0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00

fix(core): add invalid body request error on oidc endpoints (#4095)

* fix(core): add invalid body request error on oidc endpoints

should throw invalid body request error for all oidc endpoints' input syntax error

* chore(core): add some comments
add some comments
This commit is contained in:
simeng-li 2023-06-29 14:06:14 +08:00 committed by GitHub
parent 0a9c6d35cb
commit b8001fd6c8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 1 deletions

View file

@ -45,6 +45,10 @@ export default class RequestError extends Error {
} }
get details(): Optional<string> { get details(): Optional<string> {
if (this.data instanceof SyntaxError) {
return conditional(this.data.message);
}
return conditional(this.data instanceof ZodError && formatZodError(this.data).join('\n')); return conditional(this.data instanceof ZodError && formatZodError(this.data).join('\n'));
} }
} }

View file

@ -19,6 +19,7 @@ import Provider, { errors, type ResourceServer } from 'oidc-provider';
import snakecaseKeys from 'snakecase-keys'; import snakecaseKeys from 'snakecase-keys';
import type { EnvSet } from '#src/env-set/index.js'; import type { EnvSet } from '#src/env-set/index.js';
import RequestError from '#src/errors/RequestError/index.js';
import { addOidcEventListeners } from '#src/event-listeners/index.js'; import { addOidcEventListeners } from '#src/event-listeners/index.js';
import koaAuditLog from '#src/middleware/koa-audit-log.js'; import koaAuditLog from '#src/middleware/koa-audit-log.js';
import koaBodyEtag from '#src/middleware/koa-body-etag.js'; import koaBodyEtag from '#src/middleware/koa-body-etag.js';
@ -309,7 +310,21 @@ export default function initOidc(
* *
* Other parsers are explicitly disabled to keep it neat. * Other parsers are explicitly disabled to keep it neat.
*/ */
oidc.use(koaBody({ urlencoded: false, text: false })); oidc.use(async (ctx, next) => {
// `koa-body` will throw `SyntaxError` if the request body is not a valid JSON
// By default any untracked server error will throw a `500` internal error. Instead of throwing 500 error
// we should throw a `400` RequestError for all the invalid request body input.
try {
await koaBody({ urlencoded: false, text: false })(ctx, next);
} catch (error: unknown) {
if (error instanceof SyntaxError) {
throw new RequestError({ code: 'guard.invalid_input', type: 'body' }, error);
}
throw error;
}
});
/** /**
* `oidc-provider` [strictly checks](https://github.com/panva/node-oidc-provider/blob/6a0bcbcd35ed3e6179e81f0ab97a45f5e4e58f48/lib/shared/selective_body.js#L11) * `oidc-provider` [strictly checks](https://github.com/panva/node-oidc-provider/blob/6a0bcbcd35ed3e6179e81f0ab97a45f5e4e58f48/lib/shared/selective_body.js#L11)
* the `content-type` header for further processing. * the `content-type` header for further processing.