From 825f37d3605d888170a7a644df40ec18fd53195a Mon Sep 17 00:00:00 2001
From: Dedy Martadinata S <dedyms@proton.me>
Date: Mon, 10 Apr 2023 22:09:54 +0700
Subject: [PATCH 1/3] github: add healthcheck to the test DB services

---
 .github/workflows/docker-build-static.yml | 46 ++++++++++++++++-------
 1 file changed, 32 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/docker-build-static.yml b/.github/workflows/docker-build-static.yml
index 570408c..60b1a01 100644
--- a/.github/workflows/docker-build-static.yml
+++ b/.github/workflows/docker-build-static.yml
@@ -180,11 +180,13 @@ jobs:
           ports:
             - 3306:3306
           env:
-            MYSQL_USER: lldapuser
-            MYSQL_PASSWORD: lldappass
-            MYSQL_DATABASE: lldap
-            MYSQL_ROOT_PASSWORD: rootpass
-          options: --name mariadb
+            MARIADB_USER: lldapuser
+            MARIADB_PASSWORD: lldappass
+            MARIADB_DATABASE: lldap
+            MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: 1
+          options: >-
+            --name mariadb
+            --health-cmd="mysqladmin ping" --health-interval=5s --health-timeout=2s --health-retries=3
 
         postgresql:
            image: postgres:latest
@@ -194,7 +196,12 @@ jobs:
              POSTGRES_USER: lldapuser
              POSTGRES_PASSWORD: lldappass
              POSTGRES_DB: lldap
-           options: --name postgresql
+           options: >-
+             --health-cmd pg_isready
+             --health-interval 10s
+             --health-timeout 5s
+             --health-retries 5
+             --name postgresql
 
     steps:
        - name: Download artifacts
@@ -256,17 +263,26 @@ jobs:
              POSTGRES_USER: lldapuser
              POSTGRES_PASSWORD: lldappass
              POSTGRES_DB: lldap
-           options: --name postgresql
+           options: >-
+             --health-cmd pg_isready
+             --health-interval 10s
+             --health-timeout 5s
+             --health-retries 5
+             --name postgresql
+
         mariadb:
           image: mariadb:latest
           ports:
             - 3306:3306
           env:
-            MYSQL_USER: lldapuser
-            MYSQL_PASSWORD: lldappass
-            MYSQL_DATABASE: lldap
-            MYSQL_ROOT_PASSWORD: rootpass
-          options: --name mariadb
+            MARIADB_USER: lldapuser
+            MARIADB_PASSWORD: lldappass
+            MARIADB_DATABASE: lldap
+            MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: 1
+          options: >-
+            --name mariadb
+            --health-cmd="mysqladmin ping" --health-interval=5s --health-timeout=2s --health-retries=3
+
         mysql:
           image: mysql:latest
           ports:
@@ -275,8 +291,10 @@ jobs:
             MYSQL_USER: lldapuser
             MYSQL_PASSWORD: lldappass
             MYSQL_DATABASE: lldap
-            MYSQL_ROOT_PASSWORD: rootpass
-          options: --name mysql
+            MYSQL_ALLOW_EMPTY_PASSWORD: 1
+          options: >-
+            --name mysql
+            --health-cmd="mysqladmin ping" --health-interval=5s --health-timeout=2s --health-retries=3
 
 
     steps:

From 96f55ff28eb9b22f266fafc9f59badd9560a93f1 Mon Sep 17 00:00:00 2001
From: Valentin Tolmer <valentin@tolmer.fr>
Date: Mon, 10 Apr 2023 17:14:42 +0200
Subject: [PATCH 2/3] github: use codecov token only for main push, no token
 for PRs

---
 .github/workflows/rust.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
index 4fab622..a2c5013 100644
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -101,6 +101,13 @@ jobs:
         run: cargo llvm-cov --no-run --lcov --output-path lcov.info
       - name: Upload coverage to Codecov
         uses: codecov/codecov-action@v3
+        if: github.ref != 'refs/heads/main' || github.event_name != 'push'
+        with:
+          files: lcov.info
+          fail_ci_if_error: true
+      - name: Upload coverage to Codecov (main)
+        uses: codecov/codecov-action@v3
+        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
         with:
           files: lcov.info
           fail_ci_if_error: true

From d18cf1ac37cff02b2cd299af09d8ed0e0c376a46 Mon Sep 17 00:00:00 2001
From: Valentin Tolmer <valentin@tolmer.fr>
Date: Mon, 10 Apr 2023 18:32:31 +0200
Subject: [PATCH 3/3] server: decode graphql parameter

---
 Cargo.lock                        | 19 +++++++++----------
 server/Cargo.toml                 |  5 +++--
 server/src/infra/graphql/query.rs |  2 ++
 3 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index fc9fcc0..d7ff474 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2404,7 +2404,8 @@ dependencies = [
  "tracing-forest",
  "tracing-log",
  "tracing-subscriber",
- "uuid 0.8.2",
+ "urlencoding",
+ "uuid 1.3.0",
  "webpki-roots",
 ]
 
@@ -2530,12 +2531,6 @@ dependencies = [
  "digest 0.10.6",
 ]
 
-[[package]]
-name = "md5"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "490cc448043f947bae3cbee9c203358d62dbee0db12107a74be5c30ccfd09771"
-
 [[package]]
 name = "memchr"
 version = "2.5.0"
@@ -4399,14 +4394,17 @@ dependencies = [
  "percent-encoding",
 ]
 
+[[package]]
+name = "urlencoding"
+version = "2.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e8db7427f936968176eaa7cdf81b7f98b980b18495ec28f1b5791ac3bfe3eea9"
+
 [[package]]
 name = "uuid"
 version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7"
-dependencies = [
- "md5",
-]
 
 [[package]]
 name = "uuid"
@@ -4415,6 +4413,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1674845326ee10d37ca60470760d4288a6f80f304007d92e5c53bab78c9cfd79"
 dependencies = [
  "getrandom 0.2.8",
+ "md-5",
 ]
 
 [[package]]
diff --git a/server/Cargo.toml b/server/Cargo.toml
index e79c451..c069131 100644
--- a/server/Cargo.toml
+++ b/server/Cargo.toml
@@ -32,7 +32,9 @@ ldap3_proto = ">=0.3.1"
 log = "*"
 orion = "0.17"
 rustls = "0.20"
+rustls-pemfile = "1"
 serde = "*"
+serde_bytes = "0.11"
 serde_json = "1"
 sha2 = "0.10"
 thiserror = "*"
@@ -44,8 +46,7 @@ tracing = "*"
 tracing-actix-web = "0.7"
 tracing-attributes = "^0.1.21"
 tracing-log = "*"
-rustls-pemfile = "1"
-serde_bytes = "0.11"
+urlencoding = "2"
 webpki-roots = "*"
 
 [dependencies.chrono]
diff --git a/server/src/infra/graphql/query.rs b/server/src/infra/graphql/query.rs
index 6422844..1eb2f5e 100644
--- a/server/src/infra/graphql/query.rs
+++ b/server/src/infra/graphql/query.rs
@@ -124,10 +124,12 @@ impl<Handler: BackendHandler> Query<Handler> {
     }
 
     pub async fn user(context: &Context<Handler>, user_id: String) -> FieldResult<User<Handler>> {
+        use anyhow::Context;
         let span = debug_span!("[GraphQL query] user");
         span.in_scope(|| {
             debug!(?user_id);
         });
+        let user_id = urlencoding::decode(&user_id).context("Invalid user parameter")?;
         let user_id = UserId::new(&user_id);
         let handler = context
             .get_readable_handler(&user_id)