sander/Hostityourself
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: add tracing + explicit types to check_push_access

Browse source 
Makes the exact failure reason (app not found vs. no access grant)
visible in `docker compose logs server`.

https://claude.ai/code/session_01FKCW3FDjNFj6jve4niMFXH
This commit is contained in:
Claude 2026-03-24 09:57:18 +00:00
parent 4504c22af8
commit bb26a81fe6
No known key found for this signature in database
1 changed files with 20 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
server/src/routes/git.rs
View file

@ -105,15 +105,23 @@ fn forbidden() -> Response<Body> {
/// Resolves an app name/id and checks whether the user may push to it.
/// Returns the app_id on success.
async fn check_push_access(s: &AppState, user_id: &str, app: &str) -> Option<String> {
let app_id: String =
sqlx::query_scalar("SELECT id FROM apps WHERE id = ? OR name = ?")
let app_id: Option<String> =
sqlx::query_scalar::<_, String>("SELECT id FROM apps WHERE id = ? OR name = ?")
.bind(app)
.bind(app)
.fetch_optional(&s.db)
.await
.unwrap_or(None)?;
.unwrap_or(None);
let is_admin: i64 = sqlx::query_scalar("SELECT is_admin FROM users WHERE id = ?")
let app_id = match app_id {
Some(id) => id,
None => {
tracing::debug!("check_push_access: no app found for {:?}", app);
return None;
}
};
let is_admin: i64 = sqlx::query_scalar::<_, i64>("SELECT is_admin FROM users WHERE id = ?")
.bind(user_id)
.fetch_optional(&s.db)
.await
@ -121,17 +129,24 @@ async fn check_push_access(s: &AppState, user_id: &str, app: &str) -> Option<Str
.unwrap_or(0);
if is_admin != 0 {
tracing::debug!("check_push_access: user {} is admin, access granted", user_id);
return Some(app_id);
}
let granted: Option<i64> =
sqlx::query_scalar("SELECT 1 FROM user_apps WHERE user_id = ? AND app_id = ?")
sqlx::query_scalar::<_, i64>("SELECT 1 FROM user_apps WHERE user_id = ? AND app_id = ?")
.bind(user_id)
.bind(&app_id)
.fetch_optional(&s.db)
.await
.unwrap_or(None);
if granted.is_none() {
tracing::debug!(
"check_push_access: user {} has no grant for app {}",
user_id, app_id
);
}
granted.map(|_| app_id)
}