cameleer/cameleer-server
1
0
Fork 0
Code Issues 41 Pull Requests Actions Packages Projects Releases Wiki Activity

fix!: require environment on diagram lookup and attribute keys queries

Browse Source 
Closes two cross-env data leakage paths. Both endpoints previously
returned data aggregated across all environments, so a diagram or
attribute key from dev could appear in a prod UI query (and vice versa).

B1: GET /api/v1/diagrams?application=&routeId= now requires
?environment= and resolves agents via
registryService.findByApplicationAndEnvironment instead of
findByApplication. Prevents serving a dev diagram for a prod route.

B2: GET /api/v1/search/attributes/keys now requires ?environment=.
SearchIndex.distinctAttributeKeys gains an environment parameter and
the ClickHouse query adds the env filter alongside the existing
tenant_id filter. Prevents prod attribute names leaking into dev
autocompletion (and vice versa).

SPA hooks updated to thread environment through from
useEnvironmentStore; query keys include environment so React Query
re-fetches on env switch. No call-site changes needed — hook
signatures unchanged.

B3 (AgentMetricsController env scope) deferred to P3C: agent-env is
effectively 1:1 today via the instance_id naming
({envSlug}-{appSlug}-{replicaIndex}), and the URL migration in P3C
to /api/v1/environments/{env}/agents/{agentId}/metrics naturally
introduces env from path. A minimal P1 fix would regress the "view
metrics of a killed agent" case.

BREAKING CHANGE: Both endpoints now require ?environment= (slug).
Clients omitting the parameter receive 400.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-16 23:19:55 +02:00
parent c97d0ea061
commit fcb53dd010
7 changed files with 30 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cameleer-server-core/src/main/java/com/cameleer/server/core/search/SearchService.java
View File

@@ -25,8 +25,8 @@ public class SearchService {
return searchIndex.count(request);
}
public List<String> distinctAttributeKeys() {
return searchIndex.distinctAttributeKeys();
public List<String> distinctAttributeKeys(String environment) {
return searchIndex.distinctAttributeKeys(environment);
}
public ExecutionStats stats(Instant from, Instant to) {

4
cameleer-server-core/src/main/java/com/cameleer/server/core/storage/SearchIndex.java
View File

@@ -17,6 +17,6 @@ public interface SearchIndex {
void delete(String executionId);
/** Returns distinct attribute key names across all executions. */
List<String> distinctAttributeKeys();
/** Returns distinct attribute key names across executions in the given environment. */
List<String> distinctAttributeKeys(String environment);
}