fix: prevent DOS when checking an unknown repo

[andypols]

Summary

This PR fixes a potential denial-of-service (DoS) vulnerability:

When pushing to an unknown repository, the MongoDB implementation throws a TypeError due to attempting to access properties on a null object:

console.log(repo.users.canPush);
// TypeError: Cannot read properties of null (reading 'users')

Root Cause

The file-based database implementation correctly checks for the existence of a repository before accessing its fields. However, the MongoDB implementation does not.

Specifically, checkUserPushPermission calls isUserPushAllowed, which assumes the repository exists. If the repository is not found, accessing its properties throws a TypeError and stops the service.

Fix

This PR addresses the issue by:

• Adding a guard clause in the MongoDB implementation of isUserPushAllowed to handle missing repositories safely.

• Adds a unit test to verify behaviour when the repository does not exist.

[netlify]

✅ Deploy Preview for endearing-brigadeiros-63f9d0 canceled.

Name	Link
🔨 Latest commit	33cf19f
🔍 Latest deploy log	https://app.netlify.com/projects/endearing-brigadeiros-63f9d0/deploys/68737a0dfde66d0008aa15f6

[jescalada]

LGTM! 👍🏼

I looked around the mongo handlers and it seems there aren't any other similar bugs.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 75.58%. Comparing base (4956b73) to head (33cf19f).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1095      +/-   ##
==========================================
- Coverage   77.40%   75.58%   -1.83%     
==========================================
  Files          55       57       +2     
  Lines        2293     2392      +99     
  Branches      258      271      +13     
==========================================
+ Hits         1775     1808      +33     
- Misses        488      554      +66     
  Partials       30       30              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[kriswest]

This will conflict with #1043 and the maintainers will need to decide which goes first with the other to resolve conflicts. However, I'd be happy to pick up the new tests from this and include in #1043 (by applying them to the src/db/index rather than src/db/mongo

[kriswest]

Suggested change

	resolve(repo.users.canPush.includes(user) || repo.users.canAuthorise.includes(user));
	resolve(repo.users?.canPush.includes(user) || repo.users?.canAuthorise.includes(user));

The DB clients should make sure that the users element exists (although I think I had to make sure that was happening in #1043, after stumbling over a case where it did not). Doesn't hurt to be defensive here.

[kriswest]

Note that #1043 moves this functions into src/db/index.ts so that it is not duplicated between the clients.

[kriswest]

This will be orphaned when #1043 merges as the function under test moves to the src/db/index and applies over the underlying db client configured.

There's some, but not total, overlap between these tests and #1043 -these are tighter unit tests on isUserPushAllowed and are worth having.