The validate() function in API/Backend/Config/validate.js only checks that msv, layers, and tools exist at the top level, then validates layer-specific fields (URLs, zooms, model params, etc.). It does not validate msv contents (mission name, view, radius), projection, look, time, panels, coordinates, or tools array contents. Invalid mission-level configuration can be saved via the API without any warning.
Investigation notes:
This is closely related to (and arguably a duplicate of) #329.
The root cause is in API/Backend/Config/routes/configs.js. The upsert() function has no early guard against being called with neither version nor config. When an empty config {} is passed without a version:
populateUUIDs({}) is called at line 561 — before validate() at line 586populateUUIDs crashes on the missing layers property- The generic
.catch() at line 692 returns "Failed to find mission." — a misleading error that has nothing to do with the actual problem
The docs (docs/pages/APIs/Configure/Configure_REST_API.md line 120-124) and OpenAPI spec (docs/mmgis-openapi.json line 248-251) both mark version and config as independently optional with no mention that at least one must provide valid data.
Suggested fixes:
- Add an early guard at the top of
upsert(): if !hasVersion && (req.body.config == null || Object.keys(req.body.config).length === 0), return a clear error
- Move
validate(configJSON) before populateUUIDs(configJSON) so invalid configs get a proper validation error instead of crashing
- Update the catch-all error at line 692 to include the actual error details, not just "Failed to find mission."
- Update docs to state: "At least one of
version or config is required. If both are provided, version takes precedence."
From #333, #329
The validate() function in API/Backend/Config/validate.js only checks that msv, layers, and tools exist at the top level, then validates layer-specific fields (URLs, zooms, model params, etc.). It does not validate msv contents (mission name, view, radius), projection, look, time, panels, coordinates, or tools array contents. Invalid mission-level configuration can be saved via the API without any warning.
Investigation notes:
This is closely related to (and arguably a duplicate of) #329.
The root cause is in
API/Backend/Config/routes/configs.js. Theupsert()function has no early guard against being called with neitherversionnorconfig. When an empty config{}is passed without a version:populateUUIDs({})is called at line 561 — beforevalidate()at line 586populateUUIDscrashes on the missinglayersproperty.catch()at line 692 returns"Failed to find mission."— a misleading error that has nothing to do with the actual problemThe docs (
docs/pages/APIs/Configure/Configure_REST_API.mdline 120-124) and OpenAPI spec (docs/mmgis-openapi.jsonline 248-251) both markversionandconfigas independently optional with no mention that at least one must provide valid data.Suggested fixes:
upsert(): if!hasVersion && (req.body.config == null || Object.keys(req.body.config).length === 0), return a clear errorvalidate(configJSON)beforepopulateUUIDs(configJSON)so invalid configs get a proper validation error instead of crashingversionorconfigis required. If both are provided,versiontakes precedence."From #333, #329