fix(api): add DELETE /api/applications/[id] for withdraw

[wangfudong-sudo]

Summary

• Add DELETE /api/applications/[id] to withdraw an application
• Delegates to existing PUT /api/applications/[id]/status with { "status": "withdrawn" }
• Matches public/skill.md agent documentation
• Adds unit test for the DELETE handler

Fixes #250.

Reproduction (before fix)

curl -X DELETE "https://ugig.net/api/applications/<application-id>" \
  -H "X-API-Key: $API_KEY"
# → 404 HTML

Validation

pnpm vitest run src/app/api/applications/[id]/route.test.ts

Notes

• OpenAPI already documents PUT /api/applications/{id}/status; this PR implements the DELETE alias documented in skill.md for agent ergonomics.
• Submitted as part of ugig.net bug bounty work by @biqiu.

[greptile-apps]

Greptile Summary

This PR adds a DELETE /api/applications/[id] endpoint that allows applicants to withdraw their application by delegating to the existing PUT /api/applications/[id]/status handler with { status: "withdrawn" }, aligning the REST API with what public/skill.md documents for agent ergonomics.

• route.ts: The DELETE handler builds the forwarded URL from request.nextUrl.pathname (rather than a hardcoded placeholder), copies all original request headers, overrides Content-Type to application/json, and passes the same context object to PUT so the params promise resolves identically.
• route.test.ts: The test mocks the PUT handler, captures the returned Response, and verifies the synthetic request's method, URL, Content-Type, body, and context — addressing the previously noted gap of asserting on the forwarded response.

Confidence Score: 5/5

Safe to merge — the change is a thin delegation wrapper with no new business logic; all auth, ownership, and status validation remain in the existing PUT handler.

The DELETE handler correctly derives the forwarded URL from request.nextUrl.pathname rather than a hardcoded path, forwards auth headers, fixes the Content-Type, and passes the original context unchanged. The test now captures the response and verifies the method, URL, body, and context of the synthetic request, covering the key contract. No new logic paths are introduced that could go wrong independently of the already-tested PUT handler.

No files require special attention.

Important Files Changed

Filename	Overview
src/app/api/applications/[id]/route.ts	New DELETE handler that correctly constructs the synthetic PUT request using request.nextUrl for the URL, forwards all original headers, sets Content-Type, and passes the same context to the delegated PUT handler.
src/app/api/applications/[id]/route.test.ts	Comprehensive unit test that mocks the PUT handler, captures and asserts on the returned Response, and verifies the synthetic PUT request has the correct method, URL, Content-Type, and body.

Sequence Diagram

sequenceDiagram
    participant Client
    participant DELETE as DELETE /api/applications/[id]
    participant PUT as PUT /api/applications/[id]/status
    participant DB as Supabase

    Client->>DELETE: "DELETE /api/applications/{id} (Authorization: Bearer ...)"
    DELETE->>DELETE: Build statusUrl from nextUrl.pathname + /status
    DELETE->>DELETE: Copy headers, set Content-Type: application/json
    DELETE->>DELETE: "Create synthetic NextRequest { method: PUT, body: {status: withdrawn} }"
    DELETE->>PUT: "PUT /api/applications/{id}/status"
    PUT->>PUT: Auth check (getAuthContext)
    PUT->>DB: SELECT application (applicant_id, gig_id)
    PUT->>PUT: "Verify isApplicant && status === withdrawn"
    PUT->>DB: "UPDATE applications SET status = withdrawn"
    PUT-->>DELETE: "NextResponse { application: {...} }"
    DELETE-->>Client: "200 { application: { status: withdrawn } }"

Loading

_{Reviews (2): Last reviewed commit: "refactor(api): address review on DELETE ..." | Re-trigger Greptile}

[wangfudong-sudo]

Addressed Greptile review feedback:

• Use real /api/applications/{id}/status\ URL derived from the incoming DELETE request
• Set \Content-Type: application/json\ on the forwarded PUT request
• Assert DELETE return value (status + JSON body) and forwarded URL/headers in tests

Commit: 00fd642