refactor: extract cutoff date helper and remove unused discordId param

[kamilwronka]

Summary

• Extract createCutoffDate() in ReservationsCleanupService — the cutoff date calculation was duplicated inline in two methods. Now uses a private helper, matching the identical pattern already in TimersCleanupService.
• Remove unused discordId parameter from getComments() — the parameter was passed through the controller → service → comment service chain but never used in the actual database query. Removed from the type signature, call sites, and tests.

Touched files

• apps/api/src/reservations/reservations-cleanup.service.ts
• apps/api/src/loots/services/loot-comment.service.ts
• apps/api/src/loots/loots.service.ts
• apps/api/src/loots/loots.controller.ts
• apps/api/src/loots/loots.controller.spec.ts
• apps/api/src/loots/loots.service.spec.ts

Safety

• Both changes are behavior-preserving (extract method + remove dead parameter)
• All 599 tests pass, lint clean, format clean
• No public API changes (controller route signatures unchanged — @DiscordId() decorator removal doesn't affect HTTP contract)

Test plan

• All 52 test files pass (599 tests)
• Pre-commit hooks pass (lint + format + tests)
• No new lint warnings introduced

🤖 Generated with Claude Code

Summary by CodeRabbit

• Refactor
  • Simplified the comments retrieval API by removing an unused parameter requirement, making the endpoint more straightforward.
  • Improved code maintainability in the reservations cleanup service by consolidating duplicate date calculation logic into a reusable helper method.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR removes the discordId parameter from the getComments flow across controller, service, and comment service layers. Additionally, date cutoff computation in the reservations cleanup service is refactored into a reusable private helper method.

Changes

Cohort / File(s)	Summary
Loot Comments Parameter Removal apps/api/src/loots/loots.controller.spec.ts, apps/api/src/loots/loots.controller.ts, apps/api/src/loots/loots.service.spec.ts, apps/api/src/loots/loots.service.ts, apps/api/src/loots/services/loot-comment.service.ts	Removed discordId parameter from method signatures and test invocations across all layers of the getComments flow; requests now depend solely on lootId and guildId.
Reservations Cleanup Refactoring apps/api/src/reservations/reservations-cleanup.service.ts	Extracted inline date cutoff computation into a shared private helper method createCutoffDate; both cleanupExpiredReservations and cleanupExpiredReservationsManual now invoke this helper.

Estimated Code Review Effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Poem

🐰 A hop, skip, and a jump through code so fine,
Parameter shadows fall away in line,
Discord whispers fade, no longer needed here,
While dates bloom fresh from helpers crystal clear!
✨ Cleaner flows and simpler skies above,
The codebase hops with joy—with all our love! 💜

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures both main changes in the pull request: extracting a cutoff date helper and removing the unused discordId parameter.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/blissful-stonebraker

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/api/src/reservations/reservations-cleanup.service.ts`:
- Around line 58-60: Add defensive validation of the retentionDays argument
inside createCutoffDate so callers like
cleanupExpiredReservationsManual(retentionDays) and the analogous
cleanupExpiredTimersManual validate inputs: ensure retentionDays is a finite
number and non-negative (e.g., Number.isFinite(retentionDays) && retentionDays
>= 0); if not, throw a clear RangeError (or similar) explaining the invalid
retentionDays value instead of silently computing a future cutoff. Apply the
same guard to the TimersCleanupService variant
(cleanupExpiredTimersManual/createCutoffDate there) so
exported/manual-invocation paths cannot expand the delete window with negative
or non-finite inputs.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0a6e3aa8-5f07-45a7-817d-e0edf494d113

📥 Commits

Reviewing files that changed from the base of the PR and between f99033e and bc0964f.

