From f3f8828ec03a9907ccceb261f26a596557540f30 Mon Sep 17 00:00:00 2001 From: Elijah R Date: Fri, 5 Apr 2024 20:16:52 -0400 Subject: [PATCH] add try-catch to JSON deserialization --- CollabVMAuthServer/Routes.cs | 145 ++++++++++++++++++++++++++++++++--- 1 file changed, 136 insertions(+), 9 deletions(-) diff --git a/CollabVMAuthServer/Routes.cs b/CollabVMAuthServer/Routes.cs index 62707f0..9660e12 100644 --- a/CollabVMAuthServer/Routes.cs +++ b/CollabVMAuthServer/Routes.cs @@ -38,7 +38,22 @@ public static class Routes error = "Invalid request body" }, Utilities.JsonSerializerOptions); } - var payload = await context.Request.ReadFromJsonAsync(); + + SendResetEmailPayload? payload; + try + { + payload = await context.Request.ReadFromJsonAsync(); + } + catch (JsonException ex) + { + Utilities.Log(LogLevel.DEBUG, $"Failed to parse JSON: {ex.Message}"); + context.Response.StatusCode = 400; + return Results.Json(new SendResetEmailResponse + { + success = false, + error = "Invalid request body" + }, Utilities.JsonSerializerOptions); + } if (payload == null || string.IsNullOrWhiteSpace(payload.email) || string.IsNullOrWhiteSpace(payload.username)) { context.Response.StatusCode = 400; @@ -111,7 +126,21 @@ public static class Routes error = "Invalid request body" }, Utilities.JsonSerializerOptions); } - var payload = await context.Request.ReadFromJsonAsync(); + ResetPasswordPayload? payload; + try + { + payload = await context.Request.ReadFromJsonAsync(); + } + catch (JsonException ex) + { + Utilities.Log(LogLevel.DEBUG, $"Failed to parse JSON: {ex.Message}"); + context.Response.StatusCode = 400; + return Results.Json(new ResetPasswordResponse + { + success = false, + error = "Invalid request body" + }, Utilities.JsonSerializerOptions); + } if (payload == null || string.IsNullOrWhiteSpace(payload.username) || string.IsNullOrWhiteSpace(payload.email) || string.IsNullOrWhiteSpace(payload.code) || string.IsNullOrWhiteSpace(payload.newPassword)) @@ -185,7 +214,21 @@ public static class Routes error = "Invalid request body" }, Utilities.JsonSerializerOptions); } - var payload = await context.Request.ReadFromJsonAsync(); + UpdatePayload? payload; + try + { + payload = await context.Request.ReadFromJsonAsync(); + } + catch (JsonException ex) + { + Utilities.Log(LogLevel.DEBUG, $"Failed to parse JSON: {ex.Message}"); + context.Response.StatusCode = 400; + return Results.Json(new UpdateResponse + { + success = false, + error = "Invalid request body" + }, Utilities.JsonSerializerOptions); + } if (payload == null || string.IsNullOrWhiteSpace(payload.token) || string.IsNullOrWhiteSpace(payload.currentPassword) || (string.IsNullOrWhiteSpace(payload.newPassword) && string.IsNullOrWhiteSpace(payload.username) && string.IsNullOrWhiteSpace(payload.email))) { @@ -333,7 +376,21 @@ public static class Routes error = "Invalid request body" }, Utilities.JsonSerializerOptions); } - var payload = await context.Request.ReadFromJsonAsync(); + LogoutPayload? payload; + try + { + payload = await context.Request.ReadFromJsonAsync(); + } + catch (JsonException ex) + { + Utilities.Log(LogLevel.DEBUG, $"Failed to parse JSON: {ex.Message}"); + context.Response.StatusCode = 400; + return Results.Json(new LogoutResponse + { + success = false, + error = "Invalid request body" + }, Utilities.JsonSerializerOptions); + } if (payload == null || string.IsNullOrWhiteSpace(payload.token)) { context.Response.StatusCode = 400; @@ -373,7 +430,21 @@ public static class Routes error = "Invalid request