fix(preprod): Validate error_code range and handle non-dict JSON

Use parse_request_with_pydantic (which uses parse_obj_as) instead of
manual unpacking to properly handle non-dict JSON bodies. Add Field
constraint to error_code (0-3) matching the InstallableAppErrorCode
enum range. Also make the shared helper's error message generic.

Co-Authored-By: Claude <noreply@anthropic.com>

Author: runningcode

src/sentry/preprod/api/endpoints/project_preprod_distribution.py

@@ -1,11 +1,9 @@
 from __future__ import annotations
 
 import logging
+from typing import Any, cast
 
-import orjson
-import pydantic
-from pydantic import BaseModel
-from rest_framework import serializers
+from pydantic import BaseModel, Field
 from rest_framework.request import Request
 from rest_framework.response import Response
 
@@ -14,6 +12,7 @@
 from sentry.api.base import internal_region_silo_endpoint
 from sentry.models.project import Project
 from sentry.preprod.api.bases.preprod_artifact_endpoint import PreprodArtifactEndpoint
+from sentry.preprod.api.endpoints.project_preprod_size import parse_request_with_pydantic
 from sentry.preprod.authentication import (
     LaunchpadRpcPermission,
     LaunchpadRpcSignatureAuthentication,
@@ -24,7 +23,7 @@
 
 
 class PutDistribution(BaseModel):
-    error_code: int
+    error_code: int = Field(ge=0, le=3)
     error_message: str
 
 
@@ -44,15 +43,7 @@ def put(
         head_artifact_id: int,
         head_artifact: PreprodArtifact,
     ) -> Response:
-        try:
-            j = orjson.loads(request.body)
-        except orjson.JSONDecodeError:
-            raise serializers.ValidationError("Invalid json")
-        try:
-            put = PutDistribution(**j)
-        except pydantic.ValidationError:
-            logger.exception("Could not parse PutDistribution")
-            raise serializers.ValidationError("Could not parse PutDistribution")
+        put: PutDistribution = parse_request_with_pydantic(request, cast(Any, PutDistribution))
 
         head_artifact.installable_app_error_code = put.error_code
         head_artifact.installable_app_error_message = put.error_message

src/sentry/preprod/api/endpoints/project_preprod_size.py

@@ -39,8 +39,8 @@ def parse_request_with_pydantic(request: Request, model: type[T]) -> T:
         # can be used instead of parse_obj_as
         return parse_obj_as(model, j)
     except pydantic.ValidationError:
-        logger.exception("Could not parse PutSize")
-        raise serializers.ValidationError("Could not parse PutSize")
+        logger.exception("Could not parse %s", model.__name__)
+        raise serializers.ValidationError(f"Could not parse {model.__name__}")
 
 
 @internal_region_silo_endpoint

tests/sentry/preprod/api/endpoints/test_project_preprod_distribution.py

@@ -57,6 +57,16 @@ def test_set_error(self) -> None:
         )
         assert self.artifact.installable_app_error_message == "Unsupported artifact type"
 
+    @override_settings(LAUNCHPAD_RPC_SHARED_SECRET=[SHARED_SECRET_FOR_TESTS])
+    def test_invalid_error_code(self) -> None:
+        response = self._put(orjson.dumps({"error_code": 99, "error_message": "bad"}))
+        assert response.status_code == 400
+
+    @override_settings(LAUNCHPAD_RPC_SHARED_SECRET=[SHARED_SECRET_FOR_TESTS])
+    def test_non_dict_json_body(self) -> None:
+        response = self._put(orjson.dumps([1, 2, 3]))
+        assert response.status_code == 400
+
     @override_settings(LAUNCHPAD_RPC_SHARED_SECRET=[SHARED_SECRET_FOR_TESTS])
     def test_requires_launchpad_rpc_authentication(self) -> None:
         self.login_as(self.user)