mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
a438886217
* refactor: Update comments for clarity and add expectations.json files for performance metrics * feat: Implement FP guard for JS/TS local-collection receivers to suppress missing ownership checks * feat: Enhance Rust parameter handling to classify local collections and prevent false ownership checks * refactor: Simplify code formatting for better readability in multiple files * refactor: Improve UTF-8 sequence length handling and enhance clarity in loop iteration * feat: Update Java and Python patterns to include new security rules * refactor: Improve comment clarity and consistency across multiple Rust files * refactor: Simplify code formatting for improved readability in integration tests and module files * refactor: Improve comment formatting and enhance clarity in assertions across multiple files
33 lines
872 B
Rust
33 lines
872 B
Rust
use axum::extract::Path;
|
|
|
|
struct User {
|
|
id: i64,
|
|
}
|
|
|
|
mod realtime {
|
|
pub fn publish_to_group(_group_id: i64, _msg: &str) {}
|
|
}
|
|
|
|
mod authz {
|
|
pub fn require_group_member(_group: i64, _user: i64) -> Result<(), ()> {
|
|
Ok(())
|
|
}
|
|
}
|
|
|
|
mod auth {
|
|
use super::User;
|
|
pub fn current_user() -> User {
|
|
User { id: 1 }
|
|
}
|
|
}
|
|
|
|
// Negative control: the handler validates ownership via
|
|
// `authz::require_group_member(...)?` before the realtime publish. Phase C
|
|
// should NOT emit `rs.auth.missing_ownership_check.taint` here, the
|
|
// sanitizer clears `UNAUTHORIZED_ID` from the argument SSA values.
|
|
pub async fn handle_publish_checked(Path(group_id): Path<i64>) -> Result<&'static str, ()> {
|
|
let user = auth::current_user();
|
|
authz::require_group_member(group_id, user.id)?;
|
|
realtime::publish_to_group(group_id, "doc_updated");
|
|
Ok("ok")
|
|
}
|