From b5e77c8bf2ae04d2f8ed853cbe632ba00e3a75dd Mon Sep 17 00:00:00 2001
From: Weston Haught <whaught@google.com>
Date: Tue, 17 Nov 2020 13:18:28 -0800
Subject: [PATCH 1/2] trim

---
 pkg/controller/issueapi/issue.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkg/controller/issueapi/issue.go b/pkg/controller/issueapi/issue.go
index 55a246456..023d2c649 100644
--- a/pkg/controller/issueapi/issue.go
+++ b/pkg/controller/issueapi/issue.go
@@ -24,6 +24,7 @@ import (
 
 	"github.com/google/exposure-notifications-server/pkg/logging"
 	"github.com/google/exposure-notifications-server/pkg/timeutils"
+	"github.com/google/exposure-notifications-verification-server/internal/project"
 	"github.com/google/exposure-notifications-verification-server/pkg/api"
 	"github.com/google/exposure-notifications-verification-server/pkg/controller"
 	"github.com/google/exposure-notifications-verification-server/pkg/database"
@@ -229,7 +230,8 @@ func (c *Controller) HandleIssue() http.Handler {
 
 		// If there is a client-provided UUID, check if a code has already been issued.
 		// this prevents us from consuming quota on conflict.
-		if request.UUID != "" {
+		rUUID := project.TrimSpaceAndNonPrintable(request.UUID)
+		if rUUID != "" {
 			if code, err := realm.FindVerificationCodeByUUID(c.db, request.UUID); err != nil {
 				if !database.IsNotFound(err) {
 					controller.InternalError(w, r, c.h, err)
@@ -305,7 +307,7 @@ func (c *Controller) HandleIssue() http.Handler {
 			IssuingUser:    user,
 			IssuingApp:     authApp,
 			RealmID:        realm.ID,
-			UUID:           request.UUID,
+			UUID:           rUUID,
 		}
 
 		code, longCode, uuid, err := codeRequest.Issue(ctx, c.config.GetCollisionRetryCount())

From 12991bcdeed1f8c28545f8ff68102d3d217603bc Mon Sep 17 00:00:00 2001
From: Weston Haught <whaught@google.com>
Date: Tue, 17 Nov 2020 14:50:20 -0800
Subject: [PATCH 2/2] Sometimes we should just stop

---
 cmd/server/assets/codes/bulk-issue.html | 26 +++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/cmd/server/assets/codes/bulk-issue.html b/cmd/server/assets/codes/bulk-issue.html
index 0190bdc27..ff0336db3 100644
--- a/cmd/server/assets/codes/bulk-issue.html
+++ b/cmd/server/assets/codes/bulk-issue.html
@@ -115,6 +115,13 @@
 
   <script type="text/javascript">
     let total = 0;
+    // Common error codes which should cancel the whole upload.
+    let stopUploadingCodes = [
+      '429', // too many requests
+      '403', // forbidden
+      '404', // not-found
+      '503', // unavailable
+    ];
 
     $(function() {
       let $form = $('#form');
@@ -221,14 +228,21 @@
                 $tableBody.append(row);
               }
 
-              await uploadBatch(batch).catch(err => { });
-              $startAt.val(i + 1);
-              if (cancelUpload && total > 0) {
-                flash.warning("Successfully issued " + total + " codes."
-                  + (rows.length - i) + " remaining.");
+              await uploadBatch(batch).catch(err => {
+                if (err && stopUploadingCodes.includes(err.status)) {
+                  flash.alert("Code " + err.status + " detected. Canceling remaining upload.");
+                  cancelUpload = true;
+                }
+              });
+
+              if (cancelUpload) {
+                if (total > 0) {
+                  flash.warning("Successfully issued " + total + " codes."
+                    + (rows.length - i) + " remaining.");
+                }
                 break;
               }
-
+              $startAt.val(i + 1);
               let percent = Math.floor((i + 1) * 100 / rows.length) + "%";
               $progress.width(percent);
               $progress.html(percent);