Bug: Order detail API returns 404 for orders placed via /api/orders #43

New issue

Closed

opened 2026-03-26 14:47:27 +00:00 by mik-tf · 1 comment

mik-tf commented 2026-03-26 14:47:27 +00:00

Member

Copy link

Problem

When a user places an order via POST /api/orders, the response returns an order_id in UUID format (e.g., 069de4f1-03c0-4682-9a96-ee6e0e8f4db2). However, querying GET /api/orders/{order_id} with that UUID returns HTTP 404.

Steps to reproduce

# 1. Login
TOKEN=$(curl -s -X POST https://dev-app.projectmycelium.org/api/auth/login \
  -H 'Content-Type: application/json' \
  -d '{"email":"demo@example.com","password":"demo1234"}' | python3 -c "import sys,json; print(json.load(sys.stdin)['data']['token'])")

# 2. Place order — returns UUID order_id
ORDER_ID=$(curl -s -X POST https://dev-app.projectmycelium.org/api/orders \
  -H 'Content-Type: application/json' \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"payment_method":{"method_type":"wallet","details":{}},"currency":"USD","cart_items":[{"product_id":"test","product_name":"Test","category_id":"compute","price":5.0,"currency":"USD","provider_name":"Test","quantity":1}]}' | python3 -c "import sys,json; print(json.load(sys.stdin)['data']['order_id'])")

echo "Order ID: $ORDER_ID"

# 3. Query order detail — returns 404
curl -s -o /dev/null -w "%{http_code}" \
  -H "Authorization: Bearer $TOKEN" \
  https://dev-app.projectmycelium.org/api/orders/$ORDER_ID
# Returns: 404

Root cause

The place_order handler generates a UUID for order_id, but the get_order_details handler looks up orders via the OrderManager trait which stores orders using OSIS SmartIDs (SIDs). The UUID returned by place_order doesn't match the SID used internally by impl_local.

Expected behavior

GET /api/orders/{order_id} should return the order details when given the order_id returned by POST /api/orders.

Fix options

1. Make place_order return the OSIS SID instead of a UUID
2. Make get_order_details support both UUID and SID lookups
3. Store the UUID as a field on the OSIS order object and search by it

Repo

https://forge.ourworld.tf/mycelium_code/projectmycelium_marketplace_backend

Files:

• src/axum_app/controllers/order.rs — place_order (creates UUID) and get_order_details (looks up by SID)
• src/services/impl_local/order_manager.rs — OSIS storage layer

Found by

API integration test suite (tests/api_integration.sh in deploy repo), test: "Order detail"

— mik-tf

## Problem When a user places an order via `POST /api/orders`, the response returns an `order_id` in UUID format (e.g., `069de4f1-03c0-4682-9a96-ee6e0e8f4db2`). However, querying `GET /api/orders/{order_id}` with that UUID returns HTTP 404. ## Steps to reproduce ```bash # 1. Login TOKEN=$(curl -s -X POST https://dev-app.projectmycelium.org/api/auth/login \ -H 'Content-Type: application/json' \ -d '{"email":"demo@example.com","password":"demo1234"}' | python3 -c "import sys,json; print(json.load(sys.stdin)['data']['token'])") # 2. Place order — returns UUID order_id ORDER_ID=$(curl -s -X POST https://dev-app.projectmycelium.org/api/orders \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $TOKEN" \ -d '{"payment_method":{"method_type":"wallet","details":{}},"currency":"USD","cart_items":[{"product_id":"test","product_name":"Test","category_id":"compute","price":5.0,"currency":"USD","provider_name":"Test","quantity":1}]}' | python3 -c "import sys,json; print(json.load(sys.stdin)['data']['order_id'])") echo "Order ID: $ORDER_ID" # 3. Query order detail — returns 404 curl -s -o /dev/null -w "%{http_code}" \ -H "Authorization: Bearer $TOKEN" \ https://dev-app.projectmycelium.org/api/orders/$ORDER_ID # Returns: 404 ``` ## Root cause The `place_order` handler generates a UUID for `order_id`, but the `get_order_details` handler looks up orders via the `OrderManager` trait which stores orders using OSIS SmartIDs (SIDs). The UUID returned by `place_order` doesn't match the SID used internally by `impl_local`. ## Expected behavior `GET /api/orders/{order_id}` should return the order details when given the `order_id` returned by `POST /api/orders`. ## Fix options 1. Make `place_order` return the OSIS SID instead of a UUID 2. Make `get_order_details` support both UUID and SID lookups 3. Store the UUID as a field on the OSIS order object and search by it ## Repo https://forge.ourworld.tf/mycelium_code/projectmycelium_marketplace_backend **Files:** - `src/axum_app/controllers/order.rs` — `place_order` (creates UUID) and `get_order_details` (looks up by SID) - `src/services/impl_local/order_manager.rs` — OSIS storage layer ## Found by API integration test suite (`tests/api_integration.sh` in deploy repo), test: "Order detail" — mik-tf

mik-tf referenced this issue 2026-03-26 14:52:14 +00:00

Marketplace: complete E2E feature checklist + 1-1 test coverage for every UX flow #42

mik-tf referenced this issue 2026-03-26 15:01:02 +00:00

Complete E2E feature spec + 1-1 test coverage across all 7 layers (admin + SPA) #45

mik-tf commented 2026-03-26 15:32:50 +00:00

Author

Member

Copy link

Fixed in projectmycelium_marketplace_backend v1.4.1.

Root cause: place_order controller created a UUID and stored in an in-memory OrderStorage singleton, while get_order_details queried through the OrderManager trait (OSIS). The two paths never shared data.

Fix: Added create_order_from_items method to OrderManager trait (no session dependency). place_order now routes through the service layer. Order IDs are OSIS SIDs, consistent between create and read.

Verified: API integration test confirms GET /api/orders/:id returns 200 for orders placed via POST /api/orders. All 120 API tests pass on dev.

— mik-tf

Fixed in [projectmycelium_marketplace_backend v1.4.1](https://forge.ourworld.tf/mycelium_code/projectmycelium_marketplace_backend/releases/tag/v1.4.1). **Root cause**: `place_order` controller created a UUID and stored in an in-memory `OrderStorage` singleton, while `get_order_details` queried through the `OrderManager` trait (OSIS). The two paths never shared data. **Fix**: Added `create_order_from_items` method to `OrderManager` trait (no session dependency). `place_order` now routes through the service layer. Order IDs are OSIS SIDs, consistent between create and read. **Verified**: API integration test confirms `GET /api/orders/:id` returns 200 for orders placed via `POST /api/orders`. All 120 API tests pass on dev. — mik-tf

mik-tf closed this issue 2026-03-26 15:32:50 +00:00

mik-tf referenced this issue 2026-03-27 02:11:20 +00:00

Marketplace v2.0 — Master Tracker #40

mik-tf referenced this issue 2026-03-28 12:21:50 +00:00

Marketplace v2.0 — Master Tracker #40

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

No results found.

Labels

Clear labels   

meeting-notes

Meeting notes and follow-ups

  

meeting-sensitive

Sensitive meeting; no shared archive or AI processing

  

meeting-transcript

Raw meeting transcript; AI drafts the report

No labels

meeting-notes

meeting-sensitive

meeting-transcript

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

coopcloud_code/home#43

No description provided.