Clean up publish and edit handler and service logic

Thanks Camila for being a great Go consultant and advising on how to tidy this up!

(I'm still a lil grumpy about some parts, but it's in much better shape 😄)

- Consolidated publisher extension validation into a single function.
- Updated the `Publish` and `EditServer` methods to directly use `XPublisher` from the request.
- Removed outdated tests for publisher extension extraction and validation.
- Introduced new validation functions for server details and remote URL matching.
- Enhanced error handling for server name format and remote URL validation.
- Updated existing tests to reflect changes in validation logic and structure.

Author: domdomegg

internal/api/handlers/v0/edit.go

@@ -2,7 +2,6 @@ package v0
 
 import (
 	"context"
-	"encoding/json"
 	"errors"
 	"net/http"
 	"strings"
@@ -18,9 +17,9 @@ import (
 
 // EditServerInput represents the input for editing a server
 type EditServerInput struct {
-	Authorization string `header:"Authorization" doc:"Registry JWT token with edit permissions" required:"true"`
-	ID            string `path:"id" doc:"Server ID (UUID)" format:"uuid"`
-	RawBody       []byte `body:"raw"`
+	Authorization string               `header:"Authorization" doc:"Registry JWT token with edit permissions" required:"true"`
+	ID            string               `path:"id" doc:"Server ID (UUID)" format:"uuid"`
+	Body          model.PublishRequest `body:""`
 }
 
 // RegisterEditEndpoints registers the edit endpoint
@@ -53,11 +52,6 @@ func RegisterEditEndpoints(api huma.API, registry service.RegistryService, cfg *
 			return nil, huma.Error401Unauthorized("Invalid or expired Registry JWT token", err)
 		}
 
-		// Validate that only allowed extension fields are present
-		if err := model.ValidatePublishRequestExtensions(input.RawBody); err != nil {
-			return nil, huma.Error400BadRequest("Invalid request format", err)
-		}
-
 		// Get current server to check permissions against existing name
 		currentServer, err := registry.GetByID(input.ID)
 		if err != nil {
@@ -72,30 +66,23 @@ func RegisterEditEndpoints(api huma.API, registry service.RegistryService, cfg *
 			return nil, huma.Error403Forbidden("You do not have edit permissions for this server")
 		}
 
-		// Parse the validated request body
-		var editRequest model.PublishRequest
-		if err := json.Unmarshal(input.RawBody, &editRequest); err != nil {
-			return nil, huma.Error400BadRequest("Invalid JSON format", err)
-		}
-
-		// Validate the server detail
-		validator := validators.NewObjectValidator()
-		if err := validator.Validate(&editRequest.Server); err != nil {
+		// Perform all schema validation
+		if err := validators.ValidatePublishRequest(input.Body); err != nil {
 			return nil, huma.Error400BadRequest(err.Error())
 		}
 
 		// Prevent renaming servers
-		if currentServer.Server.Name != editRequest.Server.Name {
+		if currentServer.Server.Name != input.Body.Server.Name {
 			return nil, huma.Error400BadRequest("Cannot rename server")
 		}
 
 		// Prevent undeleting servers - once deleted, they stay deleted
-		if currentServer.Server.Status == model.ServerStatusDeleted && editRequest.Server.Status != model.ServerStatusDeleted {
+		if currentServer.Server.Status == model.ServerStatusDeleted && input.Body.Server.Status != model.ServerStatusDeleted {
 			return nil, huma.Error400BadRequest("Cannot change status of deleted server. Deleted servers cannot be undeleted.")
 		}
 
 		// Edit the server
-		updatedServer, err := registry.EditServer(input.ID, editRequest)
+		updatedServer, err := registry.EditServer(input.ID, input.Body)
 		if err != nil {
 			if errors.Is(err, database.ErrNotFound) {
 				return nil, huma.Error404NotFound("Server not found")

