Skip to content

fix: surface 403 instead of 404 on download permission errors#5

Merged
albanm merged 1 commit into
mainfrom
chore-better-permission-error
May 28, 2026
Merged

fix: surface 403 instead of 404 on download permission errors#5
albanm merged 1 commit into
mainfrom
chore-better-permission-error

Conversation

@albanm

@albanm albanm commented May 28, 2026

Copy link
Copy Markdown
Member

GET /:id/download used to apply the listing access filter before lookup, which
made every "not allowed" response indistinguishable from "doesn't exist" (404).
Look the artefact up unfiltered and let assertDownloadAccess decide between
200 and 403 instead.

Why: callers of /download already know the id — a 404 there is unhelpful
and made client-side error handling guess at the cause.

Regression risks:

  • Existence of a private artefact id is now confirmable via 403. Acceptable for a
    plugin registry but a deliberate trade-off worth noting.
  • Clients branching on 404 from /:id/download will now see 403. Internal
    lib-node client only checks 200/304 so it's unaffected; existing read-keys
    test that relied on the old 404 is updated in this PR.
  • Order of the second 404 (artefact has no uploaded path) is preserved —
    it still runs after assertDownloadAccess, so a non-authorized caller gets
    403, not 404, even when the artefact has no content.

The download endpoint now looks up the artefact unfiltered and lets
assertDownloadAccess decide between 200 and 403. Listing still hides
private artefacts behind 404, but on /download the caller already
knows the id — surfacing 403 makes the permission error actionable.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@github-actions github-actions Bot added the fix label May 28, 2026
@albanm albanm merged commit 38217ee into main May 28, 2026
4 checks passed
@albanm albanm deleted the chore-better-permission-error branch May 28, 2026 13:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant