fix: Invalid UTF-8 Input Should not Cause HTTP 500 Errors

[Vad1mo]

This fixes the error by returning a 400 error instead of 500 on invalid user input.

Please indicate you've done the following:

• Well Written Title and Summary of the PR
• Label the PR as needed. "release-note/ignore-for-release, release-note/new-feature, release-note/update, release-note/enhancement, release-note/community, release-note/breaking-change, release-note/docs, release-note/infra, release-note/deprecation"
• Accepted the DCO. Commits without the DCO will delay acceptance.
• Made sure tests are passing and test coverage is added if needed.
• Considered the docs impact and opened a new docs issue or PR with docs changes if needed in website repository.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 65.85%. Comparing base (c8c11b4) to head (4724e48).
⚠️ Report is 604 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##             main   #22612       +/-   ##
===========================================
+ Coverage   45.36%   65.85%   +20.49%     
===========================================
  Files         244     1073      +829     
  Lines       13333   116112   +102779     
  Branches     2719     2931      +212     
===========================================
+ Hits         6049    76471    +70422     
- Misses       6983    35403    +28420     
- Partials      301     4238     +3937     

Flag	Coverage Δ
unittests	65.85% <100.00%> (+20.49%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
src/server/middleware/url/parse.go	100.00% <100.00%> (ø)

... and 986 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[stonezdj]

Because the middleware

harbor/src/server/middleware/url/parse.go

Line 27 in 26f6310

func Middleware(skippers ...middleware.Skipper) func(http.Handler) http.Handler {

did similar validation, could you please merge it into this middleware?

[Vad1mo]

Because the middleware

harbor/src/server/middleware/url/parse.go

Line 27 in 26f6310

func Middleware(skippers ...middleware.Skipper) func(http.Handler) http.Handler {

did similar validation, could you please merge it into this middleware?

Do I understand you correctly. You want us to merge both middleware implementations into parse.go?

[Copilot]

Pull request overview

This PR introduces a new validation middleware to prevent HTTP 500 errors caused by invalid UTF-8 input and null bytes in query parameters. The middleware intercepts requests at the middleware layer and returns HTTP 400 Bad Request errors before invalid data reaches the database (PostgreSQL), which would otherwise throw SQLSTATE 22021 errors.

Key changes:

• New validate middleware package that validates query string parameters for null bytes and invalid UTF-8 sequences
• Integration of the middleware into the global middleware chain, positioned after URL parsing middleware
• Comprehensive test coverage including edge cases for Unicode, emoji, and various invalid input patterns

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
src/server/middleware/validate/validate.go	Implements the validation middleware with null byte and UTF-8 validation logic
src/server/middleware/validate/validate_test.go	Comprehensive test suite covering valid/invalid inputs including null bytes, invalid UTF-8, Unicode, and emoji
src/core/middlewares/middlewares.go	Integrates the validate middleware into the global middleware chain after URL parsing

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[bupd]

/lgtm