Add HTTP layer logic to handle bookmark operations (#1358)

This change adds the HTTP layer logic for the [putUserSavedSearchBookmark](https://github.com/GoogleChrome/webstatus.dev/blob/80e7bccea843ad8d02dd9a662c89143d650c06a8/openapi/backend/openapi.yaml#L656) and [removeUserSavedSearchBookmark](https://github.com/GoogleChrome/webstatus.dev/blob/80e7bccea843ad8d02dd9a662c89143d650c06a8/openapi/backend/openapi.yaml#L696) operations.

Other changes:
I started to get duplicate code lint errors for these two operations. So I:
- Increased the threshold by a little bit.
- Refactored some of the duplicate user checking into a common CheckAuthenticatedUser method
- Reduced some duplicate test boilerplate code
- Introduced a common basicHTTPTestCase struct that we can probably use for most cases.

Author: jcscottiii

.golangci.yaml

@@ -54,6 +54,9 @@ linters:
   settings:
     gomoddirectives:
       replace-local: true
+    dupl:
+      # The default is 150
+      threshold: 175
   exclusions:
     generated: lax
     presets:

backend/cmd/server/main.go

@@ -147,7 +147,7 @@ func main() {
 			//nolint: exhaustruct // No need to use every option of 3rd party struct.
 			cors.Options{
 				AllowedOrigins:   []string{allowedOrigin, "http://*"},
-				AllowedMethods:   []string{"GET", "OPTIONS", "PATCH", "DELETE"},
+				AllowedMethods:   []string{"GET", "OPTIONS", "PATCH", "DELETE", "PUT"},
 				AllowedHeaders:   []string{"Authorization"},
 				AllowCredentials: true, // Remove after UbP
 				MaxAge:           300,  // Maximum value not ignored by any of major browsers

backend/pkg/httpserver/middlewares.go

@@ -16,13 +16,51 @@ package httpserver
 
 import (
 	"context"
+	"log/slog"
 	"net/http"
 
+	"github.com/GoogleChrome/webstatus.dev/lib/auth"
 	"github.com/GoogleChrome/webstatus.dev/lib/gen/openapi/backend"
 	"github.com/GoogleChrome/webstatus.dev/lib/httpmiddlewares"
 	"github.com/oapi-codegen/runtime/strictmiddleware/nethttp"
 )
 
+// UserCheckResult represents either a successful user retrieval or an error response.
+type UserCheckResult[T any] struct {
+	User     *auth.User
+	Response T
+}
+
+// CheckAuthenticatedUser retrieves the authenticated user from the context.
+// If the user is not found, it returns an error response.
+func CheckAuthenticatedUser[T any](
+	ctx context.Context,
+	operation string,
+	newErrorResponse func(code int, message string) T) UserCheckResult[T] {
+	// At this point, the user should be authenticated and in the context.
+	// If for some reason the user is not in the context, it is a library or
+	// internal issue and not an user issue. Return 500 error in that case.
+	user, found := httpmiddlewares.AuthenticatedUserFromContext(ctx)
+	if !found {
+		slog.ErrorContext(ctx, "user not found in context. middleware failure", "operation", operation)
+
+		return UserCheckResult[T]{
+			User: nil,
+			Response: newErrorResponse(
+				http.StatusInternalServerError,
+				"internal server error",
+			),
+		}
+	}
+
+	var zeroT T
+
+	return UserCheckResult[T]{
+		User:     user,
+		Response: zeroT,
+	}
+}
+
 // applyPreRequestValidationMiddlewares applies a list of middleware functions to a given http.Handler.
 // The middlewares are applied in reverse order to ensure they execute in the order they are defined.
 func applyPreRequestValidationMiddlewares(mux *http.ServeMux,

backend/pkg/httpserver/middlewares_test.go

@@ -25,6 +25,12 @@ import (
 	"github.com/GoogleChrome/webstatus.dev/lib/httpmiddlewares"
 )
 
