The Issue:
In the useAutoSave hook, the code attempts to ensure a userId is available by calling insertPersonalDetails if it hasn't been set yet.
The Bug:
The hook attempts to save child sections (like educations or achievements) inside a loop. If the initial insertPersonalDetails call fails or returns an empty result, the userId becomes undefined. Subsequent table inserts will then fail or potentially crash because the required user_id field will be missing.
Summary & Fix:
The logic assumes insertPersonalDetails always returns a valid ID without handling cases where the primary record creation fails due to network issues or database constraints.
Vulnerable Code Snippet:
// src/helper/hooks/useAuthoSaveData.js
const res = await insertPersonalDetails({
...personalDetails,
auth_id: user.id,
summary,
});
userId = res?.[0]?.id; // Potential BUG: if res is null/empty, userId is undefined
// ... later in the code
await insert(filtered.map(i => ({ ...i, user_id: userId }))); // userId might be undefined here!
The Issue:
In the
useAutoSavehook, the code attempts to ensure a userId is available by callinginsertPersonalDetailsif it hasn't been set yet.The Bug:
The hook attempts to save child sections (like educations or achievements) inside a loop. If the initial insertPersonalDetails call fails or returns an empty result, the userId becomes undefined. Subsequent table inserts will then fail or potentially crash because the required user_id field will be missing.
Summary & Fix:
The logic assumes
insertPersonalDetailsalways returns a valid ID without handling cases where the primary record creation fails due to network issues or database constraints.Vulnerable Code Snippet: