Skip to content

fix: return structured JSON for malformed request bodies#4441

Open
dymchenkko wants to merge 1 commit into
cowprotocol:mainfrom
dymchenkko:fix/json-body-error-responses
Open

fix: return structured JSON for malformed request bodies#4441
dymchenkko wants to merge 1 commit into
cowprotocol:mainfrom
dymchenkko:fix/json-body-error-responses

Conversation

@dymchenkko
Copy link
Copy Markdown

@dymchenkko dymchenkko commented May 25, 2026

Description

JSON-body endpoints returned Axum's plain-text rejection when a request body
failed to deserialize (empty {}, missing field, invalid token address). Every
other error in this API is structured JSON, so clients that parse all responses
as JSON break. This makes that path consistent.

Reviewer notes: I added a generic Error schema (vs. per-endpoint enums) — open
to switching. Invalid syntax is 400, already documented per endpoint, so I
only documented the structured body on 422.

Changes

  • Add a Json<T> extractor (api/extract.rs) wrapping axum::Json that, on a
    JsonRejection, returns the API's error("InvalidJson", …) with the
    rejection's status (422/400). Identical to axum::Json on success.
  • Apply it to all JSON-body endpoints: post_quote, post_order,
    cancel_order, put_app_data, debug_simulation (cancel_orders /
    orders/by_uids parse raw bytes, unaffected).
  • OpenAPI: add a generic Error schema, referenced from the affected 422s.

How to test

cargo test -p orderbook --lib api::extract — covers {} → 422 JSON (#4439),
invalid field value → 422 JSON (#4440), invalid syntax → 400 JSON.

Manual: POST /api/v1/quote with body {} → now 422 + application/json
{"errorType":"InvalidJson",…} instead of text/plain.

Related Issues

Fixes #4439
Fixes #4440

@dymchenkko
fix: return structured JSON for malformed request bodies
e07acf1 
JSON-body endpoints returned axum's plain-text rejection when a request
body failed to deserialize. Add a Json extractor that renders these
errors in the API's { errorType, description } format and apply it to
all JSON-body endpoints.

Closes cowprotocol#4439
Closes cowprotocol#4440
@dymchenkko dymchenkko requested a review from a team as a code owner May 25, 2026 19:03
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 25, 2026
edited
Loading

All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.

gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 25, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a custom Json extractor in crates/orderbook/src/api/extract.rs that wraps Axum's native extractor. When request deserialization fails, it returns a structured JSON error response containing errorType and description instead of plain text. The API endpoints in cancel_order.rs, debug_simulation.rs, post_order.rs, post_quote.rs, and put_app_data.rs have been updated to use this new extractor. Additionally, the OpenAPI specification (openapi.yml) has been updated to document the Error schema for 422 responses. No critical issues were found, and there is no feedback to provide.

@dymchenkko
Copy link
Copy Markdown
Author

dymchenkko commented May 25, 2026

I have read the CLA Document and I hereby sign the CLA

github-actions Bot added a commit that referenced this pull request May 25, 2026
@github-actions
@dymchenkko has signed the CLA in #4441
a0ad7a5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

bug: POST /api/v1/quote returns plain text error for invalid token address bug: POST /api/v1/quote returns plain text error for empty JSON body

1 participant

@dymchenkko