Skip to content

chore: update proton and remove deprecated billing account org_id usage #1336

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rohilsurana merged 4 commits into from
Jan 21, 2026
Merged

chore: update proton and remove deprecated billing account org_id usage #1336

rohilsurana merged 4 commits into from
Jan 21, 2026

Conversation

@rohilsurana
Copy link
Member

@rohilsurana rohilsurana commented Jan 20, 2026
edited
Loading

Problem

The protobuf schema deprecated org_id, billing_id, and project_id fields in several billing account API requests because the backend can infer these IDs from other parameters (e.g., org_id can be inferred from billing_account_id). However, the backend was still accepting and using these deprecated fields from client requests, creating a security risk where clients could potentially manipulate these IDs.

Solution

This PR removes all usage of deprecated fields and implements server-side inference of IDs for security:

  1. Updated PROTON_COMMIT to latest version (b1687af7) with deprecation markers
  2. Backend handlers no longer accept or use deprecated org_id from requests:
    • UpdateBillingAccount: Now infers org_id from billing account ID
    • UpdateBillingAccountDetails: Fetches customer to get org_id for audit log
    • billing/customer/service.go: Always uses existing customer's org_id instead of request
  3. Authorization interceptors now infer org_id server-side for security:
    • Added getOrgForBillingAccount helper that fetches org_id from billing account
    • Updated all billing account interceptors to use inferred org_id for authorization checks
    • This prevents clients from bypassing authorization by providing incorrect org_id
  4. Proto files regenerated with deprecation markers and updated API documentation

Security Impact

  • ✅ Clients can no longer manipulate org_id to bypass authorization
  • ✅ All org_id values used for authorization are now server-controlled
  • ✅ Maintains backward compatibility (deprecated fields still accepted but ignored)

Test plan

  • Unit tests pass
  • Linting passes
  • Build succeeds
  • CI tests pass

@vercel
Copy link

vercel bot commented Jan 20, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
frontier Ready Ready Preview, Comment Jan 21, 2026 6:07am

@coveralls
Copy link

coveralls commented Jan 21, 2026
edited
Loading

Pull Request Test Coverage Report for Build 21199174080

Details

  • 13 of 57 (22.81%) changed or added relevant lines in 4 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-0.005%) to 37.882%
Changes Missing Coverage Covered Lines Changed/Added Lines %
internal/api/v1beta1connect/billing_customer.go 10 13 76.92%
internal/api/v1beta1connect/v1beta1connect.go 0 6 0.0%
pkg/server/connect_interceptors/authorization.go 0 35 0.0%
Totals Coverage Status
Change from base Build 21060277044: -0.005%
Covered Lines: 15887
Relevant Lines: 41938
💛 - Coveralls

@rohilsurana rohilsurana marked this pull request as ready for review January 21, 2026 06:08
@rohilsurana rohilsurana merged commit eea94e3 into main Jan 21, 2026
7 checks passed
@rohilsurana rohilsurana deleted the chore/remove-deprecated-billing-fields branch January 21, 2026 11:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@whoAbhishekSah whoAbhishekSah whoAbhishekSah approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rohilsurana @coveralls @whoAbhishekSah