608 check not accepting endpoints

[GeorgeGoodall-GovUk]

What type of PR is this? (check all applicable)

• Bug Fix

Description

after a url is submitted in check, During local validation when we get the HEAD object of the url. if the server that hosts the submitted URL doesn't allow head requests, or if the head request fails. don't attempt to perform validations on the head object

Related Tickets & Documents

• Closes Check not accepting endpoints #608

QA Instructions, Screenshots, Recordings

You can test with this known endpoint, where a head request returns status 405 (method not allowed). but the file itself is valid and should return some check results

Added/updated tests?

• Yes

Summary by CodeRabbit

• New Features

  • Enhanced error handling for URL validation, specifically for HEAD requests.

• Bug Fixes

  • Improved handling of scenarios where HEAD requests fail or are not allowed (HTTP status 405).

• Tests

  • Added new test cases for the URL validation method to cover failure scenarios.

[coderabbitai]

Walkthrough

The changes in this pull request involve modifications to the SubmitUrlController class in src/controllers/submitUrlController.js and the addition of new unit tests in test/unit/submitUrlController.test.js. A new constant for HTTP status 405 is introduced, and the localUrlValidation method is enhanced to improve error handling for HEAD requests, including logging warnings and returning null for specific failure scenarios. Corresponding unit tests are added to ensure these new behaviours are correctly validated.

Changes

Files	Change Summary
src/controllers/submitUrlController.js	Added constant HTTP_STATUS_METHOD_NOT_ALLOWED for HTTP 405; updated localUrlValidation method for improved error handling with HEAD requests.
test/unit/submitUrlController.test.js	Added new test cases for localUrlValidation to cover HEAD request failures and HTTP 405 responses.

Assessment against linked issues

Objective	Addressed	Explanation
Check not accepting endpoints (#[608])	✅

Suggested labels

bug

Poem

In the burrows deep, where the code does leap,
A controller now handles with care, not a peep.
HEAD requests may falter, yet warnings will show,
With tests that ensure our logic will flow.
Hop, skip, and jump, through the lines we weave,
A patch for the bugs, oh, how we believe! 🐰✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	63.04%	3729 / 5915
🔵	Statements	63.04%	3729 / 5915
🔵	Functions	64.65%	161 / 249
🔵	Branches	81.09%	446 / 550

File Coverage

File	Stmts	Branches	Functions	Lines	Uncovered Lines
Changed Files
src/controllers/submitUrlController.js	91.39%	78.57%	100%	91.39%	39-41, 121-124, 147-149, 163-165, 180-182

Generated in workflow #196 for commit 36a5787 by the Vitest Coverage Report Action

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (3)

src/controllers/submitUrlController.js (2)

68-74: Consider documenting the null return value.

The early return with null is a good pattern, but it would be helpful to document this behaviour in the method's JSDoc. This helps consumers of the API understand that null indicates a skipped validation rather than a validation failure.

  /**
   *
   * @param {string?} url
+  * @returns {Promise<string | null | undefined>} Returns validation error type, null if validation was skipped, or undefined if validation passed
   */
  static async localUrlValidation (url) {

---

68-82: Consider enhancing the URL validation strategy.

The current changes solve the immediate issue, but consider these architectural improvements for future iterations:

1. Implement a configurable list of endpoints or patterns where HEAD requests should be skipped
2. Consider implementing a fallback to GET request with range headers for endpoints that don't support HEAD
3. Add metrics to track how often HEAD requests fail to help inform future optimisations

This would make the solution more maintainable and adaptable to similar cases in the future.

test/unit/submitUrlController.test.js (1)

133-144: Consider adding test cases for WFS endpoints.

While the current test coverage is good, consider adding specific test cases for WFS endpoints mentioned in issue #608:

1. https://maps.buckinghamshire.gov.uk/server/services/Planning/TPOs/MapServer/WFSServer?SERVICE=WFS&REQUEST=GetCapabilities
2. https://kingston.statmap.co.uk/map/wfs.svc/WFS_RBK_article4?SERVICE=WFS&VERSION=1.1.0&REQUEST=GetFeature&TYPENAME=statmap:RBK_article4&SRSNAME=EPSG:27700&outputFormat=application/json

This would ensure the fix specifically addresses the reported use cases.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between e927f0d and aeb1143.

📒 Files selected for processing (2)

• src/controllers/submitUrlController.js (2 hunks)
• test/unit/submitUrlController.test.js (1 hunks)

🔇 Additional comments (4)

src/controllers/submitUrlController.js (2)

11-12: LGTM! Well-defined constant for HTTP status code.

The constant follows proper naming conventions and uses the correct value for the HTTP 405 Method Not Allowed status code.

---

75-82: Remove redundant inline comment and verify impact.

Two suggestions:

1. The inline comment on line 76 is redundant as the log message already explains the behaviour clearly.
2. We should verify that this change doesn't affect other valid endpoints that might return 405 for different reasons.

    if (headResponse?.status === HTTP_STATUS_METHOD_NOT_ALLOWED) {
-     // HEAD request not allowed, return null or a specific error message
      logger.warn('submitUrlController/localUrlValidation: failed to get the submitted urls head as it was not allowed (405) skipping post validators', {

test/unit/submitUrlController.test.js (2)

134-138: Well-structured test for HEAD request failure scenario.

The test case effectively validates the new behaviour where HEAD request failures should return null instead of rejecting the URL. This aligns perfectly with the PR objectives.

---

140-144: Excellent coverage of the 405 status code scenario.

The test case properly validates the handling of endpoints that don't support HEAD requests, which directly addresses the core issue described in #608.