fix: enforce repo visibility gate on all SSR route handlers (issue #90)
All 14 repo-scoped ui_*.py route handlers previously served private repos to anonymous browser requests with HTTP 200. _resolve_repo and _resolve_repo_full in _ui_helpers.py now accept an optional claims: MSignContext | None parameter and raise HTTP 404 when repo.visibility != 'public' and claims is None.
Every SSR handler threads Depends(optional_token) through to the resolver so authenticated CLI/API callers can still reach their own private repos.
ui_repo_settings.py and ui_sessions.py use require_valid_token (not optional) and add a claims.handle == owner check (403 for non-owners) since those pages expose owner-only configuration and session telemetry.
Pre-launch checklist corrected: the SSR visibility item was falsely marked done.
sha256:e17dff4303a5885a1a61af6b39594fe316aeb62821bad17ccb66c52128a315f5
sha
+27
~59
symbols
15 changed · 969 in snapshot
files
sha256:9775d5977e31923046eab672c7c8b496ecdbf3353057a5860193daa41c3e6502
snapshot
+27
symbols added
~59
symbols modified
15
files changed
969
files in snapshot
0
dead code introduced
Semantic Changes
86 symbols
+
.vscode/
+
alembic/
+
deploy/
+
docs/
+
musehub/
+
scripts/
+
src/
+
src/ts/
+
tests/
+
tools/
Files Changed
~15
969 in snapshot
~15
969 in snapshot
0 comments
To add a comment, use the Muse CLI:
muse hub commit comment sha256:e17dff4303a5885a1a61af6b39594fe316aeb62821bad17ccb66c52128a315f5 --body "your comment"
No comments yet. Be the first to start the discussion.