Merge pull request #2396 from digitallyinduced/improve-request-body-json-errors

Improve requestBodyJSON error messages for different failure modes

Author: mpscholten

CHANGELOG.md

@@ -17,6 +17,7 @@
 - Deprecated Makefile targets — use `nix build` instead ([#2170](https://github.com/digitallyinduced/ihp/pull/2170))
 - Replaced `ApplicationContext` with WAI request vault for AutoRefresh ([#2149](https://github.com/digitallyinduced/ihp/pull/2149))
 - Used `OsPath` instead of `FilePath` across all packages ([#2246](https://github.com/digitallyinduced/ihp/pull/2246))
+- `requestBodyJSON` now returns `IO Aeson.Value` instead of `Aeson.Value`; update call sites to bind it in `do`-notation ([#2396](https://github.com/digitallyinduced/ihp/pull/2396))
 
 ### New Features
 

ihp-datasync/IHP/DataSync/REST/Controller.hs

@@ -35,7 +35,7 @@ instance (
         columnTypeLookup <- makeCachedColumnTypeLookup hasqlPool
         columnTypes <- columnTypeLookup table
 
-        let payload = requestBodyJSON
+        payload <- requestBodyJSON
 
         case payload of
             Object hashMap -> do
@@ -100,12 +100,12 @@ instance (
         columnTypeLookup <- makeCachedColumnTypeLookup hasqlPool
         columnTypes <- columnTypeLookup table
 
-        let payload = requestBodyJSON
-                |> \case
-                    Object hashMap -> hashMap
-                    _ -> error "Expected JSON object"
+        payload <- requestBodyJSON
+        let hashMap = case payload of
+                Object hm -> hm
+                _ -> error "Expected JSON object"
 
-        let keyValues = payload
+        let keyValues = hashMap
                 |> Aeson.toList
                 |> map (\(key, val) ->
                     let col = fieldNameToColumnName (Aeson.toText key)

ihp/IHP/ControllerSupport.hs

@@ -35,7 +35,7 @@ import Data.IORef (IORef, modifyIORef', readIORef)
 import Data.ByteString (ByteString)
 import qualified Data.ByteString.Lazy as LBS
 import Data.Maybe (fromMaybe)
-import Control.Exception.Safe (SomeException, fromException, try, catch)
+import Control.Exception.Safe (SomeException, fromException, try, catch, throwIO)
 import Data.Typeable (Typeable)
 import IHP.HaskellSupport
 import Network.Wai
@@ -59,7 +59,9 @@ import qualified Data.TMap as TypeMap
 import IHP.RequestVault.ModelContext
 import IHP.ActionType (setActionType, actionTypeVaultKey, ActionType(..))
 import IHP.RequestVault.Helper (lookupRequestVault)
+import qualified IHP.Environment as Environment
 import qualified Data.Vault.Lazy as Vault
+import qualified Data.Text as Text
 import System.IO.Unsafe (unsafePerformIO)
 
 type Action' = IO ResponseReceived
@@ -268,11 +270,32 @@ getFiles =
         FormBody { files } -> files
         _ -> []
 
-requestBodyJSON :: (?request :: Request) => Aeson.Value
+requestBodyJSON :: (?request :: Request) => IO Aeson.Value
 requestBodyJSON =
     case ?request.parsedBody of
-        JSONBody { jsonPayload = Just value } -> value
-        _ -> error "Expected JSON body"
+        JSONBody { jsonPayload = Just value } -> pure value
+        JSONBody { jsonPayload = Nothing, rawPayload } -> do
+            let isDev = ?request.frameworkConfig.environment == Environment.Development
+            let errorMessage = "Expected JSON body, but could not decode the request body"
+                    <> (if LBS.null rawPayload
+                        then ". The request body is empty."
+                        else if isDev
+                            then ". The raw request body was: " <> truncatePayload rawPayload
+                            else ".")
+            throwResponseException $ responseLBS HTTP.status400 [(hContentType, "application/json")] $
+                Aeson.encode $ Aeson.object [("error", Aeson.String errorMessage)]
+            where
+                truncatePayload payload =
+                    let shown = show payload
+                        maxLen = 200
+                    in if length shown > maxLen
+                        then Text.pack (take maxLen shown) <> "... (truncated)"
+                        else Text.pack shown
+        FormBody {} ->
+            throwResponseException $ responseLBS HTTP.status400 [(hContentType, "application/json")] $
+                Aeson.encode $ Aeson.object [("error", Aeson.String "Expected JSON body, but the request has a form content type. Make sure to set 'Content-Type: application/json' in the request header.")]
+    where
+        throwResponseException response = throwIO (ResponseException response)
 