internal/api/handlers/v0/edit_test.go

@@ -94,7 +94,13 @@ func TestEditServerEndpoint(t *testing.T) {
 			name:           "invalid authorization header format",
 			serverID:       "550e8400-e29b-41d4-a716-446655440001",
 			authHeader:     "InvalidFormat token123",
-			requestBody:    model.PublishRequest{},
+			requestBody: model.PublishRequest{
+				Server: model.ServerDetail{
+					Name:        "io.github.domdomegg/test-server",
+					Description: "Test server",
+					VersionDetail: model.VersionDetail{Version: "1.0.0"},
+				},
+			},
 			setupMocks:     func(_ *MockRegistryService) {},
 			expectedStatus: http.StatusUnauthorized,
 			expectedError:  "Unauthorized",
@@ -103,7 +109,13 @@ func TestEditServerEndpoint(t *testing.T) {
 			name:           "invalid token",
 			serverID:       "550e8400-e29b-41d4-a716-446655440001",
 			authHeader:     "Bearer invalid-token",
-			requestBody:    model.PublishRequest{},
+			requestBody: model.PublishRequest{
+				Server: model.ServerDetail{
+					Name:        "io.github.domdomegg/test-server",
+					Description: "Test server",
+					VersionDetail: model.VersionDetail{Version: "1.0.0"},
+				},
+			},
 			setupMocks:     func(_ *MockRegistryService) {},
 			expectedStatus: http.StatusUnauthorized,
 			expectedError:  "Unauthorized",
@@ -239,7 +251,7 @@ func TestEditServerEndpoint(t *testing.T) {
 			expectedError:  "Bad Request",
 		},
 		{
-			name:     "invalid request body",
+			name:     "validation error - invalid server name",
 			serverID: "550e8400-e29b-41d4-a716-446655440001",
 			authHeader: func() string {
 				cfg := &config.Config{JWTPrivateKey: "bb2c6b424005acd5df47a9e2c87f446def86dd740c888ea3efb825b23f7ef47c"}
@@ -252,8 +264,23 @@ func TestEditServerEndpoint(t *testing.T) {
 				})
 				return "Bearer " + token
 			}(),
-			requestBody:    "invalid json",
-			setupMocks:     func(_ *MockRegistryService) {},
+			requestBody: model.PublishRequest{
+				Server: model.ServerDetail{
+					Name:        "invalid-name-format", // Missing namespace/name format
+					Description: "Test server",
+					VersionDetail: model.VersionDetail{Version: "1.0.0"},
+				},
+			},
+			setupMocks: func(registry *MockRegistryService) {
+				currentServer := &model.ServerResponse{
+					Server: model.ServerDetail{
+						Name:        "io.github.domdomegg/test-server",
+						Description: "Original server",
+						Status:      model.ServerStatusActive,
+					},
+				}
+				registry.On("GetByID", "550e8400-e29b-41d4-a716-446655440001").Return(currentServer, nil)
+			},
 			expectedStatus: http.StatusBadRequest,
 			expectedError:  "Bad Request",
 		},

internal/api/handlers/v0/publish.go

@@ -2,7 +2,6 @@ package v0
 
 import (
 	"context"
-	"encoding/json"
 	"net/http"
 	"strings"
 
@@ -16,8 +15,8 @@ import (
 
 // PublishServerInput represents the input for publishing a server
 type PublishServerInput struct {
-	Authorization string `header:"Authorization" doc:"Registry JWT token (obtained from /v0/auth/token/github)" required:"true"`
-	RawBody       []byte `body:"raw"`
+	Authorization string               `header:"Authorization" doc:"Registry JWT token (obtained from /v0/auth/token/github)" required:"true"`
+	Body          model.PublishRequest `body:""`
 }
 
 // RegisterPublishEndpoint registers the publish endpoint
@@ -50,33 +49,18 @@ func RegisterPublishEndpoint(api huma.API, registry service.RegistryService, cfg
 			return nil, huma.Error401Unauthorized("Invalid or expired Registry JWT token", err)
 		}
 
-		// Validate that only allowed extension fields are present
-		if err := model.ValidatePublishRequestExtensions(input.RawBody); err != nil {
-			return nil, huma.Error400BadRequest("Invalid request format", err)
-		}
-
-		// Parse the validated request body
-		var publishRequest model.PublishRequest
-		if err := json.Unmarshal(input.RawBody, &publishRequest); err != nil {
-			return nil, huma.Error400BadRequest("Invalid JSON format", err)
-		}
-
-		// Get server details from request body
-		serverDetail := publishRequest.Server
-
-		// Validate the server detail
-		validator := validators.NewObjectValidator()
-		if err := validator.Validate(&serverDetail); err != nil {
+		// Perform all schema validation
+		if err := validators.ValidatePublishRequest(input.Body); err != nil {
 			return nil, huma.Error400BadRequest(err.Error())
 		}
 
