Conversation
Coverage Report
File Coverage
|
||||||||||||||||||||||||||||||||||||||
There was a problem hiding this comment.
Pull request overview
Adds explicit handling for invalid JSON request bodies in the Fastify global error handler, aiming to return a consistent 400 response instead of delegating to generic error handling.
Changes:
- Import
StatusCodesfor standardized HTTP status constants. - Add a
SyntaxErrorhandling branch insetErrorHandlerthat logs and returns a 400 JSON response for invalid JSON bodies.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| * JSON parse errors (invalid request body) | ||
| */ | ||
| if (error instanceof SyntaxError && error.message.includes('JSON')) { |
There was a problem hiding this comment.
The JSON-parse branch matches any SyntaxError whose message contains "JSON", which can inadvertently convert server-side JSON.parse bugs into 400 responses and make them harder to detect. Consider narrowing the condition to Fastify body-parser errors (e.g., check error.statusCode === 400 and/or a Fastify-specific error.code/body marker) so only invalid request bodies are handled here.
| * JSON parse errors (invalid request body) | |
| */ | |
| if (error instanceof SyntaxError && error.message.includes('JSON')) { | |
| * JSON parse errors from Fastify body parser (invalid request body) | |
| */ | |
| if ( | |
| (error as any)?.statusCode === StatusCodes.BAD_REQUEST && | |
| typeof (error as any)?.code === 'string' && | |
| (error as any).code.startsWith('FST_ERR_CTP_') | |
| ) { |
| error: 'Bad Request', | ||
| statusCode: StatusCodes.BAD_REQUEST, |
There was a problem hiding this comment.
This 400 response body includes error and statusCode, but other API error helpers in this codebase (e.g., reply.domainError, reply.unauthorized, etc.) return { message }, and ErrorResponse only defines code/message (src/presentation/http/types/HttpResponse.ts). To keep client error handling consistent, consider sending the same shape here (likely just { message }, or { code, message } if you want an app-level code).
| error: 'Bad Request', | |
| statusCode: StatusCodes.BAD_REQUEST, |
| /** | ||
| * JSON parse errors (invalid request body) | ||
| */ | ||
| if (error instanceof SyntaxError && error.message.includes('JSON')) { | ||
| this.log.warn({ reqId: request.id }, 'Invalid JSON in request body'); | ||
|
|
||
| return reply | ||
| .code(StatusCodes.BAD_REQUEST) | ||
| .type('application/json') | ||
| .send({ | ||
| message: 'Invalid JSON in request body', | ||
| error: 'Bad Request', | ||
| statusCode: StatusCodes.BAD_REQUEST, | ||
| }); |
There was a problem hiding this comment.
New behavior in the global error handler should be covered by tests. There is existing Vitest coverage for HTTP routes using global.api.fakeRequest (e.g., src/presentation/http/router/*.test.ts); please add a test that sends invalid JSON with content-type: application/json and asserts the API returns 400 with the expected error payload.
Adds explicit handling for JSON parsing errors in the global error handler. When a request contains invalid JSON, the server now returns a consistent 400 Bad Request response instead of falling through to generic error handling.