fix: Joomla update server — element names, platform gating, domain race #638

Merged

jmiller merged 3 commits from fix into dev 2026-06-18 15:06:07 +00:00

Conversation 0 Commits 3 Files Changed 4

+114 -79

jmiller commented 2026-06-18 15:05:44 +00:00

Owner

Copy Link

Copy Source

Summary

Four fixes for the Joomla update server system, plus review-driven improvements.

1. Element name derivation (#635)

• Lowercase name and strip hyphens in AutoElementName()
• Remove incorrect plg_ prefix for plugins

2. Changelog element mismatch

• Use manifest-first resolution (matching updates.xml priority)
• Boolean flags for fallback instead of fragile sentinel comparison

3. Platform gating

• Whitelist joomla/both/unset instead of blacklisting only dolibarr
• Type-assert ctx.Data value to string for safety

4. Domain auto-association race condition

• db.WithTx for atomic count+insert (prevents exceeding MaxSites)
• Propagate all errors (grace-period path, IsDomainKnownForKey, updateDomainRestriction)
• Removed duplicate unreachable site-limit check

Fixes #635

## Summary Four fixes for the Joomla update server system, plus review-driven improvements. ### 1. Element name derivation (#635) - Lowercase name and strip hyphens in `AutoElementName()` - Remove incorrect `plg_` prefix for plugins ### 2. Changelog element mismatch - Use manifest-first resolution (matching `updates.xml` priority) - Boolean flags for fallback instead of fragile sentinel comparison ### 3. Platform gating - Whitelist `joomla`/`both`/unset instead of blacklisting only `dolibarr` - Type-assert `ctx.Data` value to `string` for safety ### 4. Domain auto-association race condition - `db.WithTx` for atomic count+insert (prevents exceeding MaxSites) - Propagate all errors (grace-period path, `IsDomainKnownForKey`, `updateDomainRestriction`) - Removed duplicate unreachable site-limit check Fixes #635

jmiller added 3 commits 2026-06-18 15:05:45 +00:00

fix: derive Joomla element name with correct lowercase + type prefix ... 73a1320d72

AutoElementName() was using the manifest Name field verbatim, producing
element names like "pkg_MokoSuiteBackup" instead of "pkg_mokosuitebackup".
Joomla's updater matches by element+type+client_id in #__extensions, so
the case mismatch made updates invisible.

Changes:
- Lowercase name and strip hyphens in AutoElementName()
- Remove incorrect "plg_" prefix for plugins (Joomla plugins have no
  element prefix; the folder column determines the plugin group)

Fixes #635

fix: changelog element mismatch, platform gating, domain race condition ... a83d2ee3bd

Three fixes for the Joomla update server system:

1. changelog_xml.go: Resolve element name from manifest first (same
   priority as updates.xml) so changelog.xml and updates.xml emit
   matching <element> values. Previously only checked the config table.

2. updateserver.go: Only serve Joomla XML when platform is joomla,
   both, or unset. Previously only blocked dolibarr, meaning WordPress/
   PrestaShop/Drupal/WHMCS repos incorrectly served Joomla XML.

3. license_key.go: Wrap domain auto-association in db.WithTx to prevent
   TOCTOU race where concurrent requests from different domains could
   exceed MaxSites. Also removes a duplicate site-limit check that was
   unreachable dead code.

fix: address PR review findings — error handling, type safety, comments ... 08f6454dd2

Review fixes:
- Propagate updateDomainRestriction error in grace-period path instead
  of silently discarding it (was same bug class as the TOCTOU fix)
- Propagate IsDomainKnownForKey error inside transaction — discarding
  it defeated the atomicity guarantee
- Wrap updateDomainRestriction error with context message
- Use boolean flags for changelog manifest fallback instead of fragile
  sentinel comparison against strings.ToLower(repo.Name)
- Type-assert ctx.Data["RepoUpdatePlatform"] to string instead of
  comparing interface{} values
- Use log.Warn instead of log.Error for manifest fallback (intentional
  degradation, not a failure)
- Clarify comments: doc comment scope, hyphen removal wording

jmiller merged commit 8adccbcb40 into dev 2026-06-18 15:06:07 +00:00

jmiller deleted branch fix 2026-06-18 15:06:07 +00:00

jmiller referenced this pull request 2026-06-18 15:11:49 +00:00

merge: dev into main #639

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

breaking-change

Breaking API or behavior change

ci-cd

CI/CD pipeline changes

config

Configuration changes

dependencies

Dependency updates

deploy-failure

Deployment failed

docker

Docker/container changes

documentation

Documentation changes

good first issue

Good for newcomers

health-check

Repo health check result

help wanted

Extra attention needed

mokostandards

Related to MokoStandards framework

push-failure

Git push operation failed

security

Security vulnerability or hardening

size/l

200-500 lines changed

size/m

50-200 lines changed

size/s

10-50 lines changed

size/xl

500+ lines changed

size/xs

< 10 lines changed

standards-drift

Deviates from MokoStandards

standards-update

MokoStandards compliance update

sync-failure

Sync or mirror failed

tech-debt

Technical debt and TODO/FIXME items

upstream

upstream

Inherited from upstream Gitea

work-in-progress

Draft or incomplete work

No labels

Priority -

Type -

Milestone

No items

No Milestone

Assignees

Clear assignees

jmiller (Jonathan Miller) moko-deploy (Moko Deploy Bot)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: MokoConsulting/MokoGitea-Fork#638