More error cases

1 month ago · d72ca6c064
parent 10869752ab
commit d72ca6c064
4 changed files with 64 additions and 2 deletions
--- a/cmd/api/errors.go
+++ b/cmd/api/errors.go
@ -54,3 +54,7 @@ func (app *application) methodNotAllowedResponse(w http.ResponseWriter, r *http.
 	message := fmt.Sprintf("the %s mehtod is not supported for this resource", r.Method)
 	app.errorResponse(w, r, http.StatusMethodNotAllowed, message)
 }
+
+func (app *application) badRequestResponse(w http.ResponseWriter, r *http.Request, err error) {
+	app.errorResponse(w, r, http.StatusBadRequest, err.Error())
+}
--- a/cmd/api/handlers.go
+++ b/cmd/api/handlers.go
@ -28,7 +28,7 @@ func (app *application) createMovieHandler(w http.ResponseWriter, r *http.Reques
 	// must be a non-nil pointer. Otherwise will raise json.InvalidUnmarshalError
 	err := app.readJSON(w, r, &input)
 	if err != nil {
-		app.errorResponse(w, r, http.StatusBadRequest, err.Error())
+		app.badRequestResponse(w, r, err)
 		return
 	}

--- a/cmd/api/handlers_test.go
+++ b/cmd/api/handlers_test.go
@ -112,6 +112,25 @@ func TestCreateMovieError(t *testing.T) {
 			wantBody: "body must not be empty",
 			wantCode: http.StatusBadRequest,
 		},
+		{
+			name:     "Send unknown field",
+			input:    strings.NewReader(`{"title": "Moana", "year": 2019, "runtime": 120, "genres": ["family", "Samoan"], "rating": "PG"}`),
+			wantBody: "body contains unknown key",
+			wantCode: http.StatusBadRequest,
+		},
+		{
+			name:     "Send garbage after JSON",
+			input:    strings.NewReader(`{"title": "Moana"} :~()`),
+			wantBody: "body must only contain a single JSON value",
+			wantCode: http.StatusBadRequest,
+		},
+		{
+			name: "Send too large a JSON payload",
+			// 1.5 MB title
+			input:    strings.NewReader(fmt.Sprintf("{\"title\": \"%s\"}", strings.Repeat("a", int(1.5*1024*1024)))),
+			wantBody: "body must not be larger than 1048576 bytes",
+			wantCode: http.StatusBadRequest,
+		},
 	}

 	for _, test := range tests {
--- a/cmd/api/helpers.go
+++ b/cmd/api/helpers.go
@ -10,6 +10,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"strings"
 )

 type envelope map[string]any
@ -51,13 +52,22 @@ func (app *application) writeJSON(w http.ResponseWriter, status int, data envelo
 }

 func (app *application) readJSON(w http.ResponseWriter, r *http.Request, dst any) error {
+	// Use http.MaxBytesReader() to limit the size of the request body to 1,048,576
+	// bytes (1MB).
+	r.Body = http.MaxBytesReader(w, r.Body, 1_048_576)
+
+	decoder := json.NewDecoder(r.Body)
+	// Do not allow unknown fields
+	decoder.DisallowUnknownFields()
+
 	// Decode the request body into the target destination.
-	err := json.NewDecoder(r.Body).Decode(dst)
+	err := decoder.Decode(dst)
 	if err != nil {
 		// If there is an error during decoding, start the triage...
 		var syntaxError *json.SyntaxError
 		var unmarshalTypeError *json.UnmarshalTypeError
 		var invalidUnmarshalError *json.InvalidUnmarshalError
+		var maxBytesError *http.MaxBytesError

 		switch {
 		// Use the errors.As() function to check whether the error has the type
@ -89,9 +99,29 @@ func (app *application) readJSON(w http.ResponseWriter, r *http.Request, dst any
 		case errors.Is(err, io.EOF):
 			return errors.New("body must not be empty")

+		// If the JSON contains a field which cannot be mapped to the target destination
+		// then Decode() will now return an error message in the format "json: unknown
+		// field "<name>"". We check for this, extract the field name from the error,
+		// and interpolate it into our custom error message. Note that there's an open
+		// issue at https://github.com/golang/go/issues/29035 regarding turning this
+		// into a distinct error type in the future.
+		case strings.HasPrefix(err.Error(), "json: unknown field "):
+			fieldName := strings.TrimPrefix(err.Error(), "json: unknown field ")
+			return fmt.Errorf("body contains unknown key %s", fieldName)
+
+			// Use the errors.As() function to check whether the error has the type
+			// *http.MaxBytesError. If it does, then it means the request body exceeded our
+			// size limit of 1MB and we return a clear error message.
+		case errors.As(err, &maxBytesError):
+			return fmt.Errorf("body must not be larger than %d bytes", maxBytesError.Limit)
+
 		// A json.InvalidUnmarshalError error will be returned if we pass something
 		// that is not a non-nil pointer to Decode(). We catch this and panic,
 		// rather than returning an error to our handler.
+		// Panic is used here because the above are "expected errors", while and issue like
+		// the below invalidUnMarshalError really is an unexpected error. If this is raised
+		// it is most likely a developer mistake becayse the developer would be sending an
+		// unsupported value to `Decode()``.
 		case errors.As(err, &invalidUnmarshalError):
 			panic(err)

@ -101,5 +131,14 @@ func (app *application) readJSON(w http.ResponseWriter, r *http.Request, dst any
 		}
 	}

+	// Call Decode() again, using a pointer to an empty anonymous struct as the
+	// destination. If the request body only contained a single JSON value this will
+	// return an io.EOF error. So if we get anything else, we know that there is
+	// additional data in the request body and we return our own custom error message.
+	err = decoder.Decode(&struct{}{})
+	if !errors.Is(err, io.EOF) {
+		return errors.New("body must only contain a single JSON value")
+	}
+
 	return nil
 }