security: defense-in-depth — add user_id to DB delete/fetch functions

- project::fetch_one_by_name: add user_id filter (prevents cross-user name lookup)
- project::delete: add user_id to WHERE clause
- cloud::delete: add user_id to WHERE clause
- server::delete: add user_id to WHERE clause
- All callers updated to pass user.id
- Returns rows_affected > 0 instead of always true
- Added .sqlx/ cache for updated fetch_one_by_name query

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: vsilent

.sqlx/query-3fd71974a7948b85a0fa72d2c583e29118c63af715e14d9b0a50ef672b8b4d97.json

@@ -158,13 +158,14 @@ pub async fn update(pool: &PgPool, mut cloud: models::Cloud) -> Result<models::C
 }
 
 #[tracing::instrument(name = "Delete cloud of a user.")]
-pub async fn delete(pool: &PgPool, id: i32) -> Result<bool, String> {
+pub async fn delete(pool: &PgPool, id: i32, user_id: &str) -> Result<bool, String> {
     tracing::info!("Delete cloud {}", id);
-    sqlx::query::<sqlx::Postgres>("DELETE FROM cloud WHERE id = $1;")
+    sqlx::query::<sqlx::Postgres>("DELETE FROM cloud WHERE id = $1 AND user_id = $2;")
         .bind(id)
+        .bind(user_id)
         .execute(pool)
         .await
-        .map(|_| true)
+        .map(|r| r.rows_affected() > 0)
         .map_err(|err| {
             tracing::error!("Failed to delete cloud: {:?}", err);
             "Failed to delete cloud".to_string()

src/db/cloud.rs

@@ -51,6 +51,7 @@ pub async fn fetch_by_user(pool: &PgPool, user_id: &str) -> Result<Vec<models::P
 pub async fn fetch_one_by_name(
     pool: &PgPool,
     name: &str,
+    user_id: &str,
 ) -> Result<Option<models::Project>, String> {
     let query_span = tracing::info_span!("Fetch one project by name.");
     sqlx::query_as!(
@@ -59,10 +60,11 @@ pub async fn fetch_one_by_name(
         SELECT
             *
         FROM project
-        WHERE name=$1
+        WHERE name=$1 AND user_id=$2
         LIMIT 1
         "#,
-        name
+        name,
+        user_id
     )
     .fetch_one(pool)
     .instrument(query_span)
@@ -150,13 +152,14 @@ pub async fn update(
 }
 
 #[tracing::instrument(name = "Delete user's project.")]
-pub async fn delete(pool: &PgPool, id: i32) -> Result<bool, String> {
+pub async fn delete(pool: &PgPool, id: i32, user_id: &str) -> Result<bool, String> {
     tracing::info!("Delete project {}", id);
-    sqlx::query::<sqlx::Postgres>("DELETE FROM project WHERE id = $1;")
+    sqlx::query::<sqlx::Postgres>("DELETE FROM project WHERE id = $1 AND user_id = $2;")
         .bind(id)
+        .bind(user_id)
         .execute(pool)
         .await
-        .map(|_| true)
+        .map(|r| r.rows_affected() > 0)
         .map_err(|err| {
             tracing::error!("Failed to delete project: {:?}", err);
             "Failed to delete project".to_string()

src/db/project.rs

@@ -325,13 +325,14 @@ pub async fn update_srv_ip(
 }
 
 #[tracing::instrument(name = "Delete user's server.")]
-pub async fn delete(pool: &PgPool, id: i32) -> Result<bool, String> {
+pub async fn delete(pool: &PgPool, id: i32, user_id: &str) -> Result<bool, String> {
     tracing::info!("Delete server {}", id);
-    sqlx::query::<sqlx::Postgres>("DELETE FROM server WHERE id = $1;")
+    sqlx::query::<sqlx::Postgres>("DELETE FROM server WHERE id = $1 AND user_id = $2;")
         .bind(id)
+        .bind(user_id)
         .execute(pool)
         .await
-        .map(|_| true)
+        .map(|r| r.rows_affected() > 0)
         .map_err(|err| {
             tracing::error!("Failed to delete server: {:?}", err);
             "Failed to delete server".to_string()

src/db/server.rs

@@ -169,7 +169,7 @@ impl ToolHandler for DeleteCloudTool {
             .map_err(|e| format!("Cloud error: {}", e))?
             .ok_or_else(|| "Cloud not found".to_string())?;
 
-        db::cloud::delete(&context.pg_pool, args.id)
+        db::cloud::delete(&context.pg_pool, args.id, &context.user.id)
             .await
             .map_err(|e| format!("Failed to delete cloud: {}", e))?;
 

src/mcp/tools/cloud.rs

@@ -30,7 +30,7 @@ impl ToolHandler for DeleteProjectTool {
             return Err("Unauthorized: You do not own this project".to_string());
         }
 
-        db::project::delete(&context.pg_pool, args.project_id)
+        db::project::delete(&context.pg_pool, args.project_id, &context.user.id)
             .await
             .map_err(|e| format!("Failed to delete project: {}", e))?;
 

src/mcp/tools/compose.rs

@@ -27,7 +27,7 @@ pub async fn item(
             None => Err(JsonResponse::<models::Cloud>::build().not_found("not found")),
         })?;
 
-    db::cloud::delete(pg_pool.get_ref(), cloud.id)
+    db::cloud::delete(pg_pool.get_ref(), cloud.id, &user.id)
         .await
         .map_err(|err| JsonResponse::<Cloud>::build().internal_server_error(err))
         .and_then(|result| match result {

src/routes/cloud/delete.rs

@@ -27,7 +27,7 @@ pub async fn item(
             None => Err(JsonResponse::<models::Project>::build().not_found("")),
         })?;
 
-    db::project::delete(pg_pool.get_ref(), project.id)
+    db::project::delete(pg_pool.get_ref(), project.id, &user.id)
         .await
         .map_err(|err| JsonResponse::<Project>::build().internal_server_error(err))
         .and_then(|result| match result {

src/routes/project/delete.rs

@@ -152,7 +152,7 @@ pub async fn item(
     }
 
     // 4. Delete server record from DB
-    db::server::delete(pg_pool.get_ref(), server.id)
+    db::server::delete(pg_pool.get_ref(), server.id, &user.id)
         .await
         .map_err(|err| JsonResponse::<Server>::build().internal_server_error(err))
         .and_then(|result| match result {