fix(maintenance-mode): keep only HaRP and ExApp survival routes available in maintenance mode#898
Conversation
|
No actionable comments were generated in the recent review. π βΉοΈ Recent review infoβοΈ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: π Files selected for processing (7)
π§ Files skipped from review as they are similar to previous changes (5)
π WalkthroughWalkthroughA new π₯ Pre-merge checks | β 4 | β 1β Failed checks (1 warning)
β Passed checks (4 passed)
βοΈ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
π§Ή Nitpick comments (1)
lib/Attribute/MaintenanceModeAvailable.php (1)
19-20: Restrict this attribute to method targets.
#[Attribute]currently allows broad placement; this marker is only consumed on controller methods. Constraining target scope prevents accidental misannotation that the middleware won't evaluate.Proposed change
-#[Attribute] +#[Attribute(Attribute::TARGET_METHOD)] class MaintenanceModeAvailable { }All 7 usages in the codebase are already method-level, making this a safe refactor.
βΉοΈ Review info
βοΈ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: fa668cbd-18fa-40bd-a5fa-8aeccf0cf3d3
π Files selected for processing (7)
lib/AppInfo/Application.phplib/Attribute/MaintenanceModeAvailable.phplib/Controller/HarpController.phplib/Controller/OCSApiController.phplib/Exceptions/MaintenanceModeException.phplib/Middleware/MaintenanceModeMiddleware.phptests/php/Middleware/MaintenanceModeMiddlewareTest.php
β¦in maintenance mode Signed-off-by: Oleksander Piskun <[email protected]>
b187fc7 to
6769836
Compare
|
/backport to stable34 |
Companion PR for this PR to the Server repo: nextcloud/server#61294
With that server change AppAPI stays reachable while the instance is in maintenance, so this adds a guard on our side: a new
MaintenanceModeMiddlewarereturns 503 for every AppAPI route during maintenance, except the few flagged with the new#[MaintenanceModeAvailable]attribute .The allowlist is just the routes that have to keep working: the HaRP exapp-meta lookup, and the ExApp init-status, enabled-state, nextcloud-url and log callbacks.
ExApps intentionally do not serve end-user traffic during maintenance: user-info is not allowlisted, because confirming who a user is (enabled/admin) needs backends from apps that aren't loaded while only AppAPI runs, so for LDAP/OIDC users the answer would be unreliable.
π€ AI (if applicable)