fix(server): return 404 if the significant version is invalid (#2307)

Author: Vampire

jit-binding-server/build.gradle.kts

@@ -30,6 +30,7 @@ dependencies {
     implementation(projects.sharedInternal)
 
     testImplementation("io.ktor:ktor-server-test-host")
+    testImplementation("io.ktor:ktor-client-mock:3.4.3")
     testImplementation("io.mockk:mockk:1.14.9")
 }
 

jit-binding-server/src/main/kotlin/io/github/typesafegithub/workflows/jitbindingserver/RequestParsing.kt

@@ -13,7 +13,6 @@ import io.ktor.http.Parameters
 fun Parameters.parseRequest(extractVersion: Boolean): BindingsServerRequest? {
     val owner = this["owner"]!!
     val nameAndPathAndSignificantVersionParts = this["name"]!!.split("___", limit = 2)
-    val nameAndPath = nameAndPathAndSignificantVersionParts.first()
     val significantVersion =
         nameAndPathAndSignificantVersionParts
             .drop(1)
@@ -24,6 +23,7 @@ fun Parameters.parseRequest(extractVersion: Boolean): BindingsServerRequest? {
                     .entries
                     .find { "$it" == significantVersionString }
             } ?: FULL
+    val nameAndPath = if (significantVersion == FULL) this["name"]!! else nameAndPathAndSignificantVersionParts.first()
     val nameAndPathParts = nameAndPath.split("__")
     val name = nameAndPathParts.first()
     val path =

jit-binding-server/src/test/kotlin/io/github/typesafegithub/workflows/jitbindingserver/ArtifactRoutesTest.kt

@@ -4,9 +4,12 @@ import io.github.typesafegithub.workflows.actionbindinggenerator.domain.TypingAc
 import io.github.typesafegithub.workflows.mavenbinding.BindingsServerRequest
 import io.github.typesafegithub.workflows.mavenbinding.TextArtifact
 import io.github.typesafegithub.workflows.mavenbinding.VersionArtifacts
+import io.github.typesafegithub.workflows.mavenbinding.buildVersionArtifacts
 import io.kotest.core.spec.style.FunSpec
 import io.kotest.matchers.shouldBe
 import io.ktor.client.HttpClient
+import io.ktor.client.engine.mock.MockEngine
+import io.ktor.client.engine.mock.respond
 import io.ktor.client.request.get
 import io.ktor.client.statement.bodyAsText
 import io.ktor.http.HttpStatusCode
@@ -146,5 +149,47 @@ class ArtifactRoutesTest :
                     verify(exactly = 2) { mockBuildVersionArtifacts(any(), any()) }
                 }
             }
+
+            test("when version significance is invalid") {
+                testApplication {
+                    // Given
+                    application {
+                        appModule(
+                            buildVersionArtifacts = { bindingsServerRequest, _ ->
+                                buildVersionArtifacts(
+                                    bindingsServerRequest,
+                                    HttpClient(
+                                        MockEngine { request ->
+                                            when (request.url.toString()) {
+                                                "https://raw.githubusercontent.com" +
+                                                    "/some-owner/some-action-act/v4/_weird/action.yml",
+                                                "https://raw.githubusercontent.com" +
+                                                    "/some-owner/some-action-act/v4/_weird/action.yaml",
+                                                -> {
+                                                    respond("Not found", status = HttpStatusCode.NotFound)
+                                                }
+
+                                                else -> {
+                                                    error("An internal error occurred!")
+                                                }
+                                            }
+                                        },
+                                    ),
+                                )
+                            },
+                            // Irrelevant for these tests.
+                            buildPackageArtifacts = { _, _, _, _ -> emptyMap() },
+                            getGithubAuthToken = { "" },
+                        )
+                    }
+
+                    // When
+                    val response =
+                        client.get("some-owner/some-action-act___weird/v4/some-action-act___weird-v4.pom")
+
+                    // Then
+                    response.status shouldBe HttpStatusCode.NotFound
+                }
+            }
         }
     })

jit-binding-server/src/test/kotlin/io/github/typesafegithub/workflows/jitbindingserver/RequestParsingTest.kt

@@ -83,7 +83,7 @@ class RequestParsingTest :
                                     name = "act",
                                     version = "irrelevant",
                                     significantVersion = FULL,
-                                    path = null,
+                                    path = "_weird",
                                 ),
                         )
                 }