body" }, Utilities.JsonSerializerOptions); } - var payload = await context.Request.ReadFromJsonAsync(); + SessionPayload? payload; + try + { + payload = await context.Request.ReadFromJsonAsync(); + } + catch (JsonException ex) + { + Utilities.Log(LogLevel.DEBUG, $"Failed to parse JSON: {ex.Message}"); + context.Response.StatusCode = 400; + return Results.Json(new SessionResponse + { + success = false, + error = "Invalid request body" + }, Utilities.JsonSerializerOptions); + } if (payload == null || string.IsNullOrWhiteSpace(payload.token)) { context.Response.StatusCode = 400; @@ -425,7 +496,21 @@ public static class Routes error = "Invalid request body" }, Utilities.JsonSerializerOptions); } - var payload = await context.Request.ReadFromJsonAsync(); + JoinPayload? payload; + try + { + payload = await context.Request.ReadFromJsonAsync(); + } + catch (JsonException ex) + { + Utilities.Log(LogLevel.DEBUG, $"Failed to parse JSON: {ex.Message}"); + context.Response.StatusCode = 400; + return Results.Json(new JoinResponse + { + success = false, + error = "Invalid request body" + }, Utilities.JsonSerializerOptions); + } if (payload == null || string.IsNullOrWhiteSpace(payload.secretKey) || string.IsNullOrWhiteSpace(payload.sessionToken) || string.IsNullOrWhiteSpace(payload.ip)) { context.Response.StatusCode = 400; @@ -522,7 +607,21 @@ public static class Routes error = "Invalid request body" }, Utilities.JsonSerializerOptions); } - var payload = await context.Request.ReadFromJsonAsync(); + LoginPayload? payload; + try + { + payload = await context.Request.ReadFromJsonAsync(); + } + catch (JsonException ex) + { + Utilities.Log(LogLevel.DEBUG, $"Failed to parse JSON: {ex.Message}"); + context.Response.StatusCode = 400; + return Results.Json(new LoginResponse + { + success = false, + error = "Invalid request body" + }, Utilities.JsonSerializerOptions); + } if (payload == null || string.IsNullOrWhiteSpace(payload.username) || string.IsNullOrWhiteSpace(payload.password)) { context.Response.StatusCode = 400; @@ -627,7 +726,21 @@ public static class Routes }, Utilities.JsonSerializerOptions); } - var payload = await context.Request.ReadFromJsonAsync(); + VerifyPayload? payload; + try + { + payload = await context.Request.ReadFromJsonAsync(); + } + catch (JsonException ex) + { + Utilities.Log(LogLevel.DEBUG, $"Failed to parse JSON: {ex.Message}"); + context.Response.StatusCode = 400; + return Results.Json(new VerifyResponse + { + success = false, + error = "Invalid request body" + }, Utilities.JsonSerializerOptions); + } if (payload == null || string.IsNullOrWhiteSpace(payload.username) || string.IsNullOrWhiteSpace(payload.password) || string.IsNullOrWhiteSpace(payload.password)) { @@ -705,7 +818,21 @@ public static class Routes error = "Invalid request body" }, Utilities.JsonSerializerOptions); } - var payload = await context.Request.ReadFromJsonAsync(); + RegisterPayload? payload; + try + { + payload = await context.Request.ReadFromJsonAsync(); + } + catch (JsonException ex) + { + Utilities.Log(LogLevel.DEBUG, $"Failed to parse JSON: {ex.Message}"); + context.Response.StatusCode = 400; + return Results.Json(new RegisterResponse + { + success = false, + error = "Invalid request body" + }, Utilities.JsonSerializerOptions); + } if (payload == null || string.IsNullOrWhiteSpace(payload.username) || string.IsNullOrWhiteSpace(payload.password) || string.IsNullOrWhiteSpace(payload.email) || string.IsNullOrWhiteSpace(payload.dateOfBirth)) { context.Response.StatusCode = 400;