fix: validate github return url metadata

[psrsingh]

Summary

Adds defensive validation for GitHub and GitLab return URL generation in the sign flow.

Changes

• validate installation, repository, pull request, and merge request metadata
• validate GitHub repository metadata before PR lookup
• validate pull request HTML URL before returning redirect target
• improve error handling around callback URL generation
• prevent invalid or empty redirect URLs from propagating through callback flows

Why

The sign/auth redirect flow could continue with incomplete or malformed metadata, potentially resulting in invalid or empty redirect URLs and blank browser pages after authentication flows.

This patch improves robustness and error visibility around redirect URL generation.

Fixes #5052

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ba0569af-ea15-4190-9d74-35238fb8ba64

📥 Commits

Reviewing files that changed from the base of the PR and between 355223d and f16ffde.

📒 Files selected for processing (2)

• cla-backend-go/github/github_repository.go
• cla-backend-go/v2/sign/service.go

---

Walkthrough

This PR adds input validation and explicit error handling across two files to fail fast when required metadata fields are missing or invalid. The GetReturnURL function validates GitHub IDs and repository/pull request metadata, while signature callback URL resolution functions validate metadata fields for both GitLab and GitHub platforms.

Changes

Input Validation and Error Handling for Metadata Fields

Layer / File(s)	Summary
GetReturnURL input and metadata validation cla-backend-go/github/github_repository.go	Input IDs are validated for positive values at entry. Repository and pull request fetching now wraps known errors via CheckAndWrapForKnownErrors and validates required metadata (owner login, name, HTMLURL) is present and non-empty.
Signature callback URL metadata validation cla-backend-go/v2/sign/service.go	GitLab callback URL functions validate repository_id and organization_id fields; GitHub callback URL functions validate repository_id and pull_request_id; active signature return URL validates pull_request_id, installation_id, and repository_id. All return explicit errors when metadata is missing.

Sequence Diagrams

No sequence diagrams are generated for this PR because the changes are validation and error-handling improvements that do not introduce new multi-component interactions or control flow patterns requiring visualization.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix: validate github return url metadata' accurately summarizes the main change, focusing on adding validation for GitHub return URL metadata as described in the changeset.
Description check	✅ Passed	The description comprehensively explains the changes: validation of metadata fields, error handling improvements, and preventing invalid redirect URLs—all aligned with the actual code modifications in both files.
Linked Issues check	✅ Passed	The PR implements defensive validation for GitHub/GitLab return URL generation to address the blank page issue in #5052 where incomplete metadata caused invalid redirect URLs, directly fulfilling the acceptance criteria.
Out of Scope Changes check	✅ Passed	All changes are focused on validating metadata and improving error handling for return URL generation; no unrelated modifications or scope creep detected beyond the objectives.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

level=error msg="[linters_context] typechecking error: pattern ./...: directory prefix . does not contain main module or its selected dependencies"

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}