fix(proxy): commit on first matching route by path and verb

Signed-off-by: Oleksander Piskun <oleksandr2088@icloud.com>

Author: oleksandr-nc

lib/Controller/ExAppProxyController.php

@@ -312,11 +312,12 @@ private function buildMultipartFormData(array $bodyParams, array $files): array
 
 	private function passesExAppProxyRoutesChecks(ExApp $exApp, string $exAppRoute): array {
 		foreach ($exApp->getRoutes() as $route) {
-			if (preg_match('/' . $route['url'] . '/i', $exAppRoute) === 1
+			$pattern = '~^(?:' . str_replace('~', '\\~', $route['url']) . ')~i';
+			if (preg_match($pattern, $exAppRoute) === 1
 				&& str_contains(strtolower($route['verb']), strtolower($this->request->getMethod()))
-				&& $this->passesExAppProxyRouteAccessLevelCheck($route['access_level'])
 			) {
-				return $route;
+				// First match by path+verb wins. Apply its access level without falling through to broader routes.
+				return $this->passesExAppProxyRouteAccessLevelCheck($route['access_level']) ? $route : [];
 			}
 		}
 		return [];

lib/Db/ExAppMapper.php

@@ -48,6 +48,7 @@ public function findAll(?int $limit = null, ?int $offset = null): array {
 			->leftJoin('a', 'ex_apps_daemons', 'd', $qb->expr()->eq('a.daemon_config_name', 'd.name'))
 			->leftJoin('a', 'ex_apps_routes', 'r', $qb->expr()->eq('a.appid', 'r.appid'))
 			->orderBy('a.appid', 'ASC')
+			->addOrderBy('r.id', 'ASC')
 			->setMaxResults($limit)
 			->setFirstResult($offset);
 		return $this->buildExAppWithRoutes($qb->executeQuery()->fetchAll());
@@ -80,6 +81,7 @@ public function findByAppId(string $appId): Entity {
 			->leftJoin('a', 'ex_apps_daemons', 'd', $qb->expr()->eq('a.daemon_config_name', 'd.name'))
 			->leftJoin('a', 'ex_apps_routes', 'r', $qb->expr()->eq('a.appid', 'r.appid'))
 			->orderBy('a.appid', 'ASC')
+			->addOrderBy('r.id', 'ASC')
 			->where(
 				$qb->expr()->eq('a.appid', $qb->createNamedParameter($appId))
 			);