Skip to content

Comments

fix: bind build start/cancel actions to build job ownership#1691

Merged
riderx merged 2 commits intomainfrom
riderx/fix-build-job-auth-pr
Feb 25, 2026
Merged

fix: bind build start/cancel actions to build job ownership#1691
riderx merged 2 commits intomainfrom
riderx/fix-build-job-auth-pr

Conversation

@riderx
Copy link
Member

@riderx riderx commented Feb 24, 2026

Summary (AI generated)

  • Bind /build/start/:jobId and /build/cancel/:jobId actions to the target build_requests row resolved from builder_job_id.
  • Remove client-supplied app_id from start/cancel routes so action routing cannot mix arbitrary app IDs with foreign job IDs.
  • Return 404 when job is not found before builder/API-key actions.
  • Keep permission checks using bound app_id and avoid mutating unrelated build rows with generic failure states.
  • Harden start handler to avoid marking status failed on controlled API errors.

Motivation (AI generated)

Prevent cross-tenant build sabotage by ensuring start/cancel commands are authorized against the actual job being targeted, not a caller-controlled app ID payload.

Business Impact (AI generated)

Stops unauthorized control of other tenants' build jobs (start/cancel), reducing security and billing exposure in the builder surface and improving tenant isolation.

Test Plan (AI generated)

  • Run targeted lint: bun lint supabase/functions/_backend/public/build/start.ts supabase/functions/_backend/public/build/cancel.ts supabase/functions/_backend/public/build/index.ts
  • Add regression test for foreign jobId with valid app_id body returning 404 and not calling builder
  • Validate authorized start/cancel flows still pass end-to-end with existing CI suites
  • Verify logs/tokens continue to work for valid builds,

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 24, 2026
edited
Loading

Warning

Rate limit exceeded

@riderx has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 11 minutes and 39 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 5cb5da2 and e959d0b.

📒 Files selected for processing (2)
  • supabase/functions/_backend/public/build/cancel.ts
  • supabase/functions/_backend/public/build/start.ts
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch riderx/fix-build-job-auth-pr

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Feb 24, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: dd8b32dbfb

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

supabase/functions/_backend/public/build/start.ts Outdated
Comment on lines 116 to 117
if (!buildRequest) {
throw quickError(404, 'build_request_not_found', 'Build request not found')
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Preserve unauthorized response for inaccessible build jobs

This changes the cross-app error contract from 400 { error: 'unauthorized' } to 404 { error: 'build_request_not_found' } when a caller provides a job ID they cannot access, because inaccessible rows under RLS now hit this branch directly. Existing behavior is still asserted in tests/build-job-scope.test.ts for /build/start/:jobId and /build/cancel/:jobId, so old clients/tests keyed on the unauthorized path will break unless this is version-gated or kept backward compatible.

Useful? React with 👍 / 👎.

@riderx riderx force-pushed the riderx/fix-build-job-auth-pr branch from f340093 to e959d0b Compare February 25, 2026 05:51
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 25, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
16.7% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

@riderx riderx merged commit 45131d1 into main Feb 25, 2026
12 of 14 checks passed
@riderx riderx deleted the riderx/fix-build-job-auth-pr branch February 25, 2026 05:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@riderx