Show a better error when JSON data cannot be parsed in the request

DaneEveritt · DaneEveritt · commit fde8465f35fc · 2020-06-30T20:05:11.000-07:00
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -9,6 +9,7 @@
 use Pterodactyl\Http\Middleware\TrustProxies;
 use Illuminate\Session\Middleware\StartSession;
 use Pterodactyl\Http\Middleware\EncryptCookies;
+use Pterodactyl\Http\Middleware\Api\IsValidJson;
 use Pterodactyl\Http\Middleware\VerifyCsrfToken;
 use Pterodactyl\Http\Middleware\VerifyReCaptcha;
 use Pterodactyl\Http\Middleware\AdminAuthenticate;
@@ -69,6 +70,7 @@ class Kernel extends HttpKernel
         ],
         'api' => [
             'throttle:240,1',
+            IsValidJson::class,
             ApiSubstituteBindings::class,
             SetSessionDriver::class,
             'api..key:' . ApiKey::TYPE_APPLICATION,
@@ -80,6 +82,7 @@ class Kernel extends HttpKernel
             StartSession::class,
             SetSessionDriver::class,
             AuthenticateSession::class,
+            IsValidJson::class,
             SubstituteClientApiBindings::class,
             'api..key:' . ApiKey::TYPE_ACCOUNT,
             AuthenticateIPAccess::class,
diff --git a/app/Http/Middleware/Api/IsValidJson.php b/app/Http/Middleware/Api/IsValidJson.php
@@ -0,0 +1,38 @@
+<?php
+
+namespace Pterodactyl\Http\Middleware\Api;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
+
+class IsValidJson
+{
+    /**
+     * Throw an exception if the request should be valid JSON data but there is an error while
+     * parsing the data. This avoids confusing validation errors where every field is flagged and
+     * it is not immediately clear that there is an issue with the JSON being passed.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure $next
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        if ($request->isJson() && ! empty($request->getContent())) {
+            json_decode($request->getContent(), true);
+
+            if (json_last_error() !== JSON_ERROR_NONE) {
+                throw new BadRequestHttpException(
+                    sprintf(
+                        'The JSON data passed in the request appears to be malformed. err_code: %d err_message: "%s"',
+                        json_last_error(),
+                        json_last_error_msg()
+                    )
+                );
+            }
+        }
+
+        return $next($request);
+    }
+}