+func createTestID1User() *auth.User {
+	return &auth.User{
+		ID: "testID1",
+	}
+}
+
 // TODO: Move recoveryMiddleware into the lib directory to actually be used by the real server.
 func recoveryMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {

backend/pkg/httpserver/put_user_saved_search_bookmark.go

@@ -0,0 +1,66 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package httpserver
+
+import (
+	"context"
+	"errors"
+	"log/slog"
+	"net/http"
+
+	"github.com/GoogleChrome/webstatus.dev/lib/gcpspanner/spanneradapters/backendtypes"
+	"github.com/GoogleChrome/webstatus.dev/lib/gen/openapi/backend"
+)
+
+// PutUserSavedSearchBookmark implements backend.StrictServerInterface.
+// nolint: ireturn // Name generated from openapi
+func (s *Server) PutUserSavedSearchBookmark(
+	ctx context.Context, request backend.PutUserSavedSearchBookmarkRequestObject) (
+	backend.PutUserSavedSearchBookmarkResponseObject, error) {
+	userCheckResult := CheckAuthenticatedUser(ctx, "PutUserSavedSearchBookmark",
+		func(code int, message string) backend.PutUserSavedSearchBookmark500JSONResponse {
+			return backend.PutUserSavedSearchBookmark500JSONResponse{
+				Code:    code,
+				Message: message,
+			}
+		})
+	if userCheckResult.User == nil {
+		return userCheckResult.Response, nil
+	}
+
+	err := s.wptMetricsStorer.PutUserSavedSearchBookmark(ctx, userCheckResult.User.ID, request.SearchId)
+	if err != nil {
+		if errors.Is(err, backendtypes.ErrEntityDoesNotExist) {
+			return backend.PutUserSavedSearchBookmark404JSONResponse{
+				Code:    http.StatusNotFound,
+				Message: "saved search to bookmark not found",
+			}, nil
+		} else if errors.Is(err, backendtypes.ErrUserMaxBookmarks) {
+			return backend.PutUserSavedSearchBookmark403JSONResponse{
+				Code:    http.StatusForbidden,
+				Message: "user has reached the maximum number of allowed bookmarks",
+			}, nil
+		}
+		slog.ErrorContext(ctx, "unable to add bookmark", "error", err)
+
+		return backend.PutUserSavedSearchBookmark500JSONResponse{
+			Code:    http.StatusInternalServerError,
+			Message: "unable to add bookmark",
+		}, nil
+
+	}
+
+	return backend.PutUserSavedSearchBookmark200Response{}, nil
+}

