fix: return 400 for invalid binding routing key (#1734)

## Summary
- Catch `LavinMQ::Error::PreconditionFailed` centrally in
`ApiErrorHandler` and return `400 Bad Request`, instead of handling it
in individual controller actions
- Remove redundant begin/rescue blocks from bindings and queues
controllers
- Add is_error guard in the binding form handlers (queue, exchange,
stream pages) to prevent showing false success notifications when the
request fails

Fixes #1724

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Author: viktorerlingsson

spec/api/bindings_spec.cr

@@ -99,6 +99,21 @@ describe LavinMQ::HTTP::BindingsController do
         response.status_code.should eq 403
       end
     end
+
+    it "should return bad request for invalid routing key on consistent hash exchange" do
+      with_http_server do |http, s|
+        s.vhosts["/"].declare_exchange("ch1", "x-consistent-hash", false, false)
+        s.vhosts["/"].declare_queue("bindings_q1", false, false)
+        body = %({
+        "routing_key": "",
+        "arguments": {}
+      })
+        response = http.post("/api/bindings/%2f/e/ch1/q/bindings_q1", body: body)
+        response.status_code.should eq 400
+        body = JSON.parse(response.body)
+        body["reason"].as_s.should contain("number")
+      end
+    end
   end
 
   describe "GET /api/bindings/vhost/e/exchange/q/queue/props" do

src/lavinmq/http/controller/queues.cr

@@ -85,12 +85,8 @@ module LavinMQ
             elsif name.bytesize > UInt8::MAX
               bad_request(context, "Queue name too long, can't exceed 255 characters")
             else
-              begin
-                vhost.declare_queue(name, durable, auto_delete, tbl)
-                context.response.status_code = 201
-              rescue e : LavinMQ::Error::PreconditionFailed
-                bad_request(context, e.message)
-              end
+              vhost.declare_queue(name, durable, auto_delete, tbl)
+              context.response.status_code = 201
             end
           end
         end

src/lavinmq/http/handler/error_handler.cr

@@ -22,6 +22,10 @@ module LavinMQ
         Log.error { "method=#{context.request.method} path=#{context.request.path} status=403 error=#{ex.inspect_with_backtrace}" }
         context.response.status_code = 403
         {error: "access_refused", reason: "Access Refused"}.to_json(context.response)
+      rescue ex : LavinMQ::Error::PreconditionFailed
+        Log.error { "method=#{context.request.method} path=#{context.request.path} status=400 error=\"#{ex.message}\"" }
+        context.response.status_code = 400
+        {error: "bad_request", reason: ex.message.to_s}.to_json(context.response)
       rescue ex : Exception
         Log.error { "method=#{context.request.method} path=#{context.request.path} status=500 error=#{ex.inspect_with_backtrace}" }
         context.response.status_code = 500

static/js/exchange.js

@@ -103,7 +103,8 @@ document.querySelector('#addBinding').addEventListener('submit', function (evt)
     arguments: args
   }
   HTTP.request('POST', url, { body })
-    .then(() => {
+    .then(res => {
+      if (res && res.is_error) return
       bindingsTable.reload()
       evt.target.reset()
     })

static/js/queue.js

@@ -201,7 +201,8 @@ document.querySelector('#addBinding').addEventListener('submit', function (evt)
     arguments: args
   }
   HTTP.request('POST', url, { body })
-    .then(() => {
+    .then(res => {
+      if (res && res.is_error) return
       bindingsTable.reload()
       evt.target.reset()
       DOM.toast('Exchange ' + e + ' bound to queue')

static/js/stream.js

@@ -179,7 +179,8 @@ document.querySelector('#addBinding').addEventListener('submit', function (evt)
     arguments: args
   }
   HTTP.request('POST', url, { body })
-    .then(() => {
+    .then(res => {
+      if (res && res.is_error) return
       bindingsTable.reload()
       evt.target.reset()
       DOM.toast('Exchange ' + e + ' bound to queue')