fix(gitRoutes): block edits on default branch #116
Conversation
donhardman
commented
Oct 22, 2025
donhardman
commented
- Prevent commits, discards, undo, and redo on default branch
- Return 403 error to enforce branching workflow
- Prevent commits, discards, undo, and redo on default branch - Return 403 error to enforce branching workflow
There was a problem hiding this comment.
Pull Request Overview
This PR implements protection for the default branch by preventing direct modifications. It adds a new isOnDefaultBranch helper function and enforces a branching workflow by blocking commits, file operations (save, move, delete), directory creation, and git operations (discard, undo, redo) when users are on the default branch (main/master).
Key Changes:
- Added
isOnDefaultBranchhelper function to check current branch status - Implemented 403 error responses across multiple routes when operations are attempted on default branch
- Enhanced error messages to guide users toward creating new branches
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| ui/helpers.js | Adds new isOnDefaultBranch function that checks if the current branch matches the default branch |
| ui/routes.js | Adds default branch checks to file operations (save, move, delete) and directory creation endpoints |
| ui/gitRoutes.js | Adds default branch checks to git operations (commit, discard, undo, redo) endpoints |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| return { isDefault: false, currentBranch: null, defaultBranch: null }; | ||
| } | ||
|
|
||
| const currentBranch = await git.revparse(['--abbrev-ref', 'HEAD']); |
There was a problem hiding this comment.
The git.revparse() call returns a string with a trailing newline character. This needs to be trimmed before comparison with defaultBranch to avoid false negatives when checking currentBranch === defaultBranch.
| const currentBranch = await git.revparse(['--abbrev-ref', 'HEAD']); | |
| const currentBranch = (await git.revparse(['--abbrev-ref', 'HEAD'])).trim(); |
| // Check if on default branch - block file modifications | ||
| const userRepoPath = getUserRepoPath(req, WORKDIR, ROOT_DIR, getAuthConfig); | ||
| const branchCheck = await isOnDefaultBranch(userRepoPath); | ||
|
|
||
| if (branchCheck.isDefault) { | ||
| return res.status(403).json({ | ||
| error: `Cannot save files on default branch (${branchCheck.defaultBranch}). Please create a new branch before editing.`, | ||
| currentBranch: branchCheck.currentBranch, | ||
| defaultBranch: branchCheck.defaultBranch, | ||
| isDefaultBranch: true | ||
| }); | ||
| } |
There was a problem hiding this comment.
This branch check logic is duplicated across multiple endpoints (lines 495-506, 623-634, 669-680, 736-747 in routes.js and lines 628-637, 808-817, 1119-1128, 1261-1270 in gitRoutes.js). Consider extracting this into a reusable middleware function to reduce code duplication and improve maintainability.
2 participants
