fix(api): handle invalid JSON gracefully#3
Merged
shenald-dev merged 1 commit intoMar 18, 2026
Conversation
Added middleware to catch `SyntaxError` instances thrown by `express.json()` when parsing malformed JSON payloads. This prevents the server from returning an HTML stack trace and instead responds with a standard `400 Bad Request` JSON payload. Added a test to verify this behavior and documented the finding in the `.jules/bolt.md` journal. Co-authored-by: shenald-dev <245350826+shenald-dev@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request improves the reliability and security of the API gateway by explicitly handling malformed JSON payloads.
Previously, if a client sent invalid JSON (e.g., missing a closing brace), the
express.json()middleware would throw aSyntaxErrorthat would fall through to the default Express error handler, resulting in an HTML response containing a stack trace. This violates the API contract (clients expect JSON) and can leak internal server details.This PR adds a custom error handling middleware immediately after
express.json()to intercept these specific errors and return a clean{"error": "Invalid JSON payload"}with a400 Bad Requeststatus. It also includes an automated test to ensure this behavior is maintained.PR created automatically by Jules for task 16461518800795681364 started by @shenald-dev