mirror of
https://github.com/logto-io/logto.git
synced 2024-12-16 20:26:19 -05:00
fix(core): add invalid body request error on oidc endpoints (#4095)
* fix(core): add invalid body request error on oidc endpoints should throw invalid body request error for all oidc endpoints' input syntax error * chore(core): add some comments add some comments
This commit is contained in:
parent
0a9c6d35cb
commit
b8001fd6c8
2 changed files with 20 additions and 1 deletions
|
@ -45,6 +45,10 @@ export default class RequestError extends Error {
|
||||||
}
|
}
|
||||||
|
|
||||||
get details(): Optional<string> {
|
get details(): Optional<string> {
|
||||||
|
if (this.data instanceof SyntaxError) {
|
||||||
|
return conditional(this.data.message);
|
||||||
|
}
|
||||||
|
|
||||||
return conditional(this.data instanceof ZodError && formatZodError(this.data).join('\n'));
|
return conditional(this.data instanceof ZodError && formatZodError(this.data).join('\n'));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,6 +19,7 @@ import Provider, { errors, type ResourceServer } from 'oidc-provider';
|
||||||
import snakecaseKeys from 'snakecase-keys';
|
import snakecaseKeys from 'snakecase-keys';
|
||||||
|
|
||||||
import type { EnvSet } from '#src/env-set/index.js';
|
import type { EnvSet } from '#src/env-set/index.js';
|
||||||
|
import RequestError from '#src/errors/RequestError/index.js';
|
||||||
import { addOidcEventListeners } from '#src/event-listeners/index.js';
|
import { addOidcEventListeners } from '#src/event-listeners/index.js';
|
||||||
import koaAuditLog from '#src/middleware/koa-audit-log.js';
|
import koaAuditLog from '#src/middleware/koa-audit-log.js';
|
||||||
import koaBodyEtag from '#src/middleware/koa-body-etag.js';
|
import koaBodyEtag from '#src/middleware/koa-body-etag.js';
|
||||||
|
@ -309,7 +310,21 @@ export default function initOidc(
|
||||||
*
|
*
|
||||||
* Other parsers are explicitly disabled to keep it neat.
|
* Other parsers are explicitly disabled to keep it neat.
|
||||||
*/
|
*/
|
||||||
oidc.use(koaBody({ urlencoded: false, text: false }));
|
oidc.use(async (ctx, next) => {
|
||||||
|
// `koa-body` will throw `SyntaxError` if the request body is not a valid JSON
|
||||||
|
// By default any untracked server error will throw a `500` internal error. Instead of throwing 500 error
|
||||||
|
// we should throw a `400` RequestError for all the invalid request body input.
|
||||||
|
|
||||||
|
try {
|
||||||
|
await koaBody({ urlencoded: false, text: false })(ctx, next);
|
||||||
|
} catch (error: unknown) {
|
||||||
|
if (error instanceof SyntaxError) {
|
||||||
|
throw new RequestError({ code: 'guard.invalid_input', type: 'body' }, error);
|
||||||
|
}
|
||||||
|
|
||||||
|
throw error;
|
||||||
|
}
|
||||||
|
});
|
||||||
/**
|
/**
|
||||||
* `oidc-provider` [strictly checks](https://github.com/panva/node-oidc-provider/blob/6a0bcbcd35ed3e6179e81f0ab97a45f5e4e58f48/lib/shared/selective_body.js#L11)
|
* `oidc-provider` [strictly checks](https://github.com/panva/node-oidc-provider/blob/6a0bcbcd35ed3e6179e81f0ab97a45f5e4e58f48/lib/shared/selective_body.js#L11)
|
||||||
* the `content-type` header for further processing.
|
* the `content-type` header for further processing.
|
||||||
|
|
Loading…
Reference in a new issue