Skip to content

fix(bounties): add tests for claim_bounty repo-read gate (#160)#169

Open
Gravirei wants to merge 15 commits into
Gitlawb:mainfrom
Gravirei:fix/issue-160-claim-bounty-repo-read-gate
Open

fix(bounties): add tests for claim_bounty repo-read gate (#160)#169
Gravirei wants to merge 15 commits into
Gitlawb:mainfrom
Gravirei:fix/issue-160-claim-bounty-repo-read-gate

Conversation

@Gravirei

@Gravirei Gravirei commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Summary

Add integration tests verifying the claim_bounty repo-read gate that was added in PR #157.

Motivation & context

Closes #160.

Issue #160 identified that claim_bounty was an ungated path to private bounty metadata — even though the authorize_repo_read gate was included in PR #157, no tests were added for it. These tests close the coverage gap.

What changed

  • crates/gitlawb-node/src/test_support.rs: Added two integration tests:
    • claim_bounty_gate_denies_non_reader_on_private — a stranger claiming an open bounty on a private repo gets 404
    • claim_bounty_gate_admits_owner_on_private — the repo owner claiming their own open bounty on a private repo gets 200

How a reviewer can verify

cargo test -p gitlawb-node claim_bounty_gate -- --test-threads=1

Both tests follow the same patterns as the existing get_bounty_gate_* and star_repo_gate_* tests.

Before you request review

  • Scope is one logical change; no unrelated churn
  • New behavior is covered by tests
  • cargo check and cargo clippy are clean

Summary by CodeRabbit

  • Bug Fixes
    • Tightened access checks for claiming bounties on private repositories.
    • Non-authorized users now receive a not-found response when attempting to claim a private-repo bounty.
    • Repository owners can still successfully claim bounties on their private repositories.

Gravirei added 14 commits June 30, 2026 19:52
Gitlawb#126)

The IPFS visibility gate used withheld_blob_oids (a deny-set enumerating
only reachable blobs), so a dangling/unreachable blob was absent from the
set and served in cleartext to anonymous callers. Flip to an allowed-set
(allowed_blob_set_for_caller) that enumerates reachable blobs the caller
may read: a dangling blob has no path, is never in the set, and 404s.
Move store::read_object before the allowed_blob_set_for_caller
spawn_blocking call so random-CID spray against repos with
path-scoped rules cannot trigger full-history git walks on
repos that don't carry the object.
…tion

✓ P3 blocker fixed: cargo fmt applied — the format gate will pass.

  ✓ P3 cleanup resolved: withheld_blob_oids is still used by replication code in repos.rs, so it stays.

  • P2 follow-up: Tree/commit disclosure tracked in Gitlawb#135 — out of scope here.
Copilot AI review requested due to automatic review settings July 9, 2026 14:41
@github-actions github-actions Bot added the needs-tests Source changed without accompanying tests (advisory) label Jul 9, 2026

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Thanks for the contribution. A couple of things will help us review this faster:

  • This changes Rust source but no tests changed. Tests are required for fixes and strongly encouraged for features.

See CONTRIBUTING.md. Update the PR and these notes will clear automatically.

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Warning

Review limit reached

@Gravirei, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 43 minutes

Your organization has reached its usage spending cap. Adjust your spending cap in the billing tab.

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ae978718-f127-46a2-b202-d5f4290030a8

📥 Commits

Reviewing files that changed from the base of the PR and between 14ed8ef and ee2968c.

📒 Files selected for processing (1)
  • crates/gitlawb-node/src/api/profiles.rs
📝 Walkthrough

Walkthrough

Two new sqlx integration tests were added to test_support.rs validating the repo-scoped claim bounty gate: one confirms a non-reader claiming a bounty on a private repo receives NOT_FOUND, and another confirms the repo owner's claim succeeds.

Changes

Claim bounty gate tests

Layer / File(s) Summary
Private repo claim gate integration tests
crates/gitlawb-node/src/test_support.rs
Adds claim_bounty_gate_denies_non_reader_on_private and claim_bounty_gate_admits_owner_on_private tests that seed a private repo with a bounty, sign a POST /api/v1/bounties/{id}/claim request, run it via crate::server::build_router, and assert NOT_FOUND for non-owners and success for the owner.

Estimated code review effort: 1 (Trivial) | ~5 minutes

Suggested labels: kind:test, crate:node, subsystem:visibility, subsystem:api

Suggested reviewers: beardthelion, kevincodex1

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly states the main change: adding tests for the claim_bounty repo-read gate.
Linked Issues check ✅ Passed The added deny and admit tests match #160's required 404/200 coverage for private-repo claim_bounty access.
Out of Scope Changes check ✅ Passed The changes stay within the issue scope by adding only claim_bounty gate tests in test_support.rs.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@beardthelion beardthelion added crate:node gitlawb-node — the serving node and REST API kind:bug Defect fix — wrong or unsafe behavior labels Jul 9, 2026

@beardthelion beardthelion left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving. The deny test is load-bearing: with the authorize_repo_read gate in claim_bounty (crates/gitlawb-node/src/api/bounties.rs:245-256) neutralized, the stranger's claim goes through and returns 200 instead of 404, so the test genuinely pins the gate rather than incidentally catching a bounty-not-found. The 404 it asserts is a real read-deny on a private repo with no reader rule, hiding existence the same way the sibling bounty read-surfaces do. Owner-admit clears the gate and returns 200. CI green, base current with main.

Two small non-blocking follow-ups if you want to extend this later:

Findings

  • [P3] Cover the reader path, not just the owner short-circuit — crates/gitlawb-node/src/test_support.rs:3602. The admit test's claimant is the repo owner, so it is admitted before any reader_dids rule is consulted (crates/gitlawb-node/src/visibility.rs:85); the actual repo-read allow-list is never exercised. A case with a non-owner DID in a / rule's reader_dids would exercise it (that path admits and claims correctly).
  • [P3] Assert the claim actually landed — crates/gitlawb-node/src/test_support.rs:3648. The admit test checks only is_success() and discards the returned record; asserting status == "claimed" and claimant_did would bind the mutation so a gate-passing no-op could not pass green.

Solid as-is. @kevincodex1 good to merge once you're happy with it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

crate:node gitlawb-node — the serving node and REST API kind:bug Defect fix — wrong or unsafe behavior needs-tests Source changed without accompanying tests (advisory)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

claim_bounty leaks private-repo metadata and locks the bounty — no repo-read gate (write-side of #120)

3 participants