWER(r.region_name) LIKE '%tokyo%' OR
-          LOWER(r.region_name) LIKE '%osaka%' OR
-          -- Singapore
-          r.region_code IN ('sgp', 'ap-southeast-1') OR
-          LOWER(r.region_code) LIKE '%sin%' OR
-          LOWER(r.region_code) LIKE '%sgp%' OR
-          LOWER(r.region_name) LIKE '%singapore%'
-        )
+      WHERE LOWER(p.name) IN ('linode', 'vultr')
+        AND ${DEFAULT_REGION_FILTER_SQL}
    `;

    const params: (string | number)[] = [];