fix(api): 400 на битое тело apply, маскирование internal-ошибок, лимит тела
This commit is contained in:
@@ -2,6 +2,9 @@ package api
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"io"
|
||||
"log"
|
||||
"net/http"
|
||||
|
||||
"github.com/go-chi/chi/v5"
|
||||
@@ -28,7 +31,8 @@ func (a *API) handleCheck(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
cs, err := a.Svc.Check(r.Context(), did)
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusInternalServerError, err.Error())
|
||||
log.Printf("api: check failed: %v", err)
|
||||
writeErr(w, http.StatusInternalServerError, "internal error")
|
||||
return
|
||||
}
|
||||
writeJSON(w, http.StatusOK, toChangesetResponse(cs))
|
||||
@@ -42,14 +46,20 @@ func (a *API) handleApply(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
var req applyRequest
|
||||
if r.Body != nil {
|
||||
// пустое тело допустимо → значения по умолчанию (prune=false)
|
||||
_ = json.NewDecoder(r.Body).Decode(&req)
|
||||
r.Body = http.MaxBytesReader(w, r.Body, 1<<20) // 1 MiB
|
||||
// пустое тело допустимо → значения по умолчанию (prune=false);
|
||||
// любая другая ошибка decode (битый JSON, неверные типы) → 400
|
||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil && !errors.Is(err, io.EOF) {
|
||||
writeErr(w, http.StatusBadRequest, "invalid request body")
|
||||
return
|
||||
}
|
||||
}
|
||||
cs, err := a.Svc.Apply(r.Context(), did, service.ApplyRequest{
|
||||
ApplyUpdates: req.ApplyUpdates, ApplyPrunes: req.ApplyPrunes,
|
||||
})
|
||||
if err != nil {
|
||||
writeErr(w, http.StatusInternalServerError, err.Error())
|
||||
log.Printf("api: apply failed: %v", err)
|
||||
writeErr(w, http.StatusInternalServerError, "internal error")
|
||||
return
|
||||
}
|
||||
writeJSON(w, http.StatusOK, toChangesetResponse(cs))
|
||||
|
||||
Reference in New Issue
Block a user