 -- | Returns a custom config parameter
 --

ihp/Test/Test/ControllerSupportSpec.hs

@@ -0,0 +1,118 @@
+{-|
+Module: Test.ControllerSupportSpec
+-}
+module Test.ControllerSupportSpec where
+
+import IHP.Prelude
+import Test.Hspec
+import IHP.ControllerSupport (requestBodyJSON)
+import IHP.Controller.Response (ResponseException(..))
+import IHP.Environment (Environment (..))
+import qualified IHP.FrameworkConfig as FrameworkConfig
+import qualified IHP.RequestVault as RequestVault
+import Wai.Request.Params.Middleware (RequestBody (..), requestBodyVaultKey)
+import qualified Data.Vault.Lazy as Vault
+import qualified Data.Aeson as Aeson
+import qualified Network.Wai as Wai
+import qualified Control.Exception as Exception
+import qualified Data.ByteString.Lazy as LBS
+import qualified Data.ByteString as BS
+import Network.HTTP.Types (status400)
+import System.IO.Unsafe (unsafePerformIO)
+import Data.ByteString.Builder (toLazyByteString)
+
+tests = do
+    describe "IHP.ControllerSupport" do
+        describe "requestBodyJSON" do
+            it "should return parsed JSON value for valid JSONBody" do
+                let jsonValue = Aeson.object [("name", Aeson.String "test")]
+                let requestBody = JSONBody { jsonPayload = Just jsonValue, rawPayload = "{\"name\":\"test\"}" }
+                request <- buildRequest requestBody Development
+                let ?request = request
+                result <- requestBodyJSON
+                result `shouldBe` jsonValue
+
+            it "should return 400 for FormBody" do
+                let requestBody = FormBody { params = [], files = [], rawPayload = "" }
+                request <- buildRequest requestBody Development
+                let ?request = request
+                result <- Exception.try requestBodyJSON
+                case result of
+                    Left (ResponseException response) -> do
+                        Wai.responseStatus response `shouldBe` status400
+                        let body = responseBody response
+                        body `shouldSatisfy` bodyContains "form content type"
+                    Right _ -> expectationFailure "Expected ResponseException"
+
+            it "should return 400 for JSONBody with empty body" do
+                let requestBody = JSONBody { jsonPayload = Nothing, rawPayload = "" }
+                request <- buildRequest requestBody Development
+                let ?request = request
+                result <- Exception.try requestBodyJSON
+                case result of
+                    Left (ResponseException response) -> do
+                        Wai.responseStatus response `shouldBe` status400
+                        let body = responseBody response
+                        body `shouldSatisfy` bodyContains "request body is empty"
+                    Right _ -> expectationFailure "Expected ResponseException"
+
+            it "should return 400 for JSONBody with invalid JSON" do
+                let requestBody = JSONBody { jsonPayload = Nothing, rawPayload = "not valid json" }
+                request <- buildRequest requestBody Development
+                let ?request = request
+                result <- Exception.try requestBodyJSON
+                case result of
+                    Left (ResponseException response) -> do
+                        Wai.responseStatus response `shouldBe` status400
+                        let body = responseBody response
+                        body `shouldSatisfy` bodyContains "not valid json"
+                    Right _ -> expectationFailure "Expected ResponseException"
+
+            it "should truncate long payloads in dev mode" do
+                let longPayload = LBS.pack (replicate 500 65) -- 500 bytes of 'A'
+                let requestBody = JSONBody { jsonPayload = Nothing, rawPayload = longPayload }
+                request <- buildRequest requestBody Development
+                let ?request = request
+                result <- Exception.try requestBodyJSON
+                case result of
+                    Left (ResponseException response) -> do
+                        let body = responseBody response
+                        body `shouldSatisfy` bodyContains "truncated"
+                        body `shouldSatisfy` bodyContains "raw request body was"
+                    Right _ -> expectationFailure "Expected ResponseException"
+
+            it "should omit raw payload in production mode" do
+                let requestBody = JSONBody { jsonPayload = Nothing, rawPayload = "not valid json" }
+                request <- buildRequest requestBody Production
+                let ?request = request
+                result <- Exception.try requestBodyJSON
+                case result of
+                    Left (ResponseException response) -> do
+                        Wai.responseStatus response `shouldBe` status400
+                        let body = responseBody response
+                        body `shouldSatisfy` (not . bodyContains "not valid json")
+                        body `shouldSatisfy` (not . bodyContains "raw request body was")
+                    Right _ -> expectationFailure "Expected ResponseException"
+
+bodyContains :: BS.ByteString -> LBS.ByteString -> Bool
+bodyContains needle haystack = BS.isInfixOf needle (LBS.toStrict haystack)
+
+buildRequest :: RequestBody -> Environment -> IO Wai.Request
+buildRequest requestBody environment = do
+    frameworkConfig <- FrameworkConfig.buildFrameworkConfig (FrameworkConfig.option environment)
+    pure Wai.defaultRequest
+        { Wai.vault = Vault.insert RequestVault.frameworkConfigVaultKey frameworkConfig
+                    $ Vault.insert requestBodyVaultKey requestBody Vault.empty
+        }
+
+-- | Extract the body from a WAI Response (works for responseLBS responses)
+responseBody :: Wai.Response -> LBS.ByteString
+responseBody response =
+    let (_, _, withBody) = Wai.responseToStream response
+    in unsafePerformIO $ withBody $ \streamingBody -> do
+        ref <- newIORef mempty
+        streamingBody
+            (\chunk -> modifyIORef ref (<> chunk))
+            (pure ())
+        builder <- readIORef ref
+        pure (toLazyByteString builder)