-		// Verify that the token's repository matches the server being published
-		if !jwtManager.HasPermission(serverDetail.Name, auth.PermissionActionPublish, claims.Permissions) {
+		// Verify that the token has permission to publish the server
+		if !jwtManager.HasPermission(input.Body.Server.Name, auth.PermissionActionPublish, claims.Permissions) {
 			return nil, huma.Error403Forbidden("You do not have permission to publish this server")
 		}
 
 		// Publish the server with extensions
-		publishedServer, err := registry.Publish(publishRequest)
+		publishedServer, err := registry.Publish(input.Body)
 		if err != nil {
 			return nil, huma.Error400BadRequest("Failed to publish server", err)
 		}

internal/api/handlers/v0/publish_integration_test.go

@@ -168,7 +168,9 @@ func TestPublishIntegration(t *testing.T) {
 	t.Run("publish fails with invalid token", func(t *testing.T) {
 		publishReq := model.PublishRequest{
 			Server: model.ServerDetail{
-				Name: "test-server",
+				Name:        "io.github.domdomegg/test-server",
+				Description: "Test server",
+				VersionDetail: model.VersionDetail{Version: "1.0.0"},
 			},
 		}
 

internal/api/handlers/v0/publish_test.go

@@ -149,8 +149,14 @@ func TestPublishEndpoint(t *testing.T) {
 			expectedError:  "required header parameter is missing",
 		},
 		{
-			name:           "invalid authorization header format",
-			requestBody:    model.PublishRequest{},
+			name: "invalid authorization header format",
+			requestBody: model.PublishRequest{
+				Server: model.ServerDetail{
+					Name:          "io.github.domdomegg/test-server",
+					Description:   "Test server",
+					VersionDetail: model.VersionDetail{Version: "1.0.0"},
+				},
+			},
 			authHeader:     "InvalidFormat",
 			setupMocks:     func(_ *MockRegistryService) {},
 			expectedStatus: http.StatusUnauthorized,

internal/database/import.go

@@ -15,7 +15,7 @@ import (
 
 // ReadSeedFile reads seed data from various sources:
 // 1. Local file paths (*.json files) - expects extension wrapper format
-// 2. Direct HTTP URLs to seed.json files - expects extension wrapper format  
+// 2. Direct HTTP URLs to seed.json files - expects extension wrapper format
 // 3. Registry root URLs (automatically appends /v0/servers and paginates)
 // Only the extension wrapper format is supported (array of ServerResponse objects)
 func ReadSeedFile(ctx context.Context, path string) ([]*model.ServerRecord, error) {
@@ -127,7 +127,7 @@ func fetchFromRegistryAPI(ctx context.Context, baseURL string) ([]*model.ServerR
 func convertServerResponseToRecord(response model.ServerResponse) *model.ServerRecord {
 	// Extract registry metadata from the extension
 	registryExt := response.XIOModelContextProtocolRegistry
-	
+
 	// Parse timestamps
 	publishedAt, _ := time.Parse(time.RFC3339, getStringFromInterface(registryExt, "published_at"))
 	updatedAt, _ := time.Parse(time.RFC3339, getStringFromInterface(registryExt, "updated_at"))
@@ -141,11 +141,9 @@ func convertServerResponseToRecord(response model.ServerResponse) *model.ServerR
 	}
 
 	// Publisher extensions
-	publisherExtensions := make(map[string]interface{})
-	if response.XPublisher != nil {
-		if publisherMap, ok := response.XPublisher.(map[string]interface{}); ok {
-			publisherExtensions = publisherMap
-		}
+	publisherExtensions := response.XPublisher
+	if publisherExtensions == nil {
+		publisherExtensions = make(map[string]interface{})
 	}
 
 	return &model.ServerRecord{
@@ -175,4 +173,4 @@ func getBoolFromInterface(data interface{}, key string) bool {
 		}
 	}
 	return false
-}
+}