graphql: Fix 500 errors on invalid JSON

graphql2/graphqlapp/app.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"net/http"
 	"strconv"
+	"strings"
 	"time"
 
 	"github.com/99designs/gqlgen/graphql"
@@ -132,6 +133,17 @@ func isGQLValidation(gqlErr *gqlerror.Error) bool {
 		return true
 	}
 
+	if strings.HasPrefix(gqlErr.Message, "json request body") {
+		var body string
+		gqlErr.Message, body, _ = strings.Cut(gqlErr.Message, " body:") // remove body
+		if !strings.HasPrefix(strings.TrimSpace(body), "{") {
+			// Make the error more readable for common JSON errors.
+			gqlErr.Message = "json request body could not be decoded: body must be an object, missing '{'"
+		}
+
+		return true
+	}
+
 	if gqlErr.Extensions == nil {
 		return false
 	}

test/smoke/graphqlerror_test.go

@@ -0,0 +1,37 @@
+package smoke
+
+import (
+	"encoding/json"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"github.com/target/goalert/test/smoke/harness"
+)
+
+func TestGraphQLError(t *testing.T) {
+	h := harness.NewHarness(t, "", "ids-to-uuids")
+	defer h.Close()
+
+	req, err := http.NewRequest("POST", h.URL()+"/api/graphql", strings.NewReader(`"test"`))
+	require.NoError(t, err)
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer "+h.GraphQLToken(harness.DefaultGraphQLAdminUserID))
+	resp, err := http.DefaultClient.Do(req)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	require.Equal(t, 400, resp.StatusCode, "expected 400 error")
+
+	var r struct {
+		Errors []struct {
+			Message string
+		}
+	}
+	err = json.NewDecoder(resp.Body).Decode(&r)
+	require.NoError(t, err)
+	require.Len(t, r.Errors, 1)
+
+	require.Equal(t, "json request body could not be decoded: body must be an object, missing '{'", r.Errors[0].Message)
+}

test/smoke/harness/graphql.go

@@ -88,24 +88,28 @@ func (h *Harness) GraphQLQueryT(t *testing.T, query string) *QLResponse {
 	return h.GraphQLQueryUserT(t, DefaultGraphQLAdminUserID, query)
 }
 
-// GraphQLQueryUserT will perform a GraphQL query against the backend, internally
-// handling authentication. Queries are performed with the provided UserID.
-func (h *Harness) GraphQLQueryUserT(t *testing.T, userID, query string) *QLResponse {
-	t.Helper()
-	retry := 1
-	var err error
-	var resp *http.Response
-	var tok string
-
+func (h *Harness) GraphQLToken(userID string) string {
 	h.mx.Lock()
-	tok = h.gqlSessions[userID]
+	tok := h.gqlSessions[userID]
 	if tok == "" {
 		if userID == DefaultGraphQLAdminUserID {
 			h.createGraphQLUser(userID)
 		}
 		tok = h.createGraphQLSession(userID)
 	}
 	h.mx.Unlock()
+	return tok
+}
+
+// GraphQLQueryUserT will perform a GraphQL query against the backend, internally
+// handling authentication. Queries are performed with the provided UserID.
+func (h *Harness) GraphQLQueryUserT(t *testing.T, userID, query string) *QLResponse {
+	t.Helper()
+	retry := 1
+	var err error
+	var resp *http.Response
+
+	tok := h.GraphQLToken(userID)
 
 	for {
 		query = strings.Replace(query, "\t", "", -1)