fix: return 400 for malformed path encoding

[IzaakGough]

Summary

When the request path contains invalid percent-encoding (for example an incomplete sequence like %C3), decodeURIComponent throws and that error can surface as 500. This change responds with 400 Bad Request instead, before the user function runs.

Context: firebase/firebase-functions#1646 — malformed paths have been reported as internal errors and noisy logs for HTTP / Cloud Functions workloads built on this framework.

Changes

• server.ts — Early middleware validates the path segment of req.url with decodeURIComponent in a try/catch. On failure, respond with 400 and a short body; do not invoke the user function.
• test/integration/http.ts — Integration test GET with non UTF-8 encoded chars (path /%C3): 400 and handler not called (callCount unchanged).

Testing

Automated

• Case GET with non UTF-8 encoded chars: status 400, empty body (same shape as other non-JSON cases),
  callCount === 0.
• npm test (after npm run compile if needed) passes.

Manual

1. Build locally

   npm run compile
   

2. Add small test file to the root e.g.

// sample-function.js
const functions = require('./build/src/index.js');

functions.http('hello', (req, res) => {
  res.send('ok');
});

3. Start the framework locally, for example:

functions-framework --target=hello --source=sample-function.js

4. Request a malformed path and confirm Bad Request (400), not 500, for example:

curl http://127.0.0.1:8080/%C3

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.