From b6a0ebf9cf91862d707e5b7aa5bc3d26d356caf3 Mon Sep 17 00:00:00 2001
From: Seongmin Lee <git@boltless.me>
Date: Sat, 1 Nov 2025 01:12:18 +0900
Subject: [PATCH] appview/middleware: 404 page on invalid issue/PR id
Change-Id: pxkksnmwqzwoqttysznnnpllkwqukvxo

Close: #277
Signed-off-by: Seongmin Lee <git@boltless.me>
---
 appview/db/issues.go             | 17 +++++++++++++++++
 appview/middleware/middleware.go | 19 ++++++-------------
 2 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/appview/db/issues.go b/appview/db/issues.go
index 6cab07bc..c8cd7ffa 100644
--- a/appview/db/issues.go
+++ b/appview/db/issues.go
@@ -246,6 +246,23 @@ func GetIssuesPaginated(e Execer, page pagination.Page, filters ...filter) ([]mo
 	return issues, nil
 }
 
+func GetIssue(e Execer, repoAt syntax.ATURI, issueId int) (*models.Issue, error) {
+	issues, err := GetIssuesPaginated(
+		e,
+		pagination.Page{},
+		FilterEq("repo_at", repoAt),
+		FilterEq("issue_id", issueId),
+	)
+	if err != nil {
+		return nil, err
+	}
+	if len(issues) != 1 {
+		return nil, sql.ErrNoRows
+	}
+
+	return &issues[0], nil
+}
+
 func GetIssues(e Execer, filters ...filter) ([]models.Issue, error) {
 	return GetIssuesPaginated(e, pagination.Page{}, filters...)
 }
diff --git a/appview/middleware/middleware.go b/appview/middleware/middleware.go
index c1fb754e..c5dd7075 100644
--- a/appview/middleware/middleware.go
+++ b/appview/middleware/middleware.go
@@ -244,14 +244,15 @@ func (mw Middleware) ResolvePull() middlewareFunc {
 			prId := chi.URLParam(r, "pull")
 			prIdInt, err := strconv.Atoi(prId)
 			if err != nil {
-				http.Error(w, "bad pr id", http.StatusBadRequest)
 				log.Println("failed to parse pr id", err)
+				mw.pages.Error404(w)
 				return
 			}
 
 			pr, err := db.GetPull(mw.db, f.RepoAt(), prIdInt)
 			if err != nil {
 				log.Println("failed to get pull and comments", err)
+				mw.pages.Error404(w)
 				return
 			}
 
@@ -292,26 +293,18 @@ func (mw Middleware) ResolveIssue(next http.Handler) http.Handler {
 		issueId, err := strconv.Atoi(issueIdStr)
 		if err != nil {
 			log.Println("failed to fully resolve issue ID", err)
-			mw.pages.ErrorKnot404(w)
+			mw.pages.Error404(w)
 			return
 		}
 
-		issues, err := db.GetIssues(
-			mw.db,
-			db.FilterEq("repo_at", f.RepoAt()),
-			db.FilterEq("issue_id", issueId),
-		)
+		issue, err := db.GetIssue(mw.db, f.RepoAt(), issueId)
 		if err != nil {
 			log.Println("failed to get issues", "err", err)
+			mw.pages.Error404(w)
 			return
 		}
-		if len(issues) != 1 {
-			log.Println("got incorrect number of issues", "len(issuse)", len(issues))
-			return
-		}
-		issue := issues[0]
 
-		ctx := context.WithValue(r.Context(), "issue", &issue)
+		ctx := context.WithValue(r.Context(), "issue", issue)
 		next.ServeHTTP(w, r.WithContext(ctx))
 	})
 }
-- 
2.43.0