backend/pkg/httpserver/put_user_saved_search_bookmark_test.go

@@ -0,0 +1,116 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// nolint: dupl // WONTFIX
+package httpserver
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/GoogleChrome/webstatus.dev/lib/gcpspanner/spanneradapters/backendtypes"
+)
+
+func TestPutUserSavedSearchBookmark(t *testing.T) {
+	authMiddlewareOption := withAuthMiddleware(mockAuthMiddleware(createTestID1User()))
+	testCases := []basicHTTPTestCase[MockPutUserSavedSearchBookmarkConfig]{
+		{
+			name: "success",
+			cfg: &MockPutUserSavedSearchBookmarkConfig{
+				expectedSavedSearchID: "saved-search-id",
+				expectedUserID:        "testID1",
+				err:                   nil,
+			},
+			request: httptest.NewRequest(
+				http.MethodPut,
+				"/v1/users/me/saved-searches/saved-search-id/bookmark_status",
+				nil,
+			),
+			expectedResponse: createEmptyBodyResponse(http.StatusOK),
+		},
+		{
+			name: "general error",
+			cfg: &MockPutUserSavedSearchBookmarkConfig{
+				expectedSavedSearchID: "saved-search-id",
+				expectedUserID:        "testID1",
+				err:                   errTest,
+			},
+			request: httptest.NewRequest(
+				http.MethodPut,
+				"/v1/users/me/saved-searches/saved-search-id/bookmark_status",
+				nil,
+			),
+			expectedResponse: testJSONResponse(500,
+				`{
+				"code":500,
+				"message":"unable to add bookmark"
+			}`,
+			),
+		},
+		{
+			name: "not found",
+			cfg: &MockPutUserSavedSearchBookmarkConfig{
+				expectedSavedSearchID: "saved-search-id",
+				expectedUserID:        "testID1",
+				err:                   backendtypes.ErrEntityDoesNotExist,
+			},
+			request: httptest.NewRequest(
+				http.MethodPut,
+				"/v1/users/me/saved-searches/saved-search-id/bookmark_status",
+				nil,
+			),
+			expectedResponse: testJSONResponse(404,
+				`{
+				"code":404,
+				"message":"saved search to bookmark not found"
+			}`,
+			),
+		},
+		{
+			name: "too many bookmarks",
+			cfg: &MockPutUserSavedSearchBookmarkConfig{
+				expectedSavedSearchID: "saved-search-id",
+				expectedUserID:        "testID1",
+				err:                   backendtypes.ErrUserMaxBookmarks,
+			},
+			request: httptest.NewRequest(
+				http.MethodPut,
+				"/v1/users/me/saved-searches/saved-search-id/bookmark_status",
+				nil,
+			),
+			expectedResponse: testJSONResponse(403,
+				`{
+				"code":403,
+				"message":"user has reached the maximum number of allowed bookmarks"
+			}`,
+			),
+		},
+	}
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			//nolint:exhaustruct // WONTFIX
+			mockStorer := &MockWPTMetricsStorer{
+				putUserSavedSearchBookmarkCfg: tc.cfg,
+				t:                             t,
+			}
+			myServer := Server{wptMetricsStorer: mockStorer, metadataStorer: nil,
+				operationResponseCaches: nil}
+			assertTestServerRequest(t, &myServer, tc.request, tc.expectedResponse,
+				[]testServerOption{authMiddlewareOption}...)
+			assertMocksExpectations(t, 1, mockStorer.callCountPutUserSavedSearchBookmark,
+				"PutUserSavedSearchBookmark", nil)
+		})
+	}
+}

backend/pkg/httpserver/remove_saved_search.go

@@ -22,28 +22,25 @@ import (
 
 	"github.com/GoogleChrome/webstatus.dev/lib/gcpspanner/spanneradapters/backendtypes"
 	"github.com/GoogleChrome/webstatus.dev/lib/gen/openapi/backend"
-	"github.com/GoogleChrome/webstatus.dev/lib/httpmiddlewares"
 )
 
 // RemoveSavedSearch implements backend.StrictServerInterface.
 // nolint: ireturn // Name generated from openapi
 func (s *Server) RemoveSavedSearch(
 	ctx context.Context, request backend.RemoveSavedSearchRequestObject) (
 	backend.RemoveSavedSearchResponseObject, error) {
-	// At this point, the user should be authenticated and in the context.
-	// If for some reason the user is not in the context, it is a library or
-	// internal issue and not an user issue. Return 500 error in that case.
-	user, found := httpmiddlewares.AuthenticatedUserFromContext(ctx)
-	if !found {
-		slog.ErrorContext(ctx, "user not found in context. middleware malfunction")
-
-		return backend.RemoveSavedSearch500JSONResponse{
-			Code:    http.StatusInternalServerError,
-			Message: "internal server error",
-		}, nil
+	userCheckResult := CheckAuthenticatedUser(ctx, "RemoveSavedSearch",
+		func(code int, message string) backend.RemoveSavedSearch500JSONResponse {
+			return backend.RemoveSavedSearch500JSONResponse{
+				Code:    code,
+				Message: message,
+			}
+		})
+	if userCheckResult.User == nil {
+		return userCheckResult.Response, nil
 	}
 
-	err := s.wptMetricsStorer.DeleteUserSavedSearch(ctx, user.ID, request.SearchId)
+	err := s.wptMetricsStorer.DeleteUserSavedSearch(ctx, userCheckResult.User.ID, request.SearchId)
 	if err != nil {
 		if errors.Is(err, backendtypes.ErrEntityDoesNotExist) {
 			return backend.RemoveSavedSearch404JSONResponse{