http/endpoint: handle URL-decode errors (#1276)

Previously, non-url-decodable paths would return 500.
getodk · Nov 10, 2024 · 5b75b8e · 5b75b8e
1 parent 3720bbe
commit 5b75b8e
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/lib/http/endpoint.js b/lib/http/endpoint.js
@@ -223,6 +223,12 @@ const defaultResultWriter = (result, request, response, next) => {
 // error thrown upstream that is of our own internal format, this handler does
 // the necessary work to translate that error into an HTTP error and send it out.
 const defaultErrorWriter = (error, request, response) => {
+  if (error instanceof URIError && error.statusCode === 400 && error.status === 400) {
+    // Although there's no way to check definitively, this looks like an
+    // internal error from express caused by decodeURIComponent failing.
+    return defaultErrorWriter(Problem.user.notFound(), request, response);
+  }
+
   if (error?.isProblem === true) {
     // we already have a publicly-consumable error object.
     response.status(error.httpCode).type('application/json').send({

diff --git a/test/integration/other/http.js b/test/integration/other/http.js
@@ -0,0 +1,13 @@
+const { testService } = require('../setup');
+
+describe('http', () => {
+  it('should return 404 for path URL decode errors', testService(async (service) => {
+    const { body } = await service.get('/v1/%')
+      .expect(404);
+
+    body.should.deepEqual({
+      code: 404.1,
+      message: 'Could not find the resource you were looking for.',
+    });
+  }));
+});