grant/recap-relay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Return clean JSON for body-parser/unhandled errors

Browse Source 
Malformed JSON request bodies fell through to Express's default error
handler, which renders an HTML page including the local-filesystem stack
trace (info leak). Add a final error-handling middleware: JSON 400 for
entity.parse.failed, 413 for entity.too.large, generic 500 otherwise —
closing the stack-trace leak on every propagated error, not just JSON.
This commit is contained in:
Keysat
2026-06-13 18:22:00 -05:00
parent da1bba2e6b
commit 693d72431b
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/index.js
+16
View File
@@ -105,6 +105,22 @@ app.get("/", (_req, res) => {
res.redirect("/dashboard.html"); res.redirect("/dashboard.html");
}); });
// Error handler (must be last). Without it, body-parser parse failures
// and any other propagated error fall through to Express's default
// handler, which renders an HTML page including the local-filesystem
// stack trace — an info leak. Return clean JSON instead.
app.use((err, _req, res, next) => {
if (res.headersSent) return next(err); // mid-stream (SSE) — can't rewrite
if (err?.type === "entity.parse.failed") {
return res.status(400).json({ error: "invalid JSON body" });
}
if (err?.type === "entity.too.large") {
return res.status(413).json({ error: "request body too large" });
}
console.error("[relay] unhandled error:", err?.message || err);
return res.status(500).json({ error: "internal error" });
});
const HOSTNAME = process.env.HOSTNAME || "0.0.0.0"; const HOSTNAME = process.env.HOSTNAME || "0.0.0.0";
app.listen(PORT, HOSTNAME, () => { app.listen(PORT, HOSTNAME, () => {
console.log(`[relay] listening on http://${HOSTNAME}:${PORT}`); console.log(`[relay] listening on http://${HOSTNAME}:${PORT}`);