📒 Files selected for processing (6)

• apps/api/src/loots/loots.controller.spec.ts
• apps/api/src/loots/loots.controller.ts
• apps/api/src/loots/loots.service.spec.ts
• apps/api/src/loots/loots.service.ts
• apps/api/src/loots/services/loot-comment.service.ts
• apps/api/src/reservations/reservations-cleanup.service.ts

💤 Files with no reviewable changes (2)

• apps/api/src/loots/loots.service.spec.ts
• apps/api/src/loots/loots.controller.ts

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify whether upstream validation already enforces non-negative integer retentionDays.
# 1) Find callers of cleanupExpiredReservationsManual
rg -nP --type=ts -C3 '\bcleanupExpiredReservationsManual\s*\('

# 2) Find DTOs/schemas that may validate retentionDays
rg -nP --type=ts -C3 '\bretentionDays\b|\bIsInt\b|\bMin\s*\('

Repository: lootlog/monorepo

Length of output: 9059

---

🏁 Script executed:

# Find how environment variables are validated
rg -nP --type=ts 'RESERVATIONS_RETENTION_DAYS|TIMER_RETENTION_DAYS' -B5 -A5

# Find where these manual cleanup methods are called
rg -nP --type=ts '\bcleanupExpiredReservationsManual\b|\bcleanupExpiredTimersManual\b' -B3 -A3

# Search for any validation schemas or DTOs
fd -type f -name '*.ts' | xargs rg -l 'retentionDays' | head -20

Repository: lootlog/monorepo

Length of output: 11086

---

🏁 Script executed:

# Read the complete env.ts to see full validation
cat -n apps/api/src/config/env.ts

# Search for controllers that might expose these cleanup methods
rg -nP --type=ts 'Controller|@Controller|@Post|@Get' -B2 -A8 | rg -i 'cleanup|retention' -B5 -A5

# Find any API routes or endpoints
fd -type f -name '*.controller.ts' | xargs rg -l 'cleanupExpired|retention'

Repository: lootlog/monorepo

Length of output: 5727

---

🏁 Script executed:

# Read TimersController
cat -n apps/api/src/timers/timers.controller.ts

# Read ReservationsController
cat -n apps/api/src/reservations/reservations.controller.ts

Repository: lootlog/monorepo

Length of output: 14988

---

🏁 Script executed:

# Search for any endpoints or handlers that call the cleanup methods
rg -nP 'cleanupExpiredTimersManual|cleanupExpiredReservationsManual' -B5 -A5

# Check if ReservationsCleanupService is injected anywhere else
rg -nP 'ReservationsCleanupService' -B2 -A2

# Check if TimersCleanupService is injected anywhere else
rg -nP 'TimersCleanupService' -B2 -A2

Repository: lootlog/monorepo

Length of output: 10725

---

Add defensive validation for retentionDays in createCutoffDate().

While cleanupExpiredReservationsManual() and cleanupExpiredTimersManual() are not currently exposed via API, the methods are exported from their modules and accept optional caller-provided retentionDays values. Negative or non-finite values would move the cutoff date into the future, unintentionally expanding the delete scope. The environment validation (z.coerce.number()) has no bounds constraints. Add a guard to reject invalid values:

 private createCutoffDate(retentionDays: number): Date {
+  if (!Number.isFinite(retentionDays) || retentionDays < 0 || !Number.isInteger(retentionDays)) {
+    throw new Error("retentionDays must be a non-negative integer");
+  }
   const cutoffDate = new Date();
   cutoffDate.setDate(cutoffDate.getDate() - retentionDays);

   return cutoffDate;
 }

Also applies to: TimersCleanupService (lines 79-84)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/api/src/reservations/reservations-cleanup.service.ts` around lines 58 -
60, Add defensive validation of the retentionDays argument inside
createCutoffDate so callers like cleanupExpiredReservationsManual(retentionDays)
and the analogous cleanupExpiredTimersManual validate inputs: ensure
retentionDays is a finite number and non-negative (e.g.,
Number.isFinite(retentionDays) && retentionDays >= 0); if not, throw a clear
RangeError (or similar) explaining the invalid retentionDays value instead of
silently computing a future cutoff. Apply the same guard to the
TimersCleanupService variant (cleanupExpiredTimersManual/createCutoffDate there)
so exported/manual-invocation paths cannot expand the delete window with
negative or non-finite inputs.