coopcloud_code/home
0
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Bug: Slice rental manage/cancel returns 404 — UUID vs OSIS SID mismatch #44

New issue
Closed
opened 2026-03-26 14:47:38 +00:00 by mik-tf · 1 comment
mik-tf commented 2026-03-26 14:47:38 +00:00
Member
Copy link

Problem

When a user rents a product via POST /api/products/:id/rent, the response returns a rental_id in UUID format. However, the dashboard endpoints for managing and canceling slice rentals (POST /api/dashboard/slice-rentals/:id/manage and DELETE /api/dashboard/slice-rentals/:id) return HTTP 404 when called with that UUID.

Steps to reproduce

# 1. Login
TOKEN=$(curl -s -X POST https://dev-app.projectmycelium.org/api/auth/login \
  -H 'Content-Type: application/json' \
  -d '{"email":"demo@example.com","password":"demo1234"}' | python3 -c "import sys,json; print(json.load(sys.stdin)['data']['token'])")

# 2. Rent a product — returns UUID rental_id
RENTAL_ID=$(curl -s -X POST https://dev-app.projectmycelium.org/api/products/0008/rent \
  -H 'Content-Type: application/json' \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"duration_months":1,"payment_method":"wallet"}' | python3 -c "import sys,json; print(json.load(sys.stdin)['data']['rental_id'])")

echo "Rental ID: $RENTAL_ID"

# 3. Try to manage — returns 404
curl -s -o /dev/null -w "%{http_code}" -X POST \
  -H 'Content-Type: application/json' \
  -H "Authorization: Bearer $TOKEN" \
  https://dev-app.projectmycelium.org/api/dashboard/slice-rentals/$RENTAL_ID/manage \
  -d '{"action":"status"}'
# Returns: 404

# 4. Try to cancel — returns 404
curl -s -o /dev/null -w "%{http_code}" -X DELETE \
  -H "Authorization: Bearer $TOKEN" \
  https://dev-app.projectmycelium.org/api/dashboard/slice-rentals/$RENTAL_ID
# Returns: 404

Root cause

Same pattern as the order detail bug: the rent_product handler in rental.rs generates a UUID for the rental, but the dashboard slice rental endpoints in dashboard/user.rs look up rentals using OSIS SmartIDs (SIDs). The UUID doesn't match the SID.

Expected behavior

The rental_id returned by the rent endpoint should be usable with the manage and cancel endpoints.

Fix options

  1. Make rent_product return the OSIS SID instead of a UUID
  2. Make dashboard endpoints support both UUID and SID lookups
  3. Store the UUID as a field on the OSIS rental object and search by it

Repo

https://forge.ourworld.tf/mycelium_code/projectmycelium_marketplace_backend

Files:

  • src/axum_app/controllers/rental.rsrent_product, rent_node_product (create UUID)
  • src/axum_app/controllers/dashboard/user.rsmanage_slice_rental_deployment, cancel_slice_rental (look up by SID)
  • src/services/impl_local/slice_rental_manager.rs — OSIS storage layer

Found by

Rental integration test suite (tests/rental_integration.sh in deploy repo)

Related

Same root cause as the order detail 404 bug (UUID/SID mismatch pattern).