ihp/Test/Test/Main.hs

@@ -21,6 +21,7 @@ import qualified Test.FileStorage.ControllerFunctionsSpec
 import qualified Test.PGListenerSpec
 import qualified Test.MockingSpec
 import qualified Test.HasqlEncoderSpec
+import qualified Test.ControllerSupportSpec
 import qualified Test.AutoRefreshSpec
 
 main :: IO ()
@@ -43,4 +44,5 @@ main = hspec do
     Test.PGListenerSpec.tests
     Test.MockingSpec.tests
     Test.HasqlEncoderSpec.tests
+    Test.ControllerSupportSpec.tests
     Test.AutoRefreshSpec.tests

ihp/ihp.cabal

@@ -288,5 +288,6 @@ test-suite tests
         Test.Controller.CookieSpec
         Test.PGListenerSpec
         Test.MockingSpec
+        Test.ControllerSupportSpec
         Test.HasqlEncoderSpec
         Test.AutoRefreshSpec

wai-request-params/Test/Wai/Request/Params/MiddlewareSpec.hs

@@ -117,6 +117,21 @@ spec = do
                 response <- runSession (makeRequestWithBody "POST" [(hContentType, "application/jsonFOO")] body) app
                 cs (simpleBody response) `shouldBe` ("FormBody params=0 files=0" :: String)
 
+            it "returns JSONBody with Nothing payload for invalid JSON POST" $ do
+                let body = "not valid json{{"
+                response <- runSession (makeRequestWithBody "POST" [(hContentType, "application/json")] body) app
+                cs (simpleBody response) `shouldBe` ("JSONBody payload=Nothing" :: String)
+
+            it "returns FormBody for POST without Content-Type" $ do
+                let body = "{\"name\": \"test\"}"
+                response <- runSession (makeRequestWithBody "POST" [] body) app
+                cs (simpleBody response) `shouldBe` ("FormBody params=0 files=0" :: String)
+
+            it "returns JSONBody with Nothing payload for empty body with application/json" $ do
+                let body = ""
+                response <- runSession (makeRequestWithBody "POST" [(hContentType, "application/json")] body) app
+                cs (simpleBody response) `shouldBe` ("JSONBody payload=Nothing" :: String)
+
         describe "raw body preservation (getRequestBody)" $ do
             it "preserves raw body for form-encoded POST requests" $ do
                 let body = "name=test&value=123"