fix(api): Fix preview branch targeting in environment variable API routes (#2697)

ericallam · web-flow · commit 4347499799ac · 2025-11-19T18:01:12.000Z
This PR fixes the `x-trigger-branch` header support for targeting specific preview branches when managing environment variables. The header was documented but not actually being extracted or used in the environment variable API routes. Additionally, the query logic in `authenticatedEnvironmentForAuthentication` was fundamentally broken—it searched for environments with both `slug: "preview"` (parent environment property) AND a specific `branchName` (child environment property), which no environment could satisfy simultaneously. The fix extracts the branch name using `branchNameFromRequest()` and correctly queries for child branch environments using `type: "PREVIEW"` and the specific `branchName`. This ensures that environment variable operations (create, update, get, list) properly target individual preview branches instead of affecting all preview environments.
diff --git a/apps/webapp/app/routes/api.v1.projects.$projectRef.$env.ts b/apps/webapp/app/routes/api.v1.projects.$projectRef.$env.ts
@@ -5,6 +5,7 @@ import { env as processEnv } from "~/env.server";
 import {
   authenticatedEnvironmentForAuthentication,
   authenticateRequest,
+  branchNameFromRequest,
 } from "~/services/apiAuth.server";
 
 const ParamsSchema = z.object({
@@ -32,7 +33,8 @@ export async function loader({ request, params }: LoaderFunctionArgs) {
   const environment = await authenticatedEnvironmentForAuthentication(
     authenticationResult,
     projectRef,
-    env
+    env,
+    branchNameFromRequest(request)
   );
 
   const result: GetProjectEnvResponse = {
diff --git a/apps/webapp/app/routes/api.v1.projects.$projectRef.background-workers.$envSlug.$version.ts b/apps/webapp/app/routes/api.v1.projects.$projectRef.background-workers.$envSlug.$version.ts
@@ -4,6 +4,7 @@ import { prisma } from "~/db.server";
 import {
   authenticateRequest,
   authenticatedEnvironmentForAuthentication,
+  branchNameFromRequest,
 } from "~/services/apiAuth.server";
 import zlib from "node:zlib";
 
@@ -29,7 +30,8 @@ export async function loader({ params, request }: LoaderFunctionArgs) {
   const environment = await authenticatedEnvironmentForAuthentication(
     authenticationResult,
     parsedParams.data.projectRef,
-    parsedParams.data.envSlug
+    parsedParams.data.envSlug,
+    branchNameFromRequest(request)
   );
 
   // Find the background worker and tasks and files
diff --git a/apps/webapp/app/routes/api.v1.projects.$projectRef.envvars.$slug.$name.ts b/apps/webapp/app/routes/api.v1.projects.$projectRef.envvars.$slug.$name.ts
@@ -5,6 +5,7 @@ import { prisma } from "~/db.server";
 import {
   authenticateRequest,
   authenticatedEnvironmentForAuthentication,
+  branchNameFromRequest,
 } from "~/services/apiAuth.server";
 import { EnvironmentVariablesRepository } from "~/v3/environmentVariables/environmentVariablesRepository.server";
 
@@ -30,7 +31,8 @@ export async function action({ params, request }: ActionFunctionArgs) {
   const environment = await authenticatedEnvironmentForAuthentication(
     authenticationResult,
     parsedParams.data.projectRef,
-    parsedParams.data.slug
+    parsedParams.data.slug,
+    branchNameFromRequest(request)
   );
 
   // Find the environment variable
@@ -106,7 +108,8 @@ export async function loader({ params, request }: LoaderFunctionArgs) {
   const environment = await authenticatedEnvironmentForAuthentication(
     authenticationResult,
     parsedParams.data.projectRef,
-    parsedParams.data.slug
+    parsedParams.data.slug,
+    branchNameFromRequest(request)
   );
 