— mik-tf

## Problem When a user rents a product via `POST /api/products/:id/rent`, the response returns a `rental_id` in UUID format. However, the dashboard endpoints for managing and canceling slice rentals (`POST /api/dashboard/slice-rentals/:id/manage` and `DELETE /api/dashboard/slice-rentals/:id`) return HTTP 404 when called with that UUID. ## Steps to reproduce ```bash # 1. Login TOKEN=$(curl -s -X POST https://dev-app.projectmycelium.org/api/auth/login \ -H 'Content-Type: application/json' \ -d '{"email":"demo@example.com","password":"demo1234"}' | python3 -c "import sys,json; print(json.load(sys.stdin)['data']['token'])") # 2. Rent a product — returns UUID rental_id RENTAL_ID=$(curl -s -X POST https://dev-app.projectmycelium.org/api/products/0008/rent \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $TOKEN" \ -d '{"duration_months":1,"payment_method":"wallet"}' | python3 -c "import sys,json; print(json.load(sys.stdin)['data']['rental_id'])") echo "Rental ID: $RENTAL_ID" # 3. Try to manage — returns 404 curl -s -o /dev/null -w "%{http_code}" -X POST \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $TOKEN" \ https://dev-app.projectmycelium.org/api/dashboard/slice-rentals/$RENTAL_ID/manage \ -d '{"action":"status"}' # Returns: 404 # 4. Try to cancel — returns 404 curl -s -o /dev/null -w "%{http_code}" -X DELETE \ -H "Authorization: Bearer $TOKEN" \ https://dev-app.projectmycelium.org/api/dashboard/slice-rentals/$RENTAL_ID # Returns: 404 ``` ## Root cause Same pattern as the order detail bug: the `rent_product` handler in `rental.rs` generates a UUID for the rental, but the dashboard slice rental endpoints in `dashboard/user.rs` look up rentals using OSIS SmartIDs (SIDs). The UUID doesn't match the SID. ## Expected behavior The `rental_id` returned by the rent endpoint should be usable with the manage and cancel endpoints. ## Fix options 1. Make `rent_product` return the OSIS SID instead of a UUID 2. Make dashboard endpoints support both UUID and SID lookups 3. Store the UUID as a field on the OSIS rental object and search by it ## Repo https://forge.ourworld.tf/mycelium_code/projectmycelium_marketplace_backend **Files:** - `src/axum_app/controllers/rental.rs` — `rent_product`, `rent_node_product` (create UUID) - `src/axum_app/controllers/dashboard/user.rs` — `manage_slice_rental_deployment`, `cancel_slice_rental` (look up by SID) - `src/services/impl_local/slice_rental_manager.rs` — OSIS storage layer ## Found by Rental integration test suite (`tests/rental_integration.sh` in deploy repo) ## Related Same root cause as the order detail 404 bug (UUID/SID mismatch pattern). — mik-tf
mik-tf commented 2026-03-26 15:33:01 +00:00
Author
Member
Copy link

Fixed in projectmycelium_marketplace_backend v1.4.1.

Root cause (3 parts):

  1. rent_product generated a throwaway UUID without creating any OSIS record. cancel_rental then tried to find it in OSIS — nothing there.
  2. cancel_slice_rental found the rental but only logged an activity — never updated OSIS status to Cancelled.
  3. manage_slice_rental was a stub that responded success without looking up the rental.

Fix:

  1. rent_product now creates a real SliceRental via SliceRentalManager.rent_slice_combination(). Returns the OSIS SID.
  2. Added cancel_slice_rental method to SliceRentalManager trait — updates OSIS status to Cancelled.
  3. manage_slice_rental now verifies the rental exists and the terminate action actually cancels via the service layer.

Verified: All 120 API tests pass on dev. Rental integration: 12/12.

— mik-tf

Fixed in [projectmycelium_marketplace_backend v1.4.1](https://forge.ourworld.tf/mycelium_code/projectmycelium_marketplace_backend/releases/tag/v1.4.1). **Root cause (3 parts)**: 1. `rent_product` generated a throwaway UUID without creating any OSIS record. `cancel_rental` then tried to find it in OSIS — nothing there. 2. `cancel_slice_rental` found the rental but only logged an activity — never updated OSIS status to Cancelled. 3. `manage_slice_rental` was a stub that responded success without looking up the rental. **Fix**: 1. `rent_product` now creates a real `SliceRental` via `SliceRentalManager.rent_slice_combination()`. Returns the OSIS SID. 2. Added `cancel_slice_rental` method to `SliceRentalManager` trait — updates OSIS status to Cancelled. 3. `manage_slice_rental` now verifies the rental exists and the terminate action actually cancels via the service layer. **Verified**: All 120 API tests pass on dev. Rental integration: 12/12. — mik-tf
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels   
meeting-notes

Meeting notes and follow-ups

  
meeting-sensitive

Sensitive meeting; no shared archive or AI processing

  
meeting-transcript

Raw meeting transcript; AI drafts the report

No labels
meeting-notes
meeting-sensitive
meeting-transcript
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
coopcloud_code/home#44
No description provided.