Update commit on branch refresh and validate commit exists on save

Refresh button now always updates the commit to the latest SHA instead
of preserving the stale one in edit mode. Both create and update routes
verify the commit still exists on GitHub before persisting.

public/partials/anonymize.htm

@@ -102,6 +102,9 @@
                 <div class="invalid-feedback" ng-show="anonymize.commit.$error.pattern || anonymize.commit.$error.required">
                   The commit SHA is not valid.
                 </div>
+                <div class="invalid-feedback" ng-show="anonymize.commit.$error.exists">
+                  This commit no longer exists in the repository. Click refresh to get the latest.
+                </div>
               </div>
             </div>
 

public/script/app.js

@@ -1600,11 +1600,11 @@ angular
           }
           const selected = $scope.branches.filter((b) => b.name == $scope.source.branch);
           if (selected.length > 0) {
-            // Preserve the saved commit when editing with auto-update off:
+            // When the user explicitly clicks refresh (force=true), always
-            // refreshing branches must not silently bump the pinned SHA to
+            // update the commit to the latest on the branch. Only preserve
-            // GitHub HEAD. Same intent as the source.branch watcher (#360),
+            // the saved commit on the initial edit-page load (#360).
-            // extended to cover the branches refresh path.
             const keepSavedCommit =
+              !force &&
               $scope.isUpdate &&
               !$scope.options.update &&
               $scope._originalBranch === $scope.source.branch &&
@@ -1957,6 +1957,7 @@ angular
         setValidity("sourceUrl", "missing", true);
         setValidity("sourceUrl", "access", true);
         setValidity("sourceUrl", "github", true);
+        setValidity("commit", "exists", true);
         setValidity("conference", "activated", true);
         setValidity("terms", "format", true);
         $scope.termsRegexWarning = false;
@@ -1977,6 +1978,7 @@ angular
           case "invalid_terms_format": setValidity("terms", "format", false); break;
           case "repo_not_found": setValidity("sourceUrl", "missing", false); break;
           case "repo_not_accessible": setValidity("sourceUrl", "access", false); break;
+          case "commit_not_found": setValidity("commit", "exists", false); break;
           case "conf_not_activated": setValidity("conference", "activated", false); break;
         }
       }

src/server/routes/repository-private.ts

@@ -431,6 +431,11 @@ router.post(
           httpStatus: 404,
         });
       }
+
+      await repository.getCommitInfo(repoUpdate.source.commit, {
+        accessToken: user.accessToken,
+      });
+
       const removeRepoFromConference = async (conferenceID: string) => {
         const conf = await ConferenceModel.findOne({
           conferenceID,
@@ -542,6 +547,10 @@ router.post("/", async (req: express.Request, res: express.Response) => {
       });
     }
 
+    await repository.getCommitInfo(repoUpdate.source.commit, {
+      accessToken: user.accessToken,
+    });
+
     const repo = new AnonymizedRepositoryModel();
     repo.repoId = repoUpdate.repoId;
     repo.anonymizeDate = new Date();