From 3f3654c3cb153ee46c2cfbca9d3e9440395f79d9 Mon Sep 17 00:00:00 2001 From: perf3ct Date: Tue, 24 Jun 2025 17:28:28 +0000 Subject: [PATCH] fix(server): resolve lack of user isolation --- .github/workflows/.test-integration.yml.swp | Bin 16384 -> 0 bytes .github/workflows/test-integration.yml | 2 +- src/routes/documents.rs | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) delete mode 100644 .github/workflows/.test-integration.yml.swp diff --git a/.github/workflows/.test-integration.yml.swp b/.github/workflows/.test-integration.yml.swp deleted file mode 100644 index f9970cd82db8c31d6d3fd2e4b20a6c7b560f9753..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 16384 zcmeI3UyK_^9mh9;&^BpH0EzNPYJYbL_a|j-UoN4k(+lz4xydyb&b56PK?&}9cWiHO zy}Q|+^~L0pN`L@Cr9SXLg%A=Fh{p;l3J-uP-~l9%KmsB0_W=au1;Hy172nx^p1t#t zYw1IU*3swe-I@K(%y(vI=l7dUyR@-#nI108Dfk>!lxJ^zxcAxT4=8VY>VV=o4i~3y z_gStsE;ZL`>Y3{0OB)Y8zGwDZ!eG&3uH)mcW&~cb&^384XcxB}Z?j`LTYixDYx~-`dk+o{%e$E3hvG0^U*2+_OG^a;_xuADf(@cf5UlUzg^Yas_e)as_e) zas_e)as_e)as_e){y!Ap?m^{gH05C2oa^!TfgRs(ijNJOJ(of4LiW!7Z=?4uKbsD9X3N=fO7k7$}4L!7GOq$sT`WEO0IB0_@@NV$;LyGbv@MUlVJOMreN?-yU1TVZ@t ztnv6NafjNB#QPqI8O0alt7A$BMC>}QoXecrk%P$fNeiyiHo>w>$7ghnhjs(6;F`uP zZEq9Pdk#(3JV$4~Pqrg!6WGRN#xP0?vo)AEV5sZLa(TD4>?LN0o*=a&6-QUk67MlP zV>z;0t=HG;Ws1#rG}B^+kiqAg$I0~^mwDE3LM{RJCrA%GOBB-M+$|T2mZNJ{4?>pD zluD(d=9nGgnBv;G|L(iI?p!k zu2gsFr{UO4IwbNf2E9*a&P6R1{S7-|mq%~(#HAGq1)4c-7UxT|ax-^zJ5d|gZDvd- z-BS-=5t6DOj-jkM==S=lCI+rarcF2I3WfR7&9h`UY0duoc#k#SW2|4PG?y;69$i~q zu3}siid!1jd#Poj_1fxMWw}+WG%t$ez_lFB@TClmYJH(xf1Or=8jFB}+B zw#TkCTaD^cz1l2O_#TzdbdPa$lMSU@%avwjvC^ov*6XVn_&074vj+wFEZw}B=0{pN zJxIDH9@^o6#@OD%OI-W7jdqWta1>hN-cYwrOi#W=^EAH^j}!yn^GS8`RLM8p)6tRi(!6_Y%>~Jp8f@kf(9;e#{Lkhy&&Z(ri>9488%AJ#^yjH~e; zhI2R&($k_hN5eAk8S07I4ety3MP1W-?EK(VoH@~cNt}-DkYRdEM;rGizsI_!&%NRQ zu2E`fciVULN7_`v=T@;04um3JmmHsv7?x5a;gUx*g?H&|(kv_*cW5NSXxK-x8{DyM zZCLaIytv67$I^S6X`jd3(6*B2NYV!l#sin?$T_ki+NWDu=4nJ^neFhTiU%EiRB9EL z0h?V_ckGVY-I0K6Eaq~@Hg#>xbx6jfi0J?WWlZuY&CxxTVdlsdn@P{4`GMh(=5iHN z6&@dGIiAbvaPK^UYiK;thQ!l&beAPkt;BZxq0d>L4CXT1V76{DU)C;~?CPxV3@{Og zO9nBWV|j)9Tr4`6?FSyCrIqmXK=W``+hkaVFr5j5Y&7#xw8$xl=Ye>B&{dk6qW*wJ zXVPDVwx(~QGqLF6UNCBmWFvEVWMj{Zj#1PG!ZX-oVl^o>!*|3&W{AhJJvCQgA3Bhm!D z=lW&2%TzU5#$h_=9=elGOT#-&Zx6Q|a`n`IBYwC(Y?P9!Iq){nXYP%?nt4w3Zjk@zc5`#>luVwMwIL zWvz~7HD2`=et=xZ)X+LsHDhvQ793_@>%y-{%#`OIipxvSgva6;Z(_+GRX99_zV}rJ zH&)ONY#yiLs&EH1YfBsYO4z)(5i0dDRZ0gKEM9on_B0!htFS>XmiaA@T?!c3SWZ%E`0o_feRi39|Z3NcYxo( zXYYeYz*%q~xD)&Y{<-kqHEAXgw)AXgw)AXgw);B``f($9`~yw@Kev_p`{ zg#SA>Jio(J+(%SB-izZn?0qKvmlyr;~&Q5kd3` zr)4Kt>?=qC#&lcZLkQtVvGnk&T{{brFD}YxNZB&R$23Rm55Pm;)t;IMPbE{JV^f@2 zb|>rWjb>}HvUI6guPjx|nN5^1ZFTKJ8S#U5AjkXPSRv_3Z6%6EkKOu+J6a6HW)+Ri zdTAn(CIS}nSvi1BB&WRUfOi!95{@Fg@9=B-#58_(n8wj1VPLqx5YIUhe2n+cra%T4IZaIXr zD>efVciUM-Y*mf&XYS7=6c_KMjk#9p8tG@GMs2hOimkUW4wI2!k8L)2#3a*}yv;T; Uo2fVvq8z3r1$}NSWw^cdA7xweyZ`_I diff --git a/.github/workflows/test-integration.yml b/.github/workflows/test-integration.yml index d782c15..40248c7 100644 --- a/.github/workflows/test-integration.yml +++ b/.github/workflows/test-integration.yml @@ -135,7 +135,7 @@ jobs: echo "Running tests with DATABASE_URL: $DATABASE_URL" echo "Environment check:" env | grep -E "(DATABASE_URL|JWT_SECRET|API_URL)" | sort - cargo test --test '*' -- --test-threads=1 + cargo test --test '*' --features test-utils -- --test-threads=1 env: DATABASE_URL: ${{ env.DATABASE_URL }} TEST_DATABASE_URL: ${{ env.DATABASE_URL }} diff --git a/src/routes/documents.rs b/src/routes/documents.rs index 9c9cd20..14917b8 100644 --- a/src/routes/documents.rs +++ b/src/routes/documents.rs @@ -669,7 +669,7 @@ async fn get_failed_ocr_documents( GROUP BY document_id ) q ON d.id = q.document_id WHERE d.ocr_status = 'failed' - AND ($1 = $1 OR d.user_id = $1) -- Admin can see all, users see only their own + AND ($1::uuid IS NULL OR d.user_id = $1) -- Admin can see all, users see only their own ORDER BY d.updated_at DESC LIMIT $2 OFFSET $3 "#