api calls made with invalid json

[yildreams]

Hi,

I have created an app with node express using body-parser. App has some json apis,

but for securty control, If I make an api call with Content-Type "application/json" but with an invalid body like "*" or "111"

it returns an error that have my code files and their directions, with html and pre tags, I never handle it.

worse, when I use a limiter these calls don't get stuck on the limit, when I set the limit to 1 for testing it never blocks these calls.

did you know this issue and could you help for it?

thanks.

error is like this:

<title>Error</title>

SyntaxError: Unexpected token '*', "#" is not valid JSON
    at JSON.parse (<anonymous>)
    at createStrictSyntaxError (/usr/src/app/node_modules/body-parser/lib/types/json.js:160:10)
    at parse (/usr/src/app/node_modules/body-parser/lib/types/json.js:83:15)
    at /usr/src/app/node_modules/body-parser/lib/read.js:128:18
    at AsyncResource.runInAsyncScope (node:async_hooks:204:9)
    at invokeCallback (/usr/src/app/node_modules/raw-body/index.js:231:16)
    at done (/usr/src/app/node_modules/raw-body/index.js:220:7)
    at IncomingMessage.onEnd (/usr/src/app/node_modules/raw-body/index.js:280:7)
    at IncomingMessage.emit (node:events:512:28)
    at endReadableNT (node:internal/streams/readable:1359:12)

[dougwilson]

Hello! I'm sorry I don't fully understand what you are asking. If you are referring to the stack trace on the page, you can change that, as it is an express thing, nothing with this module. See https://expressjs.com/en/guide/error-handling.html#the-default-error-handler

If that is not what you are looking for, please let me know and I can reopen your issue 👍

[yildreams]

Hello Dougles,

Thanks for your answer, I try to apply that refer but it ddnt work, I think its about body parser .

let me explain again.

this is my index.js file

var morgan = require('morgan');
var express = require('express');
var bodyParser = require('body-parser');
var app = express();
const rateLimit = require('express-rate-limit');

var port = 3000;

  const apiLimiter = rateLimit({
    windowMs:60000, // 1 minutes
    max: 1, // Limit each IP to 100 requests per `window` (here, per 1 minutes)
    standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
    message:"Too many request in last 1 mimute! Rate limit is 100 requests per minute!",
    legacyHeaders: false, // Disable the `X-RateLimit-*` headers
  })
  
  app.use(bodyParser.json({limit: '50mb'}));
  app.use(bodyParser.urlencoded({limit: '50mb', extended: true}));
  

  app.use(morgan('common'));

  app.use('/', apiLimiter);
  app.get('/', (req, res) => {
    res.json({message: 'Hello world'})
  })

  app.post('/', (req, res) => {
    res.json({message: req.body})
  })
  //

  app.listen(port);
  console.log('Magic happens on port ' + port);

normally it works fine, but when I try with invalid json, like just *, throws an uncaught error. I would be very happy if you try and help.

thank you so much.

[yildreams]

by the way, when I comment out the body parser lines, it works fine.

[dougwilson]

Hi, where did you try what was in the link? I don't see you having an error handler anywere in the code you provided.

[yildreams]

Hi,

I tried a lot but in the last case I forgot to add the following code block:

app.use((err, req, res, next) => {
    res.status(500).send('Something broke!')
  })

after adding this code , I can now handle the error.

however, adding it above or below the limiter does not prevent it from being placed on the limits.

this situation may not be related to parser, it is already 2nd importance for me, but I have shared such a widow,
thank you for your attention.
regards,
Serdar