fix(bounties): add tests for claim_bounty repo-read gate (#160)#169
fix(bounties): add tests for claim_bounty repo-read gate (#160)#169Gravirei wants to merge 15 commits into
Conversation
Gitlawb#126) The IPFS visibility gate used withheld_blob_oids (a deny-set enumerating only reachable blobs), so a dangling/unreachable blob was absent from the set and served in cleartext to anonymous callers. Flip to an allowed-set (allowed_blob_set_for_caller) that enumerates reachable blobs the caller may read: a dangling blob has no path, is never in the set, and 404s.
Move store::read_object before the allowed_blob_set_for_caller spawn_blocking call so random-CID spray against repos with path-scoped rules cannot trigger full-history git walks on repos that don't carry the object.
…tion ✓ P3 blocker fixed: cargo fmt applied — the format gate will pass. ✓ P3 cleanup resolved: withheld_blob_oids is still used by replication code in repos.rs, so it stays. • P2 follow-up: Tree/commit disclosure tracked in Gitlawb#135 — out of scope here.
|
Thanks for the contribution. A couple of things will help us review this faster:
See CONTRIBUTING.md. Update the PR and these notes will clear automatically. |
|
Warning Review limit reached
Next review available in: 43 minutes Your organization has reached its usage spending cap. Adjust your spending cap in the billing tab. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughTwo new sqlx integration tests were added to test_support.rs validating the repo-scoped claim bounty gate: one confirms a non-reader claiming a bounty on a private repo receives NOT_FOUND, and another confirms the repo owner's claim succeeds. ChangesClaim bounty gate tests
Estimated code review effort: 1 (Trivial) | ~5 minutes Suggested labels: Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
beardthelion
left a comment
There was a problem hiding this comment.
Approving. The deny test is load-bearing: with the authorize_repo_read gate in claim_bounty (crates/gitlawb-node/src/api/bounties.rs:245-256) neutralized, the stranger's claim goes through and returns 200 instead of 404, so the test genuinely pins the gate rather than incidentally catching a bounty-not-found. The 404 it asserts is a real read-deny on a private repo with no reader rule, hiding existence the same way the sibling bounty read-surfaces do. Owner-admit clears the gate and returns 200. CI green, base current with main.
Two small non-blocking follow-ups if you want to extend this later:
Findings
- [P3] Cover the reader path, not just the owner short-circuit —
crates/gitlawb-node/src/test_support.rs:3602. The admit test's claimant is the repo owner, so it is admitted before anyreader_didsrule is consulted (crates/gitlawb-node/src/visibility.rs:85); the actual repo-read allow-list is never exercised. A case with a non-owner DID in a/rule'sreader_didswould exercise it (that path admits and claims correctly). - [P3] Assert the claim actually landed —
crates/gitlawb-node/src/test_support.rs:3648. The admit test checks onlyis_success()and discards the returned record; assertingstatus == "claimed"andclaimant_didwould bind the mutation so a gate-passing no-op could not pass green.
Solid as-is. @kevincodex1 good to merge once you're happy with it.
Summary
Add integration tests verifying the claim_bounty repo-read gate that was added in PR #157.
Motivation & context
Closes #160.
Issue #160 identified that claim_bounty was an ungated path to private bounty metadata — even though the authorize_repo_read gate was included in PR #157, no tests were added for it. These tests close the coverage gap.
What changed
crates/gitlawb-node/src/test_support.rs: Added two integration tests:claim_bounty_gate_denies_non_reader_on_private— a stranger claiming an open bounty on a private repo gets 404claim_bounty_gate_admits_owner_on_private— the repo owner claiming their own open bounty on a private repo gets 200How a reviewer can verify
cargo test -p gitlawb-node claim_bounty_gate -- --test-threads=1Both tests follow the same patterns as the existing
get_bounty_gate_*andstar_repo_gate_*tests.Before you request review
cargo checkandcargo clippyare cleanSummary by CodeRabbit