Discount codes api

[devkiran]

Summary by CodeRabbit

• New Features
  • Discount codes API now supports filtering by tenantId, discountId, and linkId in addition to partnerId.
  • Partner links now include associated discount code details.
  • Added API documentation for discount codes endpoint.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
dub	Ready	Preview	Apr 21, 2026 3:54pm

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6f7e5073-5372-4dd5-88b7-c51fc37f42af

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• ✅ Review completed - (🔄 Check again to review again)

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch discount-codes-api

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

apps/web/app/(ee)/api/partners/links/route.ts (1)

48-52: Optional: narrow the nested discountCode selection to what's exposed.

The include fetches all DiscountCode columns (including partnerId, linkId, discountId), but ProgramPartnerLinkSchema.discountCode only exposes { id, code } and Zod's default strip mode silently drops the rest. You could make the Prisma selection match the public shape to avoid overfetching.

♻️ Suggested narrowing

       links: {
-        include: {
-          discountCode: true,
+        include: {
+          discountCode: {
+            select: { id: true, code: true },
+          },
         },
       },

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/web/app/`(ee)/api/partners/links/route.ts around lines 48 - 52, The
nested Prisma include is overfetching DiscountCode fields; update the include
under links (where `discountCode: true` is used) to explicitly select only the
public fields that `ProgramPartnerLinkSchema.discountCode` exposes (e.g., `id`
and `code`) so the DB query matches the public Zod shape and avoids pulling
`partnerId`, `linkId`, `discountId`, etc.; locate the include inside the `links`
selection in apps/web/app/(ee)/api/partners/links/route.ts and replace the
boolean include with a selective `select` for `id` and `code`.

apps/web/app/(ee)/api/discount-codes/route.ts (1)

27-89: Align the discount and link lookups for consistency.

The two guarded lookups use different patterns for the same goal (ensure the record belongs to programId):

• discount uses findUnique({ where: { id: discountId, programId } }) — scoped in the where clause
• link uses findUnique({ where: { id: linkId } }) — unscoped, relies on the post-check

Since your codebase already uses the extended where pattern for discount, align link by adding programId to its where clause:

♻️ Suggested alignment

       linkId
         ? prisma.link.findUnique({
             where: {
               id: linkId,
+              programId,
             },
             select: {
               programId: true,
             },
           })
         : null,

Optionally drop the now-redundant discount.programId !== programId and link.programId !== programId comparisons once both are scoped.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/web/app/`(ee)/api/discount-codes/route.ts around lines 27 - 89, Align
the link lookup with the discount lookup by scoping the prisma.link.findUnique
call to include programId in its where clause (i.e., use where: { id: linkId,
programId } when linkId is present) so it directly enforces record ownership;
update the linkId branch that calls prisma.link.findUnique and then you can
optionally remove the redundant post-check comparing link.programId !==
programId, similar to how discount is handled in the same Promise.all block.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/web/app/`(ee)/api/discount-codes/route.ts:
- Around line 19-102: The GET handler currently returns an unbounded array of
DiscountCode rows; add pagination to the GET exported handler by extending
getDiscountCodesQuerySchema to accept page and pageSize (same convention as
getPartnersQuerySchema), validate/normalize them in the GET handler, and change
the prisma.discountCode.findMany call in the GET handler to use take and skip
(or cursor) based on page/pageSize; also fetch total via
prisma.discountCode.count with the same where filter and return a paginated
response object (e.g. { items: DiscountCodeSchema.array().parse(items), total,
page, pageSize }) and update the OpenAPI/response schema accordingly. Ensure you
still apply existing filters (partnerId, tenantId, discountId, linkId,
programId) to both count and findMany and keep existing not_found checks
(programEnrollment, discount, link) unchanged.

---

Nitpick comments:
In `@apps/web/app/`(ee)/api/discount-codes/route.ts:
- Around line 27-89: Align the link lookup with the discount lookup by scoping
the prisma.link.findUnique call to include programId in its where clause (i.e.,
use where: { id: linkId, programId } when linkId is present) so it directly
enforces record ownership; update the linkId branch that calls
prisma.link.findUnique and then you can optionally remove the redundant
post-check comparing link.programId !== programId, similar to how discount is
handled in the same Promise.all block.

In `@apps/web/app/`(ee)/api/partners/links/route.ts:
- Around line 48-52: The nested Prisma include is overfetching DiscountCode
fields; update the include under links (where `discountCode: true` is used) to
explicitly select only the public fields that
`ProgramPartnerLinkSchema.discountCode` exposes (e.g., `id` and `code`) so the
DB query matches the public Zod shape and avoids pulling `partnerId`, `linkId`,
`discountId`, etc.; locate the include inside the `links` selection in
apps/web/app/(ee)/api/partners/links/route.ts and replace the boolean include
with a selective `select` for `id` and `code`.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1737b41e-04c6-4398-ad68-a6d17d446f99

📥 Commits

Reviewing files that changed from the base of the PR and between bed1f5e and 7abee8f.

📒 Files selected for processing (9)

• apps/web/app/(ee)/api/discount-codes/route.ts
• apps/web/app/(ee)/api/partners/links/route.ts
• apps/web/app/(ee)/api/workflows/partner-approved/route.ts
• apps/web/lib/api/partners/get-partners.ts
• apps/web/lib/openapi/discount-codes/index.ts
• apps/web/lib/openapi/discount-codes/list-discount-codes.ts
• apps/web/lib/openapi/index.ts
• apps/web/lib/zod/schemas/discount.ts
• apps/web/lib/zod/schemas/programs.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Add pagination before shipping this as a public API.

GET /discount-codes returns every DiscountCode row for the program in a single response — no take/skip/cursor, and the OpenAPI schema (z.array(DiscountCodeSchema)) bakes the unbounded-array contract into the SDK. For programs with many partner links (each link can have its own discount code), this will grow linearly with partners × links and cause slow/oversized responses on the request path. Once published, adding pagination later is a breaking change for SDK consumers.

Recommend introducing page/pageSize (matching the getPartnersQuerySchema convention elsewhere in this repo) now, and updating the OpenAPI response accordingly.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/web/app/`(ee)/api/discount-codes/route.ts around lines 19 - 102, The GET
handler currently returns an unbounded array of DiscountCode rows; add
pagination to the GET exported handler by extending getDiscountCodesQuerySchema
to accept page and pageSize (same convention as getPartnersQuerySchema),
validate/normalize them in the GET handler, and change the
prisma.discountCode.findMany call in the GET handler to use take and skip (or
cursor) based on page/pageSize; also fetch total via prisma.discountCode.count
with the same where filter and return a paginated response object (e.g. { items:
DiscountCodeSchema.array().parse(items), total, page, pageSize }) and update the
OpenAPI/response schema accordingly. Ensure you still apply existing filters
(partnerId, tenantId, discountId, linkId, programId) to both count and findMany
and keep existing not_found checks (programEnrollment, discount, link)
unchanged.