From b7319ea4a67cc7d044c17c3c9e8d3a237ab43ba2 Mon Sep 17 00:00:00 2001 From: forgejo-backport-action Date: Thu, 16 Apr 2026 19:05:38 +0200 Subject: [PATCH] [v15.0/forgejo] fix: continued API response processing after error in `/repos/search` API (#12147) **Backport:** https://codeberg.org/forgejo/forgejo/pulls/12143 Prevent continued execution of some APIs with error responses that didn't correctly interrupt execution, resulting in bizarre outputs and possibly leaking secure data: ``` > GET /api/v1/repos/search?uid=-2&archived=false HTTP/2 > Host: example.org > user-agent: curl/7.88.1 > accept: */* > authorization: bearer *** > < HTTP/2 500 < server: nginx < date: Thu, 16 Apr 2026 14:20:09 GMT < content-type: application/json;charset=utf-8 < cache-control: max-age=0, private, must-revalidate, no-transform < x-content-type-options: nosniff < x-frame-options: SAMEORIGIN < {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"ok":true,"data":[{"id":68,"owner":{"id":1,"login":"mfenniak", ... ``` As these errors only occur on situations that shouldn't be reproducible (minus software bugs), test automation isn't practical. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests for Go changes - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I ran... - [ ] `make pr-go` before pushing ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. Co-authored-by: Mathieu Fenniak Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12147 Reviewed-by: Mathieu Fenniak Co-authored-by: forgejo-backport-action Co-committed-by: forgejo-backport-action --- routers/api/v1/org/team.go | 1 + routers/api/v1/repo/repo.go | 2 ++ routers/api/v1/user/repo.go | 2 ++ 3 files changed, 5 insertions(+) diff --git a/routers/api/v1/org/team.go b/routers/api/v1/org/team.go index 489b22892a..bd76e4d37e 100644 --- a/routers/api/v1/org/team.go +++ b/routers/api/v1/org/team.go @@ -591,6 +591,7 @@ func GetTeamRepos(ctx *context.APIContext) { // Due to the pagination of the API it doesn't make sense to skip it, as we wouldn't be giving the right // number of results back to the API consumer. ctx.Error(http.StatusInternalServerError, "InvalidAuthorizationReducer", "Repository was available from GetTeamRepositories, but not readable.") + return } repos[i] = convert.ToRepo(ctx, repo, permission) } diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go index 5c11a2380f..793281bc79 100644 --- a/routers/api/v1/repo/repo.go +++ b/routers/api/v1/repo/repo.go @@ -234,11 +234,13 @@ func Search(ctx *context.APIContext) { OK: false, Error: err.Error(), }) + return } else if !permission.HasAccess() { // It shouldn't happen that a repo is returned from GetTeamRepositories which we have no access to at all. // Due to the pagination of the API it doesn't make sense to skip it, as we wouldn't be giving the right // number of results back to the API consumer. ctx.Error(http.StatusInternalServerError, "InvalidAuthorizationReducer", "Repository was available from SearchRepository, but not readable.") + return } results[i] = convert.ToRepo(ctx, repo, permission) diff --git a/routers/api/v1/user/repo.go b/routers/api/v1/user/repo.go index 92d86e10b0..6897d06ca0 100644 --- a/routers/api/v1/user/repo.go +++ b/routers/api/v1/user/repo.go @@ -153,11 +153,13 @@ func ListMyRepos(ctx *context.APIContext) { permission, err := access_model.GetUserRepoPermissionWithReducer(ctx, repo, ctx.Doer, ctx.Reducer) if err != nil { ctx.Error(http.StatusInternalServerError, "GetUserRepoPermissionWithReducer", err) + return } else if !permission.HasAccess() { // It shouldn't happen that a repo is returned from SearchRepository which we have no access to at all. Due // to the pagination of the API it doesn't make sense to skip it, as we wouldn't be giving the right number // of results back to the API consumer. ctx.Error(http.StatusInternalServerError, "InvalidAuthorizationReducer", "Repository was available from SearchRepository, but not readable.") + return } results[i] = convert.ToRepo(ctx, repo, permission) }