azcomputerguru/guru-connect
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

style(server): cargo fmt + clippy fixes for v2 keystone (CI green)
All checks were successful
Build and Test / Build Agent (Windows) (push) Successful in 6m29s
Details
Build and Test / Build Server (Linux) (push) Successful in 10m23s
Details
Build and Test / Security Audit (push) Successful in 4m17s
Details
Build and Test / Build Summary (push) Successful in 11s
Details

Browse Source 
The Task 2/3/authz commits failed CI at the first gate (cargo fmt --all
--check), which short-circuited before clippy/build/test ran. Verified on the
build host (172.16.3.30): the v2 server compiles and all 18 tests pass; only
3 cosmetic issues blocked CI, all fixed here:
- cargo fmt --all (whitespace, 3 files)
- clippy unused_imports: drop ViewerClaims from auth/mod.rs re-export
- clippy doc_overindented_list_items: de-indent one doc line in sessions.rs
Testing Agent confirmed fmt + clippy -D warnings + build --release + test are
all green with these applied. No logic changes.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Mike Swanson
2026-05-29 20:19:26 -07:00
parent a453e7984e
commit 8a0193577b
4 changed files with 46 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
server/src/api/sessions.rs
View File

@@ -16,7 +16,7 @@
//! → a CONTROL token (input is forwarded to the agent).
//! - else the `view` permission (see [`SESSION_VIEW_PERMISSION`])
//! → a VIEW-ONLY token (the relay refuses to forward this viewer's input;
//! video still streams).
//! video still streams).
//! - else → 403 (standard envelope).
//!
//! This is why the gate is no longer a single `view` check: `view` is held by
@@ -95,8 +95,13 @@ pub async fn mint_viewer_token(
State(state): State<AppState>,
Path(id): Path<String>,
) -> ApiResult<Json<ViewerTokenResponse>> {
let session_id = Uuid::parse_str(&id)
.map_err(|_| err(StatusCode::BAD_REQUEST, "INVALID_SESSION_ID", "Invalid session ID"))?;
let session_id = Uuid::parse_str(&id).map_err(|_| {
err(
StatusCode::BAD_REQUEST,
"INVALID_SESSION_ID",
"Invalid session ID",
)
})?;
// TIERED AUTHORIZATION GATE (closes audit CRITICAL #1 — authz-strength split).
// Authentication alone is not enough, and a single `view` check is too coarse
@@ -127,13 +132,17 @@ pub async fn mint_viewer_token(
// The session must exist (live session manager is the
// source of truth for joinable sessions, matching GET /api/sessions/:id).
let session = state.sessions.get_session(session_id).await.ok_or_else(|| {
err(
StatusCode::NOT_FOUND,
"SESSION_NOT_FOUND",
"Session not found",
)
})?;
let session = state
.sessions
.get_session(session_id)
.await
.ok_or_else(|| {
err(
StatusCode::NOT_FOUND,
"SESSION_NOT_FOUND",
"Session not found",
)
})?;
// Resolve tenancy (Phase-1: always the default tenant). Carried in the
// claim so the WS and Phase-4 isolation can enforce it.