feat: extend order listing with date range and sorting filters

[GandrothuNagaSaiRishitha]

Summary

Closes #22

Extends the GET /api/orders endpoint to support date range filtering
and sort order controls, as requested in the issue.

Changes Made

backend/server.js

• Added from, to, and sort query parameter extraction
• Added validation: sort must be asc or desc → returns 400 if invalid
• Added validation: from and to must be valid ISO 8601 dates → returns 400 if invalid
• Passes new params to database.getOrders()
• Fixed pre-existing merge conflict in sendJson function

backend/db.js

• Updated getOrders() to accept from, to, and sort parameters
• from filters orders where createdAt >= from
• to filters orders where createdAt <= to
• sort controls ascending or descending order by createdAt (defaults to desc)

backend/env.js

• Fixed pre-existing merge conflict that was causing a SyntaxError on server start

Acceptance Criteria

• Supports date range filtering by createdAt
• Supports asc/desc sorting
• Invalid filter values return validation errors

API Usage

Query	Result
GET /api/orders	All orders, newest first (default)
GET /api/orders?sort=asc	Oldest first
GET /api/orders?from=2025-01-01&to=2025-12-31	Date range filter
GET /api/orders?sort=random	400 validation error
GET /api/orders?from=not-a-date	400 validation error

Screenshots

1. GET /api/orders — All orders (default sort=desc)

2. GET /api/orders?sort=asc — Ascending sort

3. GET /api/orders?from=2025-01-01&to=2025-12-31 — Date range filter

4. GET /api/orders?sort=random — Validation error (400)

The validation is working — sort=random correctly returns a 400 error

if feature found good and working, please merge this pr with relavant aperture 3.0 and difficulty labels

Summary by CodeRabbit

• New Features

  • Orders endpoint now supports filtering by custom date ranges and configurable sorting in ascending or descending order.

• Bug Fixes

  • Fixed async/await handling in authentication verification for admin-related endpoints.

• Refactor

  • Streamlined environment variable validation process.
  • Enhanced API framework to support custom response headers for better extensibility.

[vercel]

@GandrothuNagaSaiRishitha is attempting to deploy a commit to the Revon Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 76a56ab and bda01f9.

📒 Files selected for processing (3)

• backend/db.js
• backend/env.js
• backend/server.js

---

📝 Walkthrough

Walkthrough

Extended order listing with date range filtering and sorting capabilities; simplified environment validation by removing schema-based checks; enhanced server request handling with customizable response headers and parameter validation across orders endpoint.

Changes

Cohort / File(s)	Summary
Order Filtering & Sorting backend/db.js	Extended getOrders to accept from, to, and sort parameters. Added date range filtering on created_at with derived fromTime and toTime. Implemented conditional sorting: ascending when sort='asc', otherwise descending.
Environment Configuration backend/env.js	Removed dotenv and zod-based schema validation. Retained manual .env loading and basic numeric validation for specific keys plus AUTH_TOKEN_SECRET length check. Simplified error handling by eliminating structured validation and per-field error messages.
Server Request Handling backend/server.js	Updated sendJson signature to accept optional extraHeaders parameter. Enhanced GET /api/orders with query parameter support (from, to, sort) including validation and passthrough to database. Fixed async/await consistency on getUserFromAuthHeader calls. Refactored login flow to leverage rateLimiter for blocked-at checks. Added early returns post-response and runtime cache mode logging.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Server
    participant Database
    
    Client->>Server: GET /api/orders?from=X&to=Y&sort=asc
    Server->>Server: Validate date format & sort param
    Server->>Server: Convert from/to to timestamps
    Server->>Database: getOrders({spotId, userId, from, to, sort})
    Database->>Database: Filter by created_at range
    Database->>Database: Sort by created_at (asc/desc)
    Database-->>Server: Return filtered & sorted orders
    Server-->>Client: sendJson(res, 200, orders)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• #31: Introduced the original getOrders({ spotId, userId }) database method; this PR directly extends that same function signature and implementation with filtering and sorting parameters.
• #29: Previously modified the database and server layers for order retrieval; this PR continues those modifications by enhancing the getOrders flow with additional filtering and validation logic.

Suggested labels

medium

Poem

🐰 Hoppity hop, the orders now sort,
From dates to times, we filter with sport,
Ascending or falling, ascending or down,
The database queries dance all around town!
With headers aplenty and params so fine,
Order management's absolutely divine! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: extend order listing with date range and sorting filters' clearly and concisely summarizes the main change: adding date range and sort controls to the order listing endpoint.
Linked Issues check	✅ Passed	All requirements from issue #22 are met: date range filtering by createdAt [#22], asc/desc sorting support [#22], and validation errors for invalid values [#22].
Out of Scope Changes check	✅ Passed	All code changes relate directly to implementing date filters and sorting for orders. Pre-existing merge conflict fixes in env.js and server.js are incidental to the primary objective.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}