Fix double upload bug and improve test

[AndreasAlbertQC]

In our deployment we have been encountering a bug that happens when:

1. a package file is uploaded through the /upload/ route.
2. a package file with the same package version inside and the same file name, but different hashes is uploaded again.

We observe that in the second upload, we get a 409, which is good. However, we also find that the binary package file is still updated on the server, even though the http request was rejected. The repodata is not updated, as expected. This means that we get hash mismatch errors because the incorrectly updated binary does not agree with the correct hashes for the original file in the repodata.

I think the problem is here, where we call pkgstore.add_package_async before the try/except block that ultimately results in the 409.

During debugging I found that the other upload route is also affected.

Changes in this PR:

• Extended the existing duplicate upload test:
  • we now use files that have the same name. This is crucial to trigger the bug. In previous testing, files with different names were used.
  • we now also check the file that is actually present in the store. Previously, we just uploaded and checked the repodata, which leads us to miss the bug that manifests only in the stored files.
• Bug fix:
  • in /channels/{channel_name}/packages/{package_name}/files/, the upload is handled through a call to handle_package_files, which in turn uses _extract_and_upload_package. I added a force argument and a file existence check to _extract_and_upload_package, which is then transformed into an HTTP 409 in handle_package_files
  • In /channels/{channel_name}/upload/{filename}, the solution is more straightforward as the call to pkgstore.add_package_async happens right in the top-level function. I moved the call after the try/except block that checks for 409.

Expected test failure before fix here

[codecov-commenter]

Codecov Report

Patch coverage: 100.00% and project coverage change: +0.01% 🎉

Comparison is base (f20db64) 83.63% compared to head (e4a831e) 83.64%.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #663      +/-   ##
==========================================
+ Coverage   83.63%   83.64%   +0.01%     
==========================================
  Files          79       79              
  Lines        6226     6230       +4     
==========================================
+ Hits         5207     5211       +4     
  Misses       1019     1019              

Files Changed	Coverage Δ
quetz/main.py	89.89% <100.00%> (+0.05%)	⬆️

☔ View full report in Codecov by Sentry.

📢 Have feedback on the report? Share it here.