From 16e4120b24a01d8a3bcfabab7ee6b463b1b42130 Mon Sep 17 00:00:00 2001
From: Michel Roux <xefir@crystalyx.net>
Date: Wed, 6 Nov 2024 22:20:30 +0100
Subject: [PATCH] fix: :bug: prevent taking over container from admin

---
 backend/pilotwings.py | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/backend/pilotwings.py b/backend/pilotwings.py
index fa912f5..e646c4f 100644
--- a/backend/pilotwings.py
+++ b/backend/pilotwings.py
@@ -72,6 +72,7 @@ def create_or_update_container(
     request_body: ContainerRequest,
     credentials: Annotated[HTTPBasicCredentials, Depends(security)],
 ) -> SerializedContainer:
+    owner = None
     networks = client.networks.list(names=["pilotwings"])
 
     if not networks:
@@ -80,25 +81,25 @@ def create_or_update_container(
     client.images.pull(request_body.image)
 
     try:
+        container = select_container(container_name, credentials)
+        owner = container.labels.get("owner")
         delete_container(container_name, credentials)
     except HTTPException:
         pass
 
-    container = serialize_container(
-        client.containers.run(
-            request_body.image,
-            detach=True,
-            environment=request_body.environment,
-            labels={"engine": "pilotwings", "owner": credentials.username},
-            name=container_name,
-            network="pilotwings",
-            restart_policy={"Name": "always"},
-        )
+    container = client.containers.run(
+        request_body.image,
+        detach=True,
+        environment=request_body.environment,
+        labels={"engine": "pilotwings", "owner": owner or credentials.username},
+        name=container_name,
+        network="pilotwings",
+        restart_policy={"Name": "always"},
     )
 
     client.images.prune({"dangling": True})
 
-    return container
+    return serialize_container(container)
 
 
 @app.post("/api/container/{container_name}/pull")