   // Find the environment variable
diff --git a/apps/webapp/app/routes/api.v1.projects.$projectRef.envvars.$slug.ts b/apps/webapp/app/routes/api.v1.projects.$projectRef.envvars.$slug.ts
@@ -4,6 +4,7 @@ import { z } from "zod";
 import {
   authenticateRequest,
   authenticatedEnvironmentForAuthentication,
+  branchNameFromRequest,
 } from "~/services/apiAuth.server";
 import { EnvironmentVariablesRepository } from "~/v3/environmentVariables/environmentVariablesRepository.server";
 
@@ -28,7 +29,8 @@ export async function action({ params, request }: ActionFunctionArgs) {
   const environment = await authenticatedEnvironmentForAuthentication(
     authenticationResult,
     parsedParams.data.projectRef,
-    parsedParams.data.slug
+    parsedParams.data.slug,
+    branchNameFromRequest(request)
   );
 
   const jsonBody = await request.json();
@@ -75,7 +77,8 @@ export async function loader({ params, request }: LoaderFunctionArgs) {
   const environment = await authenticatedEnvironmentForAuthentication(
     authenticationResult,
     parsedParams.data.projectRef,
-    parsedParams.data.slug
+    parsedParams.data.slug,
+    branchNameFromRequest(request)
   );
 
   const repository = new EnvironmentVariablesRepository();
diff --git a/apps/webapp/app/services/apiAuth.server.ts b/apps/webapp/app/services/apiAuth.server.ts
@@ -495,7 +495,9 @@ export async function authenticatedEnvironmentForAuthentication(
         throw json({ error: "Project not found" }, { status: 404 });
       }
 
-      if (!branch) {
+      const sanitizedBranch = sanitizeBranchName(branch);
+
+      if (!sanitizedBranch) {
         const environment = await prisma.runtimeEnvironment.findFirst({
           where: {
             projectId: project.id,
@@ -524,8 +526,8 @@ export async function authenticatedEnvironmentForAuthentication(
       const environment = await prisma.runtimeEnvironment.findFirst({
         where: {
           projectId: project.id,
-          slug: slug,
-          branchName: sanitizeBranchName(branch),
+          type: "PREVIEW",
+          branchName: sanitizedBranch,
           archivedAt: null,
         },
         include: {
@@ -572,7 +574,9 @@ export async function authenticatedEnvironmentForAuthentication(
         throw json({ error: "Project not found" }, { status: 404 });
       }
 
-      if (!branch) {
+      const sanitizedBranch = sanitizeBranchName(branch);
+
+      if (!sanitizedBranch) {
         const environment = await prisma.runtimeEnvironment.findFirst({
           where: {
             projectId: project.id,
@@ -594,8 +598,8 @@ export async function authenticatedEnvironmentForAuthentication(
       const environment = await prisma.runtimeEnvironment.findFirst({
         where: {
           projectId: project.id,
-          slug: slug,
-          branchName: sanitizeBranchName(branch),
+          type: "PREVIEW",
+          branchName: sanitizedBranch,
           archivedAt: null,
         },
         include: {
diff --git a/apps/webapp/app/v3/gitBranch.ts b/apps/webapp/app/v3/gitBranch.ts
@@ -29,7 +29,7 @@ export function isValidGitBranchName(branch: string): boolean {
   return true;
 }
 
-export function sanitizeBranchName(ref: string): string | null {
+export function sanitizeBranchName(ref: string | undefined): string | null {
   if (!ref) return null;
   if (ref.startsWith("refs/heads/")) return ref.substring("refs/heads/".length);
   if (ref.startsWith("refs/remotes/")) return ref.substring("refs/remotes/".length);

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ export function isValidGitBranchName(branch: string): boolean {`
`29`	`29`	`return true;`
`30`	`30`	`}`
`31`	`31`
`32`		`-export function sanitizeBranchName(ref: string): string \| null {`
	`32`	`+export function sanitizeBranchName(ref: string \| undefined): string \| null {`
`33`	`33`	`if (!ref) return null;`
`34`	`34`	`if (ref.startsWith("refs/heads/")) return ref.substring("refs/heads/".length);`
`35`	`35`	`if (ref.startsWith("refs/remotes/")) return ref.substring("refs/remotes/".length);`