bug: update server feeds still respond when feature is disabled #589

New Issue

Open

opened 2026-06-07 20:42:22 +00:00 by jmiller · 1 comment

jmiller commented 2026-06-07 20:42:22 +00:00

Owner

Copy Link

Copy Source

Problem

The update server endpoints (/updates.xml, /updates/dolibarr.json, etc.) still respond with valid feed data even when the update server feature is disabled for a repo.

PR #579 fixed the settings persistence side (deleting the repo config row when the toggle is unchecked), but the RepoAssignmentPublicFeed middleware in services/context/repo_public_feed.go does not check whether LicensingEnabled is true. When no repo config exists, it defaults to platform "joomla" and allows the request through.

Expected Behavior

When the update server is disabled (no repo-level config with LicensingEnabled=true AND no org-level config with LicensingEnabled=true), the feed endpoints should return 404.

Fix

The RepoAssignmentPublicFeed middleware needs to check LicensingEnabled on both the repo config and org config, returning 404 if neither has it enabled.

Fix is on branch chore/mcp-cleanup.

## Problem The update server endpoints (`/updates.xml`, `/updates/dolibarr.json`, etc.) still respond with valid feed data even when the update server feature is disabled for a repo. PR #579 fixed the settings persistence side (deleting the repo config row when the toggle is unchecked), but the `RepoAssignmentPublicFeed` middleware in `services/context/repo_public_feed.go` does not check whether `LicensingEnabled` is true. When no repo config exists, it defaults to platform `"joomla"` and allows the request through. ## Expected Behavior When the update server is disabled (no repo-level config with `LicensingEnabled=true` AND no org-level config with `LicensingEnabled=true`), the feed endpoints should return 404. ## Fix The `RepoAssignmentPublicFeed` middleware needs to check `LicensingEnabled` on both the repo config and org config, returning 404 if neither has it enabled. Fix is on branch `chore/mcp-cleanup`.

jmiller commented 2026-06-07 20:42:27 +00:00

Author

Owner

Copy Link

Copy Source

Branch created: feature/589-bug-update-server-feeds-still-respond-wh

git fetch origin
git checkout feature/589-bug-update-server-feeds-still-respond-wh

Branch created: [`feature/589-bug-update-server-feeds-still-respond-wh`](https://code.mokoconsulting.tech/MokoConsulting/MokoGitea-APP/src/branch/feature/589-bug-update-server-feeds-still-respond-wh) ```bash git fetch origin git checkout feature/589-bug-update-server-feeds-still-respond-wh ```

Sign in to join this conversation.

Labels

Clear labels

breaking-change

Breaking API or behavior change

ci-cd

CI/CD pipeline changes

config

Configuration changes

dependencies

Dependency updates

deploy-failure

Deployment failed

docker

Docker/container changes

documentation

Documentation changes

good first issue

Good for newcomers

health-check

Repo health check result

help wanted

Extra attention needed

mokostandards

Related to MokoStandards framework

push-failure

Git push operation failed

security

Security vulnerability or hardening

size/l

200-500 lines changed

size/m

50-200 lines changed

size/s

10-50 lines changed

size/xl

500+ lines changed

size/xs

< 10 lines changed

standards-drift

Deviates from MokoStandards

standards-update

MokoStandards compliance update

sync-failure

Sync or mirror failed

tech-debt

Technical debt and TODO/FIXME items

upstream

upstream

Inherited from upstream Gitea

work-in-progress

Draft or incomplete work

No labels

Priority -

Type -

Status —

Priority —

Type —

Milestone

No items

No Milestone

Assignees

Clear assignees

jmiller (Jonathan Miller) moko-deploy (Moko Deploy Bot)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: MokoConsulting/MokoGitea-APP#589