From abe237fdccafb69cf7a0d97b78cac12a08e01087 Mon Sep 17 00:00:00 2001
From: Matias Pan <matipan@hey.com>
Date: Thu, 7 Mar 2024 11:15:55 -0300
Subject: [PATCH] add explicit support to semver

Signed-off-by: Matias Pan <matipan@hey.com>
---
 go.mod  |  1 +
 go.sum  |  2 ++
 main.go | 29 +++++++++++++++++++++++++----
 3 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index 601670b..9e613c9 100644
--- a/go.mod
+++ b/go.mod
@@ -17,5 +17,6 @@ require (
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/sosodev/duration v1.2.0 // indirect
+	golang.org/x/mod v0.16.0 // indirect
 	golang.org/x/sys v0.18.0 // indirect
 )
diff --git a/go.sum b/go.sum
index c4d93a1..fbed3bb 100644
--- a/go.sum
+++ b/go.sum
@@ -33,6 +33,8 @@ github.com/vektah/gqlparser/v2 v2.5.11 h1:JJxLtXIoN7+3x6MBdtIP59TP1RANnY7pXOaDnA
 github.com/vektah/gqlparser/v2 v2.5.11/go.mod h1:1rCcfwB2ekJofmluGWXMSEnPMZgbxzwj6FaZ/4OT8Cc=
 golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ=
 golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
+golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic=
+golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
diff --git a/main.go b/main.go
index 613a500..35f6486 100644
--- a/main.go
+++ b/main.go
@@ -1,13 +1,17 @@
 package main
 
 import (
+	"context"
 	"encoding/json"
+	"fmt"
 	"net/http"
 	"os"
 	"strings"
 
 	"github.com/rs/zerolog"
+	"github.com/rs/zerolog/log"
 	"github.com/rs/zerolog/pkgerrors"
+	"golang.org/x/mod/semver"
 )
 
 var (
@@ -51,12 +55,13 @@ func main() {
 	}
 
 	if githubPat == "" {
-		l.Info().Msg("GITHUB_PATH is not set, private repositories will not be accessible")
+		l.Info().Msg("GITHUB_PAT is not set. This means that private repositories will not be accessible and there is a maximum of 60 requests per hour before being rate limited by Github")
 	}
 
 	mux := http.NewServeMux()
 
 	mux.HandleFunc("/api/v1/getparams.execute", func(w http.ResponseWriter, r *http.Request) {
+		ctx := l.WithContext(r.Context())
 		if r.Method != "POST" {
 			http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
 			return
@@ -76,8 +81,13 @@ func main() {
 			return
 		}
 
+		if !semver.IsValid(req.Input.Parameters.MinRelease) {
+			l.Error().Msgf("invalid semver: %s", req.Input.Parameters.MinRelease)
+			http.Error(w, "invalid semver. Check https://pkg.go.dev/golang.org/x/mod/semver for details on which are valid versions", http.StatusBadRequest)
+		}
+
 		l.Debug().Msgf("fetching releases for %s", req.Input.Parameters.Repository)
-		releases, err := getReleases(req.Input.Parameters.Repository)
+		releases, err := getReleases(ctx, req.Input.Parameters.Repository)
 		if err != nil {
 			l.Error().Err(err).Msg("failed to fetch releases")
 			http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -118,7 +128,7 @@ type Commit struct {
 func getFilteredReleases(releases []Release, minRelease string) []Release {
 	var filteredReleases []Release
 	for _, r := range releases {
-		if r.Name > minRelease {
+		if semver.Compare(r.Name, minRelease) > 0 {
 			filteredReleases = append(filteredReleases, r)
 		}
 	}
@@ -126,18 +136,29 @@ func getFilteredReleases(releases []Release, minRelease string) []Release {
 	return filteredReleases
 }
 
-func getReleases(repo string) ([]Release, error) {
+func getReleases(ctx context.Context, repo string) ([]Release, error) {
+	l := log.Ctx(ctx)
+
 	rr, err := http.NewRequest(http.MethodGet, "https://api.github.com/repos/"+repo+"/tags", nil)
 	if err != nil {
 		return nil, err
 	}
 
+	if githubPat != "" {
+		rr.Header.Set("Authorization", "Bearer "+githubPat)
+	}
+
 	res, err := http.DefaultClient.Do(rr)
 	if err != nil {
 		return nil, err
 	}
 	defer res.Body.Close()
 
+	if res.StatusCode != http.StatusOK {
+		l.Error().Int("github_status_code", res.StatusCode).Msg("failed to fetch releases")
+		return nil, fmt.Errorf("failed to fetch releases, github responded with: %d", res.StatusCode)
+	}
+
 	var releases []Release
 	if err := json.NewDecoder(res.Body).Decode(&releases); err != nil {
 		return nil, err