From 36bf068814144032924129d7814dbe2ce9b7d0be Mon Sep 17 00:00:00 2001
From: Yaroslav Novykov <yaroslav.novykov@gmail.com>
Date: Tue, 26 May 2026 12:51:54 +0300
Subject: [PATCH] fix(api): apply private_key_uuid in update_server

The endpoint validated private_key_uuid but dropped it from the update,
so the request silently no-op'd. Resolve the UUID to a team-scoped
PrivateKey and include private_key_id in the update payload.
---
 app/Http/Controllers/Api/ServersController.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/Http/Controllers/Api/ServersController.php b/app/Http/Controllers/Api/ServersController.php
index 6c3b2da00..24c45e567 100644
--- a/app/Http/Controllers/Api/ServersController.php
+++ b/app/Http/Controllers/Api/ServersController.php
@@ -706,7 +706,15 @@ public function update_server(Request $request)
                 return response()->json(['message' => 'Invalid proxy type.'], 422);
             }
         }
-        $server->update($request->only(['name', 'description', 'ip', 'port', 'user']));
+        $updateFields = $request->only(['name', 'description', 'ip', 'port', 'user']);
+        if ($request->filled('private_key_uuid')) {
+            $privateKey = PrivateKey::whereTeamId($teamId)->whereUuid($request->private_key_uuid)->first();
+            if (! $privateKey) {
+                return response()->json(['message' => 'Private key not found.'], 404);
+            }
+            $updateFields['private_key_id'] = $privateKey->id;
+        }
+        $server->update($updateFields);
         if ($request->is_build_server) {
             $server->settings()->update([
                 'is_build_server' => $request->is_build_server,