azcomputerguru/guru-connect
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

style(server): cargo fmt + clippy fixes for v2 keystone (CI green)
All checks were successful
Build and Test / Build Agent (Windows) (push) Successful in 6m29s
Details
Build and Test / Build Server (Linux) (push) Successful in 10m23s
Details
Build and Test / Security Audit (push) Successful in 4m17s
Details
Build and Test / Build Summary (push) Successful in 11s
Details

Browse Source 
The Task 2/3/authz commits failed CI at the first gate (cargo fmt --all
--check), which short-circuited before clippy/build/test ran. Verified on the
build host (172.16.3.30): the v2 server compiles and all 18 tests pass; only
3 cosmetic issues blocked CI, all fixed here:
- cargo fmt --all (whitespace, 3 files)
- clippy unused_imports: drop ViewerClaims from auth/mod.rs re-export
- clippy doc_overindented_list_items: de-indent one doc line in sessions.rs
Testing Agent confirmed fmt + clippy -D warnings + build --release + test are
all green with these applied. No logic changes.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Mike Swanson
2026-05-29 20:19:26 -07:00
parent a453e7984e
commit 8a0193577b
4 changed files with 46 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
server/src/relay/mod.rs
View File

@@ -338,16 +338,18 @@ async fn validate_agent_api_key(state: &AppState, api_key: &str) -> AgentKeyAuth
crate::auth::agent_keys::verify_agent_key(db.pool(), api_key).await
{
// Resolve the trusted identity from the authenticated key's machine.
let trusted_agent_id = match db::machines::get_machine_by_id(db.pool(), machine_id)
.await
{
Ok(Some(machine)) => Some(machine.agent_id),
Ok(None) => None,
Err(e) => {
tracing::error!("Failed to resolve machine for authenticated agent key: {}", e);
None
}
};
let trusted_agent_id =
match db::machines::get_machine_by_id(db.pool(), machine_id).await {
Ok(Some(machine)) => Some(machine.agent_id),
Ok(None) => None,
Err(e) => {
tracing::error!(
"Failed to resolve machine for authenticated agent key: {}",
e
);
None
}
};
return AgentKeyAuth::PerAgentKey(trusted_agent_id);
}
}
@@ -403,13 +405,16 @@ pub async fn viewer_ws_handler(
// 1. Signature + expiry + `purpose == "viewer"`. A login JWT fails this
// (wrong claim shape / no `purpose`), so login tokens are no longer
// accepted on the viewer plane.
let claims = state.jwt_config.validate_viewer_token(&token).map_err(|e| {
warn!(
"Viewer connection rejected from {}: invalid viewer token: {}",
client_ip, e
);
StatusCode::UNAUTHORIZED
})?;
let claims = state
.jwt_config
.validate_viewer_token(&token)
.map_err(|e| {
warn!(
"Viewer connection rejected from {}: invalid viewer token: {}",
client_ip, e
);
StatusCode::UNAUTHORIZED
})?;
// 2. Revocation check on the WS plane (CRITICAL #2): a logged-out / revoked
// token must not grant live remote control even before natural expiry.