From 987e42d6191911ba3cb6723620ba91decb706451 Mon Sep 17 00:00:00 2001
From: ospab <ospab@ospab.host>
Date: Wed, 27 May 2026 23:38:32 +0300
Subject: [PATCH] fix: make handle_subscribe future Send by scoping
 RwLockReadGuard

---
 ostp-server/src/api.rs | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/ostp-server/src/api.rs b/ostp-server/src/api.rs
index a7d565f..e73a517 100644
--- a/ostp-server/src/api.rs
+++ b/ostp-server/src/api.rs
@@ -757,20 +757,26 @@ async fn handle_reset_stats(
 ///
 /// GET /api/subscribe/{key}
 /// Response: JSON client config or ostp:// share link (via Accept header)
+
 async fn handle_subscribe(
     State(state): State<ApiState>,
     Path(key): Path<String>,
     headers: axum::http::HeaderMap,
-) -> impl IntoResponse {
-    // Validate that the key exists
-    let keys = state.access_keys.read().unwrap();
-    if !keys.contains_key(&key) {
+) -> axum::response::Response {
+    use axum::response::IntoResponse;
+
+    // Validate that the key exists in a tightly scoped block to drop the guard
+    let key_exists = {
+        let keys = state.access_keys.read().unwrap();
+        keys.contains_key(&key)
+    };
+
+    if !key_exists {
         return (StatusCode::NOT_FOUND, Json(serde_json::json!({
             "ok": false,
             "error": "invalid access key"
-        })));
+        }))).into_response();
     }
-    drop(keys);
 
     let accept = headers.get("accept")
         .and_then(|v| v.to_str().ok())
@@ -791,7 +797,7 @@ async fn handle_subscribe(
         return (StatusCode::OK, Json(serde_json::json!({
             "ok": true,
             "data": link
-        })));
+        }))).into_response();
     }
 
     // Default: return full client config JSON
@@ -822,7 +828,7 @@ async fn handle_subscribe(
     (StatusCode::OK, Json(serde_json::json!({
         "ok": true,
         "data": config
-    })))
+    }))).into_response()
 }
 
 // ── DNS API Handlers ──────────────────────────────────────